Search code examples
pythonsocketsarp

ARP request without reply raw sockets python

I'm trying to get a arp reply after send ARP request but the reply is not comming.

I had a look to wireshark for the results and i think he does the broadcast to the network, but no reply show up...

In results of wireshark the MAC addr of sender and receiver is do not correspond to the real MAC addr, im bealive i'm not packing this right but i dont understand why.

need help... 

#!/usr/bin/env python3

import struct
import socket



raw = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0806))
raw.bind(("wlp3s0", socket.htons(0x0806)))


mac_local = b"ff:ff:ff:ff:ff:ff"   # mac de quem envia request
ip_local = "192.168.1.7"           # ip de quem envia request
mac_dest = b"00:00:00:00:00:00"    # mac de quem recebe request
ip_dest = "192.168.1.2"            # ip de quem recebe request




# Ethernet Header
protocol = 0x0806             # 0x0806 protocol to ARP
ethernet_header = struct.pack("!6s6sH", mac_dest, mac_local, protocol)


# ARP header

type_hardware = 1
type_protocol = 0x0800       # IPV4
size_addr_hardware = 6   # Refere ao tamanho do endereço do MAC que é 
48 bits  == 6 bytes 
size_addr_protocol = 4  # Refere ao tamanho do endereço do ipv4 que é 
32 bits == 4 bytes
operation = 1                  # 1 = request / 2 = Reply 

source_ip = socket.inet_aton(ip_local)
dest_ip = socket.inet_aton(ip_dest)


arp_addr = struct.pack("!HHBBH6s4s6s4s", type_hardware, type_protocol,
                       size_addr_hardware, size_addr_protocol, operation,
                       mac_local, source_ip, mac_dest, dest_ip)
pkt = ethernet_header + arp_addr

cont = 0
while cont < 6:
    raw.send(pkt)
    cont +=1

enter image description here

enter image description here

Solution

  • mac_dest and mac_local are definitely not right. You've just created a byte string with the ASCII value. Each of those is 17 bytes long. And you're just taking the first 6 of those 17 bytes for each of the addresses.

    They should be something like this instead:

    mac_dest = b'\x00\x00\x00\x00\x00\x00'
mac_local = b'\xff\xff\xff\xff\xff\xff'

    Check that the length of the byte string before the struct.pack call is exactly six bytes.

    Also, not sure what you're trying to do, but I doubt it makes sense to use the all-zero hardware address as a destination address. Pretty sure no one will receive that as it would be a unicast to an address that no one has. The opposite might be helpful (send to the broadcast address from all-zero) -- I think that's standard for ARP probes.