0

Okay, so I'm running Ubunutu 14.04 LTS, and I'm trying to poison my own ARP Cache, by doing this,

my private IP address is 10.0.0.1.

My phone's private IP address is 10.0.0.8.

for this example only let's say my MAC address is axaxaxaxaxax.

I've wrote the following python code:

from binascii import *  
from struct import *
import socket;


class ethernetframe:

    def __init__(self, destmac, srcmac, ethrtype):  

        self.destmac = unhexlify(destmac)
        self.srcmac = unhexlify(srcmac)
        self.ethrtype = unhexlify(ethrtype)


    def uniteframe(self, payload):
        frame = ''
        frame = frame + self.destmac
        frame = frame + self.srcmac
        frame = frame + self.ethrtype
        frame = frame + payload
        frame = frame + unhexlify("00000000")
        return frame



class arppacket:

    def __init__(self,opcode,srcmac,srcip,dstmac,dstip):

        if opcode == 1:
            dstmac = "000000000000"
            opcode = "0001"
        else:
            opcode = "0002"
        self.opcode = unhexlify(opcode)
        self.srcmac = unhexlify(srcmac)
        self.srcip = pack('!4B',srcip[0],srcip[1],srcip[2],srcip[3])
        self.dstmac = unhexlify(dstmac)
        self.dstip =  pack('!4B',dstip[0],dstip[1],dstip[2],dstip[3])

    def unitepacket(self):
        packet = ''
        packet = packet + "\x00\x01\x08\x00\x06\x04"
        packet = packet + self.opcode
        packet = packet + self.srcmac 
        packet = packet + self.srcip
        packet = packet + self.dstmac
        packet = packet + self.dstip
        return packet


e1 = ethernetframe("axaxaxaxaxax","axaxaxaxaxax","0800")
arp1 = arppacket(2,"axaxaxaxaxax",(10,0,0,8),"axaxaxaxaxax",(10,0,0,1))
arpacket = arp1.unitepacket()
fullethframe = e1.uniteframe(arpacket)

s = socket.socket(socket.AF_PACKET,socket.SOCK_RAW,socket.htons(0x0806))
s.bind(("eth0",0))
s.send(fullethframe)

now, I'm monitoring this whole process with Wireshark, the ARP packet is being send and it is formed correctly, In wire shark I see the following line:

10.0.0.8 is at axaxaxaxaxax

This means that I have successfully sent an ARP reply! to my own computer, stating that the MAC address that is resolved for 10.0.0.8 is axaxaxaxaxax since ARP cache automatically update if a reply is received REGARDLESS if a request was sent, this means that in my NIC driver's arp cache there should've been a line added stating that 10.0.0.8 is resolved with axaxaxaxaxax

however, when I run inside my ubunutu's terminal 

arp - a

or 

arp - an

it doesn't show up....., which means I've failed to poison my own ARP cache, any ideas how to fix this?

4

1 回答 1

1

这里只是一个想法 - 你尝试过吗

arp -an

如果没有 -n,arp 将尝试对主机名进行反向名称查找。

于 2014-09-23T21:19:53.003 回答