ARP protocol

ARP is short for Address Resolution Protocol. It is a TCP/IP protocol that obtains physical addresses based on IP addresses. Reference: THE working mechanism of ARP

Common commands:

Arp -a: displays cached ARP information. Linux can be arp-N or visually viewed.

  1. The Windows effect is as follows:

  1. MacOS/Linux:

Script tool: Obtain the MAC address of the specified IP address

The text for specifying the IP of the file is as follows:

192.168.20.1
192.168.20.100
192.168.20.101
192.168.20.102
192.168.20.103
192.168.20.105

Copy the code

The bash script is as follows:

#/bin/bash
Obtain the MAC address from the IP address
Windows please run the gitbash terminal available.
FILE_NAME="$0"
TXT_FILE_NAME="${FILE_NAME%.sh}.txt"
TEMP_FILE_NAME="${FILE_NAME%.sh}.out.temp"
OUT_FILE_NAME="${FILE_NAME%.sh}.out"

Read the specified IP address
for line in `cat $TXT_FILE_NAME`
do
    {
        echo "Going to ping:$line"
        if [ ${#line} -ne 0 ]
        then
            ping -c 1 $line > /dev/null 2>&1
        fi; } &done
# Customize the relationship between IP and MAC addresses
function handle_ip_mac(){
    ip=The $1;
    mac=$2;
    if [ ${#mac} -eq 17 ] || [ ${#mac}! ='FF-FF-FF-FF-FF-FF-FF' ]
    then
        echo "Custom handlers:$ipThe corresponding address is$mac";
    else
        echo "Custom handlers:$ipFailed to obtain the MAC address!$mac"
    fi;
    
}
Output the MAC address
SYS_NAME=`uname`
echo "Current system name uname:$SYS_NAME"
if [[ $SYS_NAME= ~'MINGW' ]]
then
    echo 'The current system is determined to be WINDOWS! '
    arp -a > $OUT_FILE_NAME
    echo "The result of ip-MAC matching has been saved to:$OUT_FILE_NAME"
    while read -r line
    do
        array=($line);
        ip=${array[0]};
        mac=${array[1]};
        handle_ip_mac $ip $mac;
    done < $OUT_FILE_NAME;
else
    # Darwin in the MAC version
    echo 'Current system determines *inux! '
    arp -a > $TEMP_FILