问题描述
如果我发送一个ARP包,我能从recv的什么是发送者的IP地址发现的?我问这个,因为我多个包发送到不同的主机与子进程和我收到的所有子进程的响应,所以我'M询问是否有一种方法可以知道孩子什么送你package.Thank
If I send an ARP package can I find out from recv what is the IP adress of the sender ?I ask this because i send multiple packages to different hosts with child processes and I receive the response to all the child processes so I'm asking if there is a way to know what child sent what package.Thank you.
struct ether_arp req;
struct sockaddr_ll addr={0};
struct ifreq inter;
int sock;//I check usinginter if the interface is correct
sock=socket(AF_PACKET,SOCK_DGRAM,htons(ETH_P_ARP));
if (sock==-1) {
printf("%s",strerror(errno));
}
if (ioctl(sock,SIOCGIFINDEX,&inter)==-1) {
printf("%s",strerror(errno));
return ;//for the interface index
addr.sll_family=AF_PACKET;
addr.sll_ifindex=index;
addr.sll_halen=ETHER_ADDR_LEN;
addr.sll_protocol=htons(ETH_P_ARP);
memcpy(addr.sll_addr,ether_broadcast_addr,ETHER_ADDR_LEN);
req.arp_hrd=htons(ARPHRD_ETHER);
req.arp_pro=htons(ETH_P_IP);
req.arp_hln=ETHER_ADDR_LEN;
req.arp_pln=sizeof(in_addr_t);
req.arp_op=htons(ARPOP_REQUEST);
......................
memcpy(&req.arp_spa,&target_ip_addr.s_addr,sizeof(req.arp_spa));//this way I save the source IP
.......
if (sendto(sock,&req,sizeof(req),0,(struct sockaddr*)&addr,sizeof(addr))==-1) {
printf("%s",strerror(errno));
}THis is how I send it
有一点点更code,但我不认为这是相关的。
There is a little more code but i don't think it is relevant
推荐答案
您不能使用 recvfrom的来发现发送者的IP地址,因为ARP报文没有得到网络层。
You can't use recvfrom to discover the ip address of the sender, because ARP packet got no network layer.
如果你想知道哪台主机,与他相对的MAC地址和IP地址,回答您的要求,你必须仔细分析该公司犯了这样的数据包:
If you want to know which host, with his relative mac address and ip address, replied to your requests you have to dissect the packet that's made like this:
在这里寻找有关单场更多资讯:
Look here for further infos about single fields: ARP Message Format
您正在寻找的32位到发件人协议地址
The 32 bits you're looking for are into Sender Protocol Address
这是一个hypotetic code片段,显示主机的IP号码的ARP回复您的ARP请求。
This is an hypotetic code snippet that shows ip numbers of hosts arp-replying to your ARP REQUESTS.
免责声明:我没有测试它,但它应该给你一个想法
DISCLAIMER: i didn't test it but it should give you an idea.
/* buf is buffer containing the ethernet frame */
char buf[65535];
/* arp frame points to the arp data inside the ethernet frame */
struct ether_arp *arp_frame;
/* skipping the 14 bytes of ethernet frame header */
arp_frame = (struct ether_arp *) (buf + 14);
/* read until we got an arp packet or socket got a problem */
while (recv(sock, buf, sizeof(buf), 0))
{
/* skip to the next frame if it's not an ARP packet */
if ((((buf[12]) << 8) + buf[13]) != ETH_P_ARP)
continue;
/* skip to the next frame if it's not an ARP REPLY */
if (ntohs (arp_frame->arp_op) != ARPOP_REPLY)
continue;
/* got an arp reply! this is where i'm printing what you need */
/* ... and YES... spa of arp_spa field stands for Sender Protocol Address */
printf("I got an arp reply from host with ip: %u.%u.%u.%u\n", arp_frame->arp_spa[0],
arp_frame->arp_spa[1],
arp_frame->arp_spa[2],
arp_frame->arp_spa[3]);
/* break? */
break;
}
这是一个小程序监听ARP-答复的全面工作的例子。
And this is a full WORKING example of a mini program listening for ARP-REPLIES.
这篇关于Linux的ARP信息recvfrom的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!