/
arp-scan.h
285 lines (256 loc) · 9.08 KB
/
arp-scan.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
/*
* ARP Scan is Copyright (C) 2005-2011 Roy Hills, NTA Monitor Ltd.
*
* This file is part of arp-scan.
*
* arp-scan is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* arp-scan is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with arp-scan. If not, see <http://www.gnu.org/licenses/>.
*
* $Id$
*
* arp-scan.h -- Header file for ARP scanner
*
* Author: Roy Hills
* Date: 11 October 2005
*
*/
/* Includes */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef STDC_HEADERS
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <stdarg.h>
#include <errno.h>
#else
#error This program requires the ANSI C Headers
#endif
#include <sys/types.h>
/* Integer types */
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#else
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#endif
#ifdef __CYGWIN__
#include <windows.h> /* Include windows.h if compiling under Cygwin */
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#else
/* Include getopt.h for the sake of getopt_long.
We don't need the declaration of getopt, and it could conflict
with something from a system header file, so effectively nullify that. */
#define getopt getopt_loser
#include "getopt.h"
#undef getopt
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
# endif
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_REGEX_H
#include <regex.h> /* Posix regular expression functions */
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_PCAP_H
/*
* The pcap.h header file on Apple Mac OS Xcode 2.5 and later includes pcap's
* cut-down version of bpf.h, which defines macros that conflict with those in
* the full bpf.h. To avoid the conflict, we include net/bpf.h before pcap.h
* if compiling under Xcode 2.5 or later. This defines all the required macros
* and prevents pcap's cut-down version from defining its own ones.
*
* 5370 is the value of __APPLE_CC__ for Xcode 2.5 on Tiger with GCC 4.0.1
*/
#if defined(__APPLE_CC__) && (__APPLE_CC__ >= 5370)
#include <net/bpf.h>
#endif
#include <pcap.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#include <sys/ioctl.h>
#endif
#ifdef ARP_PCAP_DLPI
#ifdef HAVE_SYS_BUFMOD_H
#include <sys/bufmod.h>
#endif
#endif
#include "hash.h" /* Hash table functions */
/* Defines */
#define MAXLINE 255 /* Max line length for input files */
#define MAX_FRAME 2048 /* Maximum allowed frame size */
#define REALLOC_COUNT 1000 /* Entries to realloc at once */
#define DEFAULT_BANDWIDTH 256000 /* Default bandwidth in bits/sec */
#define PACKET_OVERHEAD 18 /* layer 2 overhead (6+6+2 + 4) */
#define MINIMUM_FRAME_SIZE 46 /* Minimum layer 2 date size */
#define DEFAULT_BACKOFF_FACTOR 1.5 /* Default timeout backoff factor */
#define DEFAULT_RETRY 2 /* Default number of retries */
#define DEFAULT_TIMEOUT 100 /* Default per-host timeout in ms */
#define SNAPLEN 64 /* 14 (ether) + 28 (ARP) + extra */
#define PROMISC 0 /* Enable promiscuous mode */
#define TO_MS 0 /* Timeout for pcap_open_live() */
#define OPTIMISE 1 /* Optimise pcap filter */
#define ARPHRD_ETHER 1 /* Ethernet ARP type */
#define ARPOP_REQUEST 1 /* ARP Request */
#define ARPOP_REPLY 2 /* ARP Reply */
#define ETHER_HDR_SIZE 14 /* Size of Ethernet frame header in bytes */
#define ARP_PKT_SIZE 28 /* Size of ARP Packet in bytes */
#define ETH_ALEN 6 /* Octets in one ethernet addr */
#define ETH_P_IP 0x0800 /* Internet Protocol packet */
#define ETH_P_ARP 0x0806 /* Address Resolution packet */
#define OUIFILENAME "ieee-oui.txt" /* Default IEEE OUI filename */
#define IABFILENAME "ieee-iab.txt" /* Default IEEE IAB filename */
#define MACFILENAME "mac-vendor.txt" /* Default MAC/Vendor filename */
#define DEFAULT_ARP_OP ARPOP_REQUEST /* Default ARP operation */
#define DEFAULT_ARP_HRD ARPHRD_ETHER /* Default ARP hardware type */
#define DEFAULT_ARP_PRO ETH_P_IP /* Default ARP protocol */
#define DEFAULT_ARP_HLN 6 /* Default hardware length */
#define DEFAULT_ARP_PLN 4 /* Default protocol length */
#define DEFAULT_ETH_PRO ETH_P_ARP /* Default Ethernet protocol */
