Strange ARP packets

Strange ARP packets

Post by Udo A. Steinber » Tue, 09 Oct 2001 04:37:02



Hello,

I've written a small network monitoring program that uses a packet socket
to monitor networking traffic. The following Ethernet ARP frame puzzles
me though:

Sender Hardware Address: 00:30:65:c6:e0:7a
Sender IP Address      : 0.0.0.0
Target Hardware Address: ff:ff:ff:ff:ff:ff
Target IP Address      : 141.80.228.45

The sending host in fact has the IP 141.80.228.45. Can someone tell me
what kind of ARP packet it is? Why is the sender IP 0.0.0.0 and why is
the target hardware address ff:ff:ff:ff:ff:ff? It doesn't seem to be
conforming with any ARP-RFC I've found.

Regards,
Udo.

 
 
 

Strange ARP packets

Post by those who know me have no need of my nam » Wed, 10 Oct 2001 20:11:38



Quote:>I've written a small network monitoring program that uses a packet socket
>to monitor networking traffic. The following Ethernet ARP frame puzzles
>me though:

>Sender Hardware Address: 00:30:65:c6:e0:7a
>Sender IP Address      : 0.0.0.0
>Target Hardware Address: ff:ff:ff:ff:ff:ff
>Target IP Address      : 141.80.228.45

>The sending host in fact has the IP 141.80.228.45.

the sender is looking for other hosts that believe they are 141.80.228.45.

--
okay, have a sig then

 
 
 

1. Sending Arp reply packets using packet-sockets on linux

I am trying to broadcast an arp response packet using packet-sockets on
linux. I created an arp response packet and then used sendto to dispatch it
from a socket created using socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP))
and bound as follows:

struct sockaddr_ll sa;
memset((char *)&sa, 0, sizeof(sa));
sa.sll_family = AF_PACKET;
sa.sll_protocol = htons(ETH_P_ARP);
sa.sll_ifindex = 2;
sa.sll_hatype = htons(ARPHRD_ETHER);
sa.sll_pkttype = htons(PACKET_BROADCAST);
sa.sll_halen = htons(ETHER_ADDR_LEN);
memcpy(sa.sll_addr, mac, ETHER_ADDR_LEN);

[where mac is my mac address as an array of chars.]

bind(sock, (struct sockaddr *)&sa, sizeof(sa));

However, when I use tcpdump to print the sent packet it prints as follows:

17:25:50.268936 eth0 > arp-#0 for proto #0 (0) hardware #0 (0)
17:25:50.269001 eth0 > arp-#0 for proto #0 (0) hardware #0 (0)
17:25:50.269062 eth0 > arp-#0 for proto #0 (0) hardware #0 (0)
17:25:50.269124 eth0 > arp-#0 for proto #0 (0) hardware #0 (0)

Does anyone know what am I doing wrong? Can anyone point me to a working
example for sending broadcast arp responses.

Any help is deeply appreciated.

2. A Character based mail reader

3. solaris net install -> "timeout waiting for ARP/RARP packet"

4. Looking for IT Management Opensource Software

5. continuous ARP:Bad packet received on device "eth0"!

6. NCR WaveLAN PCMCIA Cards

7. ARP Request packet??plz reply soon

8. How to boot single user

9. Timeout Waiting for ARP/RARP Packet

10. "timeout waiting for ARP/RARP packet"

11. static arp entry and incoming packets

12. RH9 Router Constantly sending ARP packets

13. Timeout waiting for ARP/RARP packet