4

I'm developing an embedded system that has to communicate with the outside world over 10Base-T ethernet. I have built all functions required to serve web pages, including ARP, IP, TCP, ICMP (ping), HTTP and portions of FTP. Now, I need to build the rest of the code, which will allow me to act as a client. All the above-mentioned protocols have been working well from the server standpoint for several months.

Now, I need to build the client half of these protocols, to request data from other servers. Step 1 is to ARP for the hardware address of the remote server. As I understand it, since the server is on another network, my gateway should respond with its MAC address so that I know to pass all packets destined for that IP to my gateway. Here's the problem:

My device (192.168.1.251, on subnet mask 255.255.255.0) doesn't get an ARP response from my gateway (192.168.1.1) or any machine outside of the network. However, my device (X.251) does get an ARP response from my laptop (192.168.1.100) which is under the same router.

I'm certain that my basic ARP ethernet frame structure is correct, because I reply to ARP requests correctly every time. The difference is in the OPERATION field, which is either a 1 or 2 depending on REQUEST or REPLY.

Here's my device's (192.168.1.251) request to the gateway (192.168.1.1), which gets no response:

FF FF FF FF FF FF <-- destination MAC - broadcast (also tried 0x00)

00 04 A3 7F C1 57 <-- source MAC - my device

08 06 <-- ARP

00 01 <-- ethernet

08 00 <-- IP

06 <-- 6 byte MAC addresses

04 <-- 4 byte IP addresses

00 01 <-- request (2 = reply)

00 04 A3 7F C1 57 <-- sender MAC - mine

C0 A8 01 FB <-- sender IP - mine = 192.168.1.251

00 00 00 00 00 00 <-- target MAC - unknown, reason for request

C0 A8 01 01 <-- target IP - gateway = 192.168.1.1

00 00 00 00 ..... 00 00 00 <-- trailer of 18 sets of 00 for padding

Now, my device's (192.168.1.251) nearly identical request to my laptop (192.168.1.100), which gets a valid response:

FF FF FF FF FF FF <-- destination MAC - broadcast (also tried 0x00)

00 04 A3 7F C1 57 <-- source MAC - my device

08 06 <-- ARP

00 01 <-- ethernet

08 00 <-- IP

06 <-- 6 byte MAC addresses

04 <-- 4 byte IP addresses

00 01 <-- request (2 = reply)

00 04 A3 7F C1 57 <-- sender MAC - mine

C0 A8 01 FB <-- sender IP - mine = 192.168.1.251

00 00 00 00 00 00 <-- target MAC - unknown, reason for request

C0 A8 01 64 <-- target IP - laptop = 192.168.1.100

00 00 00 00 ..... 00 00 00 <-- trailer of 18 sets of 00 for padding

Side notes that may or may not be important:

  • Both my device and the gateway show up in my laptop's ARP table.
  • My laptop is running Win7.
  • My gateway is a Linksys WRT54GL Wireless-G broadband router.
  • I have analyzed packets via Wireshark to provide the results above.
  • My DHCP block covers X.100 to X.149, so my laptop is assigned X.100 by the router
  • My device IP of X.251 is hard-coded in the device. I see no means of setting a relationship between this IP and my device's MAC in the router config app. All other functions seem to work with my device as a server, so I assume this is not a problem.
  • I have tried sending the ARP request for remote servers (google = 173.194.43.33) both directly to the server's IP and to my gateway's IP (hoping it would realize its need to be a proxy.)
  • I have tried banging my head on the desk, which, sadly, helped a little.
Christopher Garman
  • 71
  • 1
  • 1
  • 5
  • Are you sure about your networkmask? 192.168.0.0/16 is a private network (see RFC 1918). But the rest of that ip block is a public ip range. – rekire Sep 14 '12 at 20:41
  • Surely your Laptop is sending ARP requests to the gateway and getting responses; can you capture those frames and compare them to the one your device is sending? – Joseph Sep 14 '12 at 20:44
  • @ rekire: I'm not */16 - I'm */8. i.e. 192.168.1.1 - 192.168.1.255 with a netmask of 255.255.255.0 – Christopher Garman Sep 14 '12 at 20:47
  • That is wrong you count the ones not the zeros so you use the subnet 192.168.1.0/24. – rekire Sep 14 '12 at 20:47
  • @ Joseph: strangely, when my laptop sends those requests to the gateway, they already have the gateway's MAC filled in (not broadcast.) I tried sending from my device with the gateway's MAC prefilled (kinda defeating the purpose) but those are rejected too. I haven't tried sending it while spoofing the laptop's IP and MAC, but I'm not sure if that would tell me anything. – Christopher Garman Sep 14 '12 at 20:49
  • @rekire: Sorry, notation is backwards, then. My subnet is 255.255.255.0. I'll edit the post. – Christopher Garman Sep 14 '12 at 20:58
  • @ChristopherGarman can you verify that the only differences in frame structure from your device/laptop to gateway are that the destiantion MAC is unicast to gateway and not broadcast when sent from the laptop, and that the source MAC/IP is for the respective device? There are no other differences? – Joseph Sep 14 '12 at 21:05
  • @ Joseph - that's correct. The broadcast changes to unicast (MAC of router) and the source MAC and IP change to be the laptop vs. my device. I also see a lack of the 18 sets of trailing 0x00, but this may be an effect of Wireshark. Those 0x00's are there when my device ARPs the laptop, which works. They are also there when my device ARPs the gateway, which fails. – Christopher Garman Sep 14 '12 at 21:10
  • OK - I just tried another test point. I'm using a straight connection from my laptop to my device, and bypassing the router. My laptop supports MDIX, so this is possible. I changed the IP of my laptop to 192.168.1.1, which is where my gateway used to reside. My laptop responds to this identical ARP packet sent to X.1, whereas my gateway did not. So, I'm now even more certain that the ARP is sent correctly. This means that my gateway/router is selectively ignoring my request. Any ideas why??? – Christopher Garman Sep 17 '12 at 14:05

2 Answers2

0

If I guess right you post your ARP request to your notebook, which is not permitted to answerthat ARP request. Normally every device answers just for itself. Try to enter the target ip 192.168.1.1 for your router. That should work.

By the way you cannot get the MAC Adress of any devices which are outside of your subnet. Every package needs to send to the gateway mac adress with the target ip adress.

rekire
  • 47,260
  • 30
  • 167
  • 264
  • In example 1 above, I did send an ARP to my router at 192.168.1.1, which is where I get no response. In example 2, I send it to my laptop at 192.168.1.100, which gives a valid response. Both devices are on the same network, and the packets are otherwise identical. – Christopher Garman Sep 14 '12 at 20:52
0

I would try to troubleshoot this in the following manner:

Using a tool like scapy, craft an ARP request from your laptop requesting the gateway's MAC, and send it to the broadcast MAC. Take a look at whether the request is replied to.

Then, create an ARP request on your laptop using scapy, but set the source MAC to be your device's MAC address, and send a request to the broadcast MAC for the gateway's MAC. This is essentially simulating your device's sending on your laptop. If you can change your laptop's mac temporarily to your device's MAC, you should get the reply on your laptop.

If the above step works correctly, then you will have simulated the exact behaviour of your device on your laptop, and the actual device will work correctly as well.

mandarg
  • 41
  • 1