Author:
9CBS VC / MFC Network Programming PiggyXP ^ _ ^
This catalog:
four. ARP package game
1. Little trick
2. Realization of ARP spoofing
3. Survey principle based on ARP spoof
four.
Since we can fill your packets, then "small game" deception is easy to be confusing. Of course, it is in a safe protection, such as only Hub or switches connect you, and there is no route segmentation ... ... ^ _ ^
Below I will tell some of the tricks about the ARP.
Trick
1) You can try to send a request package broadcast, where the ARP frame is filled in this:
(In order to save space, I only write the filler field that needs special points))
Send Mac 6 Quickly fill a wrong sender IP 4 fill in your IP
What is the result? Is it a prompt to pop up an IP address conflict? Oh, the same reason, if the sender IP fills into other people, then send once every 1 second ..........-_- b
2) For example, you all rely on a gateway 192.168.0.1 Internet access, if you want 192.168.0.77, you can send a wrong ARP response package to 192.168.0.77, like this
Send Mac 6 casually fills a wrong sender IP 4 gateway IP 192.168.0.1
The receiver fills the relevant information of 192.168.0.77, after sending it, is it online?
This will toss him for a while, as long as its system does not get the correct way to the gateway ARP mapping table, it will not pass the net ^ _ ^
Oh, similar tricks, there are still many, but just stay in this thing is nothing to do, or look at it a little bit deep, ^ _ ^
2. ARP spoof
Because in Ethernet, network devices are computers identified by MAC information. For example, the computer knows that the MAC address is 22-22-22-22-22 is B, and if I send ARP response Pack, telling it that my Mac is 22-22-22-22-22-22, and a will also think that my computer is B, so well, we imagine such an environment.
A of the firewall is only trust in IP of 192.168.0.2 mac 22-22-22-22-22-22, and A opens 21-port to provide FTP service, normal under normal circumstances, because of the firewall, our computer is No one is not a,
So we think of the way to get b down, or when it shuts down, we change our IP to b 192.168.0.2, then send a ARP response package to tell A to update the ARP cache list, 192.168.0.2 IP is mapped to our MAC address, so the miracle appears, we can connect to a FTP, the firewall is invalid ^ _ ^
However, this approach can only take effect in the same network segment. If we are not in a network segment, then it is more complicated, but also to control the routing of the packet with ICMP, this I am ready to explain later. If the ICMP package is explained in detail, no longer say more.
3. Survey principle based on ARP spoof
There are many technologies that are listening, but the Sniffer tools we use can only work in Hub-based networks. Even if they are switched, they are not powerful. At this time, our ARP spoofing technology will be used.
It is also assumed that there are three hosts A, B, and our hosts are located in the same switched local area network.
A and B are communicating, if we want to spy the contents of A-> B communication, then we can send a forged ARP response package, telling A, B IP corresponding to the Mac entry for our MAC address, As a result, A will also refresh your own ARP cache, will send B's data, and the source is constantly sent to our host, so I can analyze the packets received, and reach the monitor. the goal of. Of course, because the dynamic ARP cache is dynamic, there is timeout, so we must send a ARP response package every other time, although we have achieved this, but the communication of A to B is stopped, in order not Let B find that we have to forward the packets received every time, all forwarded to B, so that the sky is seamless ^ _ ^
Similarly, if we also want to listen to B à a packet, send a ARP response package to b, telling B, the IP corresponding to A. The Mac is our host MAC, so the packets of B to A are constantly moving. It's time to send it to our host, of course, we also forward these packets, as shown in the figure:
A <------> Our host <------> B
If everything is incorrect, the communication content of A and B is so unconsciously we listen to us. ^ _ ^
Due to the specific code, I don't put it here because I don't put it here. If I need me, I will have a complete code.
At this point, our ARP basics is over, I hope you can gain something from it.
postscript:
Because I have developed VC . Net 2003, so I don't have a friend who can't open the project. I can try the engineering conversion tool on VCKBASE. I have not tried it, I don't guarantee effective
http://www.vckbase.com/tools/assist/prjconverter.rar
And the code in this article uses the WinPCAP development kit, and is an additional AINPCAP driver.
The reader can install the driver in my code package, but it is updated soon, can go to the homepage to download the latest version
http://winpcap.polito.it/install/default.htm
Readers who don't do, only download and install this, you can use WinPCAP Auto-Installer (Driver DLLS)
My original text and source download address will be posted later, please pay attention to this post ^ _ ^
Source code download address, freshly released, thank you _foo brothers provide space
Http://iunknown.com.cn/9cbs/network/arpplayer_by_piggyxp.rar
The source code download address updated on November 5, 2007 has been invalid. . . .
http://download.9cbs.net/source/275445
My resource space is here, welcome everyone to visit
http://piggyxp.download.9cbs.net/
ARP package game
