Forehead
First of all, I would like to thank the network security senior expert Luhuchuan and the information provided by the VC web version of the Limin friends and help ^ _ ^
I often see that the forum asks questions about the interception and analysis of the data package. Fortunately, I also know this slightly, so I want to write a series of articles to explore the knowledge about the data package, I hope to pass This series of articles can make knowledge about the packets to be popular, so every article in this series will have an explanation, detailed analysis, and coding steps, and additional source code with detailed comments. (In order to take care of most friends, I provide the source code of the MFC).
However, since it is also an initiator, he is still looking forward to it.
This article condenses the author's heart, if you want to reprint, please indicate the original author and the source, thank you! ^ _ ^
OK ,. Let's go! Have Fun! ! q ^ _ ^ P
The first hand is handed to teach you to play the ARP package
table of Contents:
One. Basic knowledge about ARP protocol
1. Working principle of ARP
2. Format of ARP package
two. Programming implementation of sending packets
Plip the packet
2. Send a packet
three. Some additional steps and instructions
1. If WinPCAP is used in VC
2. Get a list of network card information
3. Obtain a list of the ARP information:
9CBS VC / MFC Network Programming PiggyXP ^ _ ^
One. Basic knowledge about ARP protocol
1. ARP working principle
Originally, I don't want to repeat the basic common sense about ARP, but in order to maintain the integrity of the article, I will be some text, and senior readers can skip this section directly.
We all know that Ethernet equipment such as NIC has its own unique MAC address, which is the MAC address to transmit Ethernet data packets, but they can't identify IP addresses in our IP package, so we do in Ethernet. IP communication requires an agreement to establish an IP address to correspond to the MAC address, so that the IP packet can be sent to a certain place. This is the ARP (Address Resolution Protocol, address resolution protocol).
Tell this, we can enter in the command line window.
ARP -A
Look at the effect, similar to such entries
210.118.45.100 00-0B
-5f
-E6-C5-D7 Dynamic
It is the correspondence of the IP address and the MAC address stored in our computer. The Dynamic represents an entry that is temporarily stored in the ARP cache. After a while, it will be deleted (XP / 2003 system is 2 minutes).
In this way, as our computer is in communication with a machine, such as 210.118.45.1, it will first check the ARP cache, find if there is a corresponding ARP entry, if not, it will send ARP request to this Ethernet Bao Guangxown inquiry 210.118.45.1 corresponds to the corresponding MAC address, of course, each computer will receive this request package, but they find 210.118.45.1 Notself, will not make the corresponding, and 210.118.45.1 will give us The computer replies an ARP answer package, tells us that its MAC address is XX-XX-XX-XX-XX-XX, so our computer's ARP cache will refresh it accordingly, more this:
210.118.45.1 XX-XX-XX-XX-XX-XX Dynamic
Why do you have such an ARP cache? Imagine if there is no cache, we have to send a broadcast query address every IP package, isn't it a waste of bandwidth and waste?
And our network device is unable to identify the authenticity of the ARP package. If we send a packet according to the ARP format, as long as the information is effective computer will respond accordingly according to the content in the package. Imagine if we responded according to ARP The corresponding content of the package refreshes the list of its own ARP cache, hehe, isn't we can play some ARP package in the network without security prevention? In the following article, I will teach you how to fill the ARP package, but don't worry, we will continue to learn the basic knowledge ^ _ ^
2. ARP package format
Since we have to do our own ARP package, of course, we must first learn the format of the ARP package.
From the bottom of the network, an ARP package is divided into two parts. The front is a physical frame head, and one is an ARP frame. First, the physical frame head will exist in front of any protocol packet, we call DLC Header because this frame head is constructed in the data link layer, and its main content is the physical address of both parties, so that Hardware device identification.
DLC Header
Field
BYTE
Defaults
Note
Receiver Mac
6
In broadcast, for FF-FF-FF-FF-FF-FF
Sender Mac
6
EtherType
2
0x0806
0x0806 is the type value of the ARP frame
Figure 1 Physical frame head format
Figure 1 shows the format of the physical frame header we need to fill, we can see that we need to fill the physical address of the sender and the receiving end, is it simple?
Let's take a look at the format of the ARP frame.