#define FRAMING_ETHERNET_II 0 /* Standard Ethernet-II Framing */
#define FRAMING_LLC_SNAP 1 /* 802.3 with LLC/SNAP */
#define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0]))
#define OPT_WRITEPKTTOFILE 256 /* --writepkttofile option */
#define OPT_READPKTFROMFILE 257 /* --readpktfromfile option */
/* Structures */
typedef struct {
unsigned timeout; /* Timeout for this host in us */
struct in_addr addr; /* Host IP address */
struct timeval last_send_time; /* Time when last packet sent to this addr */
unsigned short num_sent; /* Number of packets sent */
unsigned short num_recv; /* Number of packets received */
unsigned char live; /* Set when awaiting response */
} host_entry;
/* Ethernet frame header */
typedef struct {
uint8_t dest_addr[ETH_ALEN]; /* Destination hardware address */
uint8_t src_addr[ETH_ALEN]; /* Source hardware address */
uint16_t frame_type; /* Ethernet frame type */
} ether_hdr;
/* Ethernet ARP packet from RFC 826 */
typedef struct {
uint16_t ar_hrd; /* Format of hardware address */
uint16_t ar_pro; /* Format of protocol address */
uint8_t ar_hln; /* Length of hardware address */
uint8_t ar_pln; /* Length of protocol address */
uint16_t ar_op; /* ARP opcode (command) */
uint8_t ar_sha[ETH_ALEN]; /* Sender hardware address */
uint32_t ar_sip; /* Sender IP address */
uint8_t ar_tha[ETH_ALEN]; /* Target hardware address */
uint32_t ar_tip; /* Target IP address */
} arp_ether_ipv4;
/* Link-layer handle structure, defined in link-xxx.c */
typedef struct link_handle link_t;
/* Functions */
#ifndef HAVE_STRLCAT
size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
void err_sys(const char *, ...);
void warn_sys(const char *, ...);
void err_msg(const char *, ...);
void warn_msg(const char *, ...);
void err_print(int, const char *, va_list);
void usage(int, int);
void add_host_pattern(const char *, unsigned);
void add_host(const char *, unsigned, int);
int send_packet(link_t *, host_entry *, struct timeval *);
void recvfrom_wto(int, int);
void remove_host(host_entry **);
void timeval_diff(const struct timeval *, const struct timeval *,
struct timeval *);
host_entry *find_host(host_entry **, struct in_addr *);
void display_packet(host_entry *, arp_ether_ipv4 *, const unsigned char *,
size_t, int, int, ether_hdr *);
void advance_cursor(void);
void dump_list(void);
void print_times(void);
void clean_up(void);
void arp_scan_version(void);
char *make_message(const char *, ...);
void callback(u_char *, const struct pcap_pkthdr *, const u_char *);
void process_options(int, char *[]);
struct in_addr *get_host_address(const char *, int, struct in_addr *, char **);
const char *my_ntoa(struct in_addr);
int get_source_ip(link_t *, uint32_t *);
void get_hardware_address(link_t *, unsigned char []);
void marshal_arp_pkt(unsigned char *, ether_hdr *, arp_ether_ipv4 *, size_t *,
const unsigned char *, size_t);
int unmarshal_arp_pkt(const unsigned char *, size_t, ether_hdr *,
arp_ether_ipv4 *, unsigned char *, size_t *, int *);
unsigned char *hex2data(const char *, size_t *);
unsigned int hstr_i(const char *);
char *hexstring(const unsigned char *, size_t);
int get_ether_addr(const char *, unsigned char *);
int add_mac_vendor(struct hash_control *, const char *);
/* Link layer send functions */
link_t *link_open(const char *);
ssize_t link_send(link_t *, const unsigned char *, size_t);
void link_close(link_t *);
/* Wrappers */
int Gettimeofday(struct timeval *);
void *Malloc(size_t);
void *Realloc(void *, size_t);
unsigned long int Strtoul(const char *, int);
long int Strtol(const char *, int);
unsigned str_to_bandwidth(const char *);
unsigned str_to_interval(const char *);
char *dupstr(const char *);
/* MT19937 prototypes */
void init_genrand(unsigned long);
void init_by_array(unsigned long[], int);
unsigned long genrand_int32(void);
long genrand_int31(void);
double genrand_real1(void);
double genrand_real2(void);
double genrand_real3(void);
double genrand_res53(void);
/* The following functions are just to prevent rcsid being optimised away */
void wrappers_use_rcsid(void);
void error_use_rcsid(void);
void utils_use_rcsid(void);
void link_use_rcsid(void);