The first hand is handed to teach you to play the ARP package
table of Contents:
One. Basic knowledge about ARP protocol
1. Working principle of ARP
2. ARP packet format Author:
9CBS VC / MFC Network Programming PiggyXP ^ _ ^
One. Basic knowledge about ARP protocol
1. ARP working principle
Originally, I don't want to repeat the basic common sense about ARP, but in order to maintain the integrity of the article, I will be some text, and senior readers can skip this section directly.
We all know that Ethernet equipment such as NIC has its own unique MAC address, which is the MAC address to transmit Ethernet data packets, but they can't identify IP addresses in our IP package, so we do in Ethernet. IP communication requires an agreement to establish an IP address to correspond to the MAC address, so that the IP packet can be sent to a certain place. This is the ARP (Address Resolution Protocol, address resolution protocol).
Tell this, we can enter in the command line window.
ARP -A
Look at the effect, similar to such entries
210.118.45.100 00-0B
-5f
-E6-C5-D7 Dynamic
It is the correspondence of the IP address and the MAC address stored in our computer. The Dynamic represents an entry that is temporarily stored in the ARP cache. After a while, it will be deleted (XP / 2003 system is 2 minutes).
In this way, as our computer is in communication with a machine, such as 210.118.45.1, it will first check the ARP cache, find if there is a corresponding ARP entry, if not, it will send ARP request to this Ethernet Bao Guangxown inquiry 210.118.45.1 corresponds to the corresponding MAC address, of course, each computer will receive this request package, but they find 210.118.45.1 Notself, will not make the corresponding, and 210.118.45.1 will give us The computer replies an ARP answer package, tells us that its MAC address is XX-XX-XX-XX-XX-XX, so our computer's ARP cache will refresh it accordingly, more this:
210.118.45.1 XX-XX-XX-XX-XX-XX Dynamic
Why do you have such an ARP cache? Imagine if there is no cache, we have to send a broadcast query address every IP package, isn't it a waste of bandwidth and waste?
And our network devices are unable to identify the authenticity of the ARP package. If we send packets in accordance with the ARP format, as long as the information valid computer will respond according to the content in the package.
Imagine if we refresh your own ARP cache in accordance with the corresponding content of the ARP response package, hey, can we play some ARP packets in the network without security prevention? In the following article, I will teach you how to fill the ARP package, but don't worry, we will continue to learn the basic knowledge ^ _ ^
2. ARP package format
Since we have to do our own ARP package, of course, we must first learn the format of the ARP package.
From the bottom of the network, an ARP package is divided into two parts. The front is a physical frame head, and one is an ARP frame. First, the physical frame head will exist in front of any protocol packet, we call DLC Header because this frame head is constructed in the data link layer, and its main content is the physical address of both parties, so that Hardware device identification.
DLC Header
Field
BYTE
Defaults
Note
Receiver Mac
6
In broadcast, for FF-FF-FF-FF-FF-FF
Sender Mac
6
EtherType
2
0x0806
0x0806 is the type value of the ARP frame
Figure 1 Physical frame head format
Figure 1 shows the format of the physical frame header we need to fill, we can see that we need to fill the physical address of the sender and the receiving end, is it simple?
Let's take a look at the format of the ARP frame.
ARP FRAME
Field
BYTE
Defaults
Note
Hardware type
2
0x1
Ethernet type value
Upper layer protocol type
2
0x0800
The upper protocol is an IP protocol
MAC address length
1
0x6
Ethernet MAC address length is 6
IP address length
1
0x4
IP address length is 4
Operate code
2
0x1 represents the ARP request package, 0x2 indicates a response package
Sender Mac
6
Sender IP
4
Receiver Mac
6
Receiver IP
4
Data input
18
Because the minimum length of the physical frame is 64 bytes, the front 42 bytes plus 4 CRC check bytes, 18 bytes
Figure 2 ARP frame format
We can see that we need to fill the same Mac, IP, plus one 1 or 2 opcode.