ARP FRAME
Field
BYTE
Defaults
Note
Hardware type
2
0x1
Ethernet type value
Upper layer protocol type
2
0x0800
The upper protocol is an IP protocol
MAC address length
1
0x6
Ethernet MAC address length is 6
IP address length
1
0x4
IP address length is 4
Operate code
2
0x1 represents the ARP request package, 0x2 indicates a response package
Sender Mac
6
Sender IP
4
Receiver Mac
6
Receiver IP
4
Data input
18
Because the minimum length of the physical frame is 64 bytes, the front 42 bytes plus 4 CRC check bytes, 18 bytes
Figure 2 ARP frame format
We can see that we need to fill the same Mac, IP, plus one 1 or 2 opcode.
..................
============================================================================================================================================================================================================= =====================
Halo, I didn't think of it. I didn't expect such a word to 64K limit. I don't know if it is a color word and form relationship. I have no way. I have to set the article into four, five petals to send -_- b, Let's talk about it next time.
Please look forward to following:)
------- Finished AT 2004-05-29 19:41
------- Made in dLUT | DIP
The second hand teaches you to capture the packet
table of Contents:
One. Capture the principle of implementation of packets
two. Capture the programming implementation of the packet:
1. Realization method of Raw Socket
2. Winpcap implementation method a. Information for this network card
b. Open the corresponding network card and set to mixed mode
c. Intercept packets and save as file
Author:
9CBS VC / MFC Network Programming Master PiggyXP
One. Capture the implementation principle of packets: ----------------------------------------- -------------------------
Under normal circumstances, the socket program of network communication can only respond to the data frames that match the hardware address or in broadcast form, for other forms of data frames, such as the network interface, but is not sent to this address. Data frames, network interfaces will not be in response after verifying delivery addresses, that is, the application cannot charge a packet that is not related to yourself.
So we want to realize all the packets that flow through the network equipment, we have to take a little special means:
Set the NIC to a mixed mode.
In this way, the network card of the host can capture all packets and frames flowing through its network card.
However, pay attention to it, this interception is only a copy of the packet, and it cannot be truncated. If you want to cut off network traffic, you should use some more underlying methods, not within the discussion of this article.
two. Capture the programming implementation of the packet:
1.Raw Socket implementation method ----------------------------------------- -------------------------
Unlike our commonly used data flow sleeve and data sets, after creating the original socket, you need to use the wsaiocTl () function to set it, it is such a definition.
INT WSAIOCTL (
Socket S,
DWORD DWIOCONTROLCODE,
LPVOID LPVINBUFFER,
DWORD CBINBUFFER,
LPVOID LPVOUTBUFFER,
DWORD CBOUTBUFFER,
LPDWORD LPCBBYTESRETURNED,
LPWSAOVERLAPPED LPOVERLAPPED,
LPWSAOVERLAPPED_COMPLETION_ROUTINE LPCOMPLETIONROUTINE
);
Although it is more than the parameters, it is only the second item we care about. What we need to do is to set the second item as SiO_rcvall, say so much, but what is actually doing this, it is very simple. Is it? ^ _ ^
Of course, we can also specify whether it processes the IP header, but this is not necessary.
The complete code is similar to the following, the bold code is where the need to pay attention to usual:
(In order to make the code at a glance, I will remove the wrong handle, the same below)
#include "winsock2.h"
#define sio_rcvall_wsaiow (IOC_VENDOR, 1)
Socket SnifferSocket
Wsadata wsadata;
iflag = WSAStartup (Makeword (2, 2), & WSADATA); / / Open Winsock.dll
SnifferSocket = WSASOCKET (AF_INET, / / Creating Raw Socket
SOCK_RAW, IPPROTO_IP, NULL, 0, WSA_FLAG_OVERLAPPEDs;
Char far name [128]; // Get this machine IP address
GethostName (Name, Sizeof (Name));
Struct Hostent Far * Phostent;
phostent = gethostbyname (name); SockAddr_in sa; // Fill the content of the SockAddr_in structure
sa.sin_family = af_inet;
sa.sin_port = HTONS (6000); // port number can be changed, of course, the system cannot conflict with the system
Memcpy (& (sa.sin_addr), phostent-> h_addr, phostent-> h_length;
Bind (SnifferSocket, (LPSOCKADDR) & sa, sizeof (sa)); // Binding
// Set IOCTL to receive all network data, key steps
DWORD dwbufferlen [10];
DWORD dwbufferinlen = 1;
DWORD DWBYTESRETURNED = 0;
WSAIOCTL (SnifferSocket, IO_RCVALL, & DWBUFFERINLEN, IZEOF (dwbufferinlen),
& dwbufferlen, SizeOf (dwbufferlen), & DWBYTESRETURNED, NULL, NULL
At this point, it can actually start sniffing the network packet, and the reception of the packet is also completed by the RECV () function, because the different Socket model is involved, and the receiving method is very different. Therefore, the received code is not provided here.
2.WinPCap implementation method: ----------------------------------------- ----------------------------
WinPCAP driver package is a good Dongdong, and WinPCAP's main functionality is to send and receive raw datagrams independently of host protocols (such as TCP-IP), mainly to provide us with four functions:
Functions: 1> Capture the original datagram, including the data reported on the shared network, and exchanged data reports; 2> Before the data is reported to the application, according to the custom rules, certain special Datasters are filtered off; 3> Send raw datagram on the network; 4> Collect statistics during network communication
If the environment is allowed (such as what you do is not a Trojan program), I still recommend you to use WinPCAP to intercept the packet because it is more powerful, the work efficiency is higher, the unique shortcomings are before running WinPCAP development, To install the WinPCap's Driver on the host.
And we will find it better than the Raw Socket function, and work is more under, the most obvious reason is that the data package captured by Raw Socket is not too old, this is an afterward.
As for how to install use, please refer to this series of "hand-handed people to play in the ARP package", there is a detailed way to load WinPCAP driver ^ _ ^
Not much nonsense, let us transfer to the topic, using WinPcap to intercepting the packets to do some of the following work:
A. Enumerate the information of this machine network card (mainly the name of the NIC)
It is used to use the PCAP_FINDALDALDEVS function, it is defined
/ **************************************************
INT PCAP_FINDALDEVS (PCAP_IF_T ** AlldevSP,
Char * Errbuf
)
Features:
Enumerates all network devices of all network devices: alldevsp: It is a pointer to a PCAP_IF_T structure. If the function PCAP_FINDALDEVS function is successful, a list of available NIC will be stored, and it is the pointer of the first element.
Errbuf: String of the error message
Return Value: INT: If it returns 0, it is successful, and the error returns -1.
********************************************************* /
We use this function to get the full code of the NIC name as follows:
PCAP_IF_T * ALLDEVS;
PCAP_IF_T * D;
CHAR ERRBUF [PCAP_ERRBUF_SIZE];
PCAP_FINDALDEVS (& alldevs, errbuf); // Get network device pointers
For (d = alldevs; d; d = d-> next) // enumerate the network card then add to ComboBox
{
D-> name; // D-> Name is the network card name string we need, and save it to your corresponding variable according to you //
}
PCAP_FREEALLDEVS (AllDevs); // Release AllDev Resources
Please look forward to the following. . . . . ^ _ ^ Directory:
two. Programming implementation of sending packets
Plip the packet
2. Send a packet
three. Some additional steps and instructions
1. If WinPCAP is used in VC
2. Get a list of network card information
3. Get list of system ARP information
................
Wen ..............
1.
Packing packet
Let me give an example of filling the header, I first define a function of a conversion character, as follows
/ ************************************************** ***********************************
* Name & params ::
* FormatStMac
*
* Const LPSTR LPHWADDRSTR: MAC address string entered by the user
* Unsigned char * hwaddr: Return to the MAC address string (assigned to the data package structure)
*)
* Purpose:
* Transfer the user-entered MAC address characters to the format required for the data packet structure
*********************************************************** ********************************** /
Void FormatStMac (Const LPSTR LPHWADDRSTR, Unsigned Char * Hwaddr)
{
Unsigned Int I, Index = 0, Value, Temp
UNSIGNED CHAR C;
_Strlwr (lphwaddrstr); // Convert to lowercase
For (i = 0; i { C = * (LPHWADDRSTR I); IF ((c> = '0' && c <= '9') || (c> = 'a' && c <= 'f')) { IF (c> = '0' && c <= '9') TEMP = C - '0'; // Digital IF (c> = 'a' && c <= 'f') TEMP = C - 'A' 0xA; // Letter IF ((INDEX% 2) == 1) { Value = value * 0x10 TEMP; HWADDR [index / 2] = value; } Else value = TEMP; INDEX ; } IF (INDEX == 12) Break; } } // Start populate each field Arppacket ArppCket; / / Define Arppacket Structural Variables MEMSET (& arpppacket, 0, sizeof (arppcket)); // Packet initialization FormatStMac ("DLC Source Mac String", Arppckt.dlcHeader.srcmac); // DLC Frame Head FormatStMac ("DLC destination MAC string", arppcket.dlcHeader.desmac); FormatSTRTOMAC ("ARP Source Mac String", arppcket.arpframe.send_hw_addr); // Source Mac Arppacket.arpframe.send_prot_addr = inet_addr (srcip); // Source IP FormatStMac ("ARP destination MAC string", arppcket.arpframe.targ_hw_addr); // destination Mac Arppacket.arpframe.targ_prot_addr = inet_addr (desip); // destination IP Arppacket.arpframe.opcode = htons ((unsigned short) arptype; // ARP package type // Automatic filling constant Arppckt.dlcHeader.ethertype = HTONS ((unsigned short) 0x0806); // DLC Header Ethernet type Arppacket.arpframe.hw_type = htons ((unsigned short) 1); // hardware type Arppacket.arpframe.prot_type = htons ((unsigned short) 0x0800); // Upper layer protocol type Arppacket.arpframe.hw_addr_len = (unsigned char) 6; // MAC address length Arppacket.arpframe.prot_addr_len = (unsigned char) 4; // IP address length That's all! ^ _ ^ After filling, what we need to do is to send our Arppacket structure. 2. Send an ARP packet: We send an ARP package to use the WinPCap's API. The specific steps and functions are like this. For the sake of easy understanding, I will drop the wrong place to handle, see the code. / ************************************************** ******************** * Name & params :: * Sendarppacket () * Purpose: * Send an ARP packet * Remarks: * Used is WinPCAP API function *********************************************************** ******************** / Void Sendarppacket () { Char * adapterdevicename = getcuradaptername (); // First get the NIC name LPADAPTER = packetopenadapter (adapterDevicename); / / Open the network card according to the NIC name LPPACKET = packetallocatePacket (); // Assign memory for Packet struct pointer PacketinitPacket (LPPACKET, & ArppPacket, SizeOf (arpppacket)); // Initialize Packet Structures // The arppckt is our previously filled ARP package PacketsetNumWrites (LPADAPTER, 1); // only send one package each time PacketSendPacket (LPadapter, LPPACKET, TRUE) // Send !!!!! ^ _ ^ PacketFreePacket (LPPACKET); // Release Resources PacketCloseadapter (LPADAPTER); } Oh, here, about the most critical part of the ARP package is finished, you can come to send your own ARP package as you wish. Since it is a "popular articles", I will talk about additional steps and explanations related to the entire project. three. Additional steps and description 1. How to use WinPCAP driver in VC Although the WinPCAP development kit is very easy to use, the pre-preparation work is still costly, it is not possible. ^ _ ^ The first is to install its driver, you can download it to its homepage, update very fast http://winpcap.polito.it/install/default.htm Download WinPCAP Auto-Installer (DRIVER DLLS), just installed directly, or there is also the code package I have. I hope that friends developed in WinPCAP will also download developer's pack, decompression. Then, you need to set the additional container directory of our project to download the exclulux directory of the developer's pack development package, and the additional dependency library of the connector is set to the lib directory of the developer's Pack. Of course, because our work is relatively simple, it is borrowed by WinPCAP, so only In the include folder of the WinPCAP development package, copy packet32.h, to our project, and contain it In However, pay attention to the packet32.h itself also contains a deviocTl.h, but also copied together, of course, there is still a library packet.lib, a total of the need to copy 3 files, if you join the library, don't you say more? Inside the project Set, or add #pragma Comment (lib, "packet.lib") where it is needed. The entire project can actually be divided into four parts, populate packets, send packets, enumerate system network card lists, Related information and enumeration system ARP cache list, let me talk about how to get the system's network card and ARP column Table, these two parts are used to use the IP Helper's API, so IPHLPAPI.H> and library file iPhlpapi.lib, In fact, it is very simple, just use a few lines. 2. Enumerate the system network card and information It is best to define a structure of the network card information, so that the structure is relatively clear. // NIC information Typedef struct tagadapterinfo { Char szdevicename [128]; // Char szipaddrstr [16]; // ip Char Szhwaddrstr [18]; // Mac DWORD DWINDEX; // Number INFO_ADAPTER, * PINFO_ADAPTER; / ************************************************** ******************* * Name & params :: * AddApinfotolist * * ClistCtrl & List: CARPPLAYERDLG Incoming list handle *) * Purpose: * Get the network card information of the system and add it to the List control * Remarks: * Get the network card IP and MAC to use the Iphelper API GetAdaptersInfo *********************************************************** **************** / Void Addadapinfotolist (Clistctrl & List) { CHAR TEMPCHAR; Ulong ulistsize = 1; PIP_ADAPTER_INFO PADAPTER; / / Define PIP_ADAPTER_INFO Structure Storage Net Card Information INT NADADAPTERINDEX = 0; DWORD DWRET = GetAdaptersInfo (Pip_adapter_info) & Tempchar, & ULISTSIZE); / / Key Function IF (dwret == error_buffer_overflow) { PIP_ADAPTER_INFO PADAPTERLISTBUFFER = (pip_adapter_info) New (char [ulistsize]); DWRET = GetAdaptersInfo (PadapterListBuffer, & ULISTSIZE); IF (dwret == error_success) { Padapter = padapterlistbuffer; While (Padapter) // Enumerates the NIC and add related entries to list { // NIC name CString Strtemp = Padapter-> Adaptername; Strtemp = "// device // NPF_" strTemp; // plus prefix List.insertitem (NADAPTERINDEX, STRTEMP); STRCPY (AdapterList [NADAPTERINDEX] .szdeviceName, Strtemp); // ip STRCPY (AdapterList [NADAPTERINDEX] .szipaddrStr, Padapter-> ipaddresslist.ipaddress.string; List.setitemtext (NadapterIndex, 1, AdapterList [NADAPTERINDEX] .szipAddrstr); // mac FormatMactostr (AdapterList [NadapterIndex] .szhwaddrstr, Padapter-> Address; List.SetItemText (NadapterIndex, 2, Adapterlis [NadapterIndex] .szhwaddrstr); // NIC number AdapterList [NadapterIndex] .dwindex = Padapter-> Index; Padapter = padapter-> next; NADAPTERINDEX ; } Delete PadapterlistBuffer; } } } 2) Get list of ARP entries // ARP entry information Typedef struct tagarpinfo { Char szipaddrstr [16]; // ip Char Szhwaddrstr [18]; // Mac DWORD DWTYPE; // Type } Info_arp, * pinfo_arp; / ************************************************** ******************** * Name & params :: * Addarpinfotolist * * ClistCtrl & List: CARPPLAYERDLG Incoming list handle * Const Short NadapterIndex: User Select Net Card Number *) * Purpose: * Read in the system's ARP cache list, and add to the dialog * Remarks: * Used Iphelper API GetipnetTable * And use the Winsock's API, so you want to include *********************************************************** *************** / Void Addarpinfotolist (ClistCtrl & List, Const Short NadapterIndex) { CHAR TEMPCHAR; DWORD dwlistsize = 1; DWORD DWRET; IN_ADDR INADDR; List.deleteallItems (); dwret = getipnetTable (PMIB_IPNetTable) & Tempchar, & dwlistsize, true); // Key function IF (dwret == error_INSUFFICIENT_BUFFER) { PMIB_IPNETTABLE PIPNETTABLE = (PMIB_IPNetTable) New (char [dwlistsize]); DWRET = GetipnetTable (PipnetTable, & DWLISTSIZE, TRUE); IF (dwret == error_success) { For (int i = 0; i <(int) pipnettable-> dwnumentries; i ) { // ip INADDR.S_UN.S_ADDR = PipnetTable-> Table [i] .dwaddr; STRCPY (Arplist [i] .szipaddrStr, INET_NTOA (INADDR)); // mac FormatMactostr (Arplist [i] .szhwaddrstr, PipnetTable-> Table [i] .bphysaddr); // Type Arplist [i] .dwtype = pipnettable-> Table [i] .dwtype; IF (AdapterList [NadapterIndex] .dwindex! = PipnetTable-> Table [i] .dwindex) Continue; List.insertitem (i, arplist [i] .szipaddrstr); List.SetItemtext (i, 1, arplist [i] .szhwaddrstr); Switch (arplist [i] .dwtype) {// converted to a character display according to the value of Type Case 3: List.SetItemtext (i, 2, "dynamic"); Break; Case 4: List.SetItemtext (i, 2, "static"); Break; Case 1: List.SetItemtext (i, 2, "invalid"); DEFAULT: List.SetItemtext (i, 2, ""); } } } DELETE PIPNETTABLE; } } In this way, we basically tell it, and some things are not talking here. You can download my code to see it. Let's use the ARP to play some small tricks ^ _ ^. This catalog: four. ARP package game 1. Little trick 2. Realization of ARP spoofing 3. Survey principle based on ARP spoof four. ARP package game Since we can fill your packets, then "small game" deception is easy to be confusing. Of course, it is in a safe protection, such as only Hub or switches connect you, and there is no route segmentation ... ... ^ _ ^ Below I will tell some of the tricks about the ARP. Trick 1) You can try to send a request package broadcast, where the ARP frame is filled in this: (In order to save space, I only write the filler field that needs special points)) Sender Mac 6 Just fill a mistake Sender IP 4 Fill your IP What is the result? Is it a prompt to pop up an IP address conflict? Oh, the same reason, if the sender IP fills into someone else, then send once every 1 second ..........-_- b2), for example, you all rely on a gateway 192.168.0.1 Internet access, if you want 192.168.0.77 If you can't get the net, you can send a wrong ARP response package to 192.168.0.77, Like this Sender Mac 6 Just fill a mistake Sender IP 4 Gateway IP 192.168.0.1 The receiver fills the relevant information of 192.168.0.77, after sending it, is it online? This will toss him for a while, as long as its system does not get the correct way to the gateway ARP mapping table, it will not pass the net ^ _ ^ Oh, similar tricks, there are still many, but just stay in this thing is nothing to do, or look at it a little bit deep, ^ _ ^ 2. ARP spoof Because in Ethernet, network devices are computers identified by MAC information. For example, the computer knows that the MAC address is 22-22-22-22-22 is B, and if I send ARP response Pack, telling it that my Mac is 22-22-22-22-22-22, and a will also think that my computer is B, so well, we imagine such an environment. A of the firewall is only trust in IP of 192.168.0.2 mac 22-22-22-22-22-22, and A opens 21-port to provide FTP service, normal under normal circumstances, because of the firewall, our computer is No one is not a, So we think of the way to get b down, or when it shuts down, we change our IP to b 192.168.0.2, then send a ARP response package to tell A to update the ARP cache list, 192.168.0.2 IP is mapped to our MAC address, so the miracle appears, we can connect to a FTP, the firewall is invalid ^ _ ^ However, this approach can only take effect in the same network segment. If we are not in a network segment, then it is more complicated, but also to control the routing of the packet with ICMP, this I am ready to explain later. If the ICMP package is explained in detail, no longer say more. 3. Survey principle based on ARP spoof There are many technologies that are listening, but the Sniffer tools we use can only work in Hub-based networks. Even if they are switched, they are not powerful. At this time, our ARP spoofing technology will be used. It is also assumed that there are three hosts A, B, and our hosts are located in the same switched local area network. A and B are communicating, if we want to spy the contents of A-> B communication, then we can send a forged ARP response package, telling A, B IP corresponding to the Mac entry for our MAC address, As a result, A will also refresh your own ARP cache, will send B's data, and the source is constantly sent to our host, so I can analyze the packets received, and reach the monitor. the goal of. Of course, because dynamic ARP cache is dynamic, there is timeout, so we must send A to A every other time to send an ARP response package. Although we have achieved this, the communication of A to B is stopped. In order not to let B discovery, we will forward the packets received every time, all forwarded to B, so that the sky is seamless ^ _ _ ^ Similarly, if we also want to listen to B à a packet, send a ARP response package to b, telling B, the IP corresponding to A. The Mac is our host MAC, so the packets of B to A are constantly moving. It's time to send it to our host. Of course, we also want to forward these packets, as shown in the figure: a <------> Our host <------> B If everything is incorrect, the communication content of A and B is so unconsciously we listen to us. ^ _ ^ Due to the specific code, I don't put it here because I don't put it here. If I need me, I will have a complete code. At this point, our ARP basics is over, I hope you can gain something from it. postscript: Because I have developed VC . Net 2003, the friend who did not install .Net is not open, can try the engineering conversion tool on vckbase, I have not tried it, I don't guarantee effective http://www.vckbase .com / tools / assist / prjconverter.rar and this document uses the WinPCAP development package, which is to install a AINPCAP driver. The reader can install the driver in my code package, but it is updated soon, can go to the homepage to download the latest version http://winpcap.polito.it/install/default.htm Readers who don't do, only download and install this, you can use WinPCAP Auto-Installer (Driver DLLS) My original and source code download address will be posted later, please pay attention to this post ^ _ ^ Source code download address, freshly baked, thank the _foo brothers offer space http://iunknown.com.cn/9cbs/network/arpplayer_by_piggyXP. Rar
