2

Edit: Answered on serverfault. Thanks!

A product I'm testing appears to freak out when it receives an ARP request with a Sender IP Address of 0.0.0.0. This is not an ARP probe, as the request is addressed to my module, and the customer's system sends the request just before it starts using its own valid IP address, which is different than my module's IP address. The problem is recreating that here in the lab rather than having to travel to the customer's site.

Is there software I can use to generate an ARP request from a fake address? This is similar to, but not quite the same as, ARP spoofing, since I'm trying to fake the request and not the reply. Do any of the spoofing tools have this functionality? Or is there a way to force Windows or Linux to send an ARP probe?

Sam Skuce
  • 1,666
  • 14
  • 20
  • If possible, could you explain how it is possible to send an arp request before you get an ip adress from your dhcp? I always thougt the dhcp discover/offer/request/ack thing MUST come at the first place. – InsertNickHere Sep 24 '10 at 18:43
  • this is a serverfault type question not stackoverflow. – rahim asgari Sep 24 '10 at 18:43
  • @insertnickhere, the customer's system is an embedded system that is running it's own Ethernet stack, so it can put out whatever bytes it wants whenever it wants, and it appears that it tries to start communicating before fully initializing itself. Yes, it's weird, but if I can change my module to work with this situation, everybody will be happy sooner than if I try to have the customer change their stack. @rahim, thanks, I'll ask there too. – Sam Skuce Sep 24 '10 at 18:50
  • Thank you for your explaination. – InsertNickHere Sep 24 '10 at 19:17

1 Answers1

2

You can use Python2 to do that job. That's really quite simple task. You will need root privileges to open RAW sockets and some little knowledge with Python.

import socket
import struct

#Packet structure explanation:
#destmac = 0xff,0xff,0xff,0xff,0xff,0xff
#sourcemac = 0x00,0x11,0x22,0x33,0x44,0x55
#etherflags = 0x0806,0x0001,0x0800
#arpflags = 0x6,0x4,0x0001
#sourcemac = 0x00,0x11,0x22,0x33,0x44,0x55
#sourceip = 0xc0,0xa8,0x2b,0x7a
#targmac = 0x00,0x00,0x00,0x00,0x00,0x00
#targip = 0xc0,0xa8,0x2b,0x0c

packet = struct.pack('!12B3H2BH10B10B', 0xff,0xff,0xff,0xff,0xff,0xff, 0x00,0x11,0x22,0x33,0x44,0x55, 0x0806,0x0001,0x0800, 0x6,0x4,0x0001 ,0x00,0x11,0x22,0x33,0x44,0x55, 0xc0,0xa8,0x2b,0x7a, 0x00,0x00,0x00,0x00,0x00,0x00, 0xc0,0xa8,0x2b,0x0c)

sock = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
sock.bind(('eth0', 6)) # 6 its protocol number
sock.send(packet)
sock.close()
Jonathon Reinhart
  • 132,704
  • 33
  • 254
  • 328
Tom Lime
  • 1,154
  • 11
  • 15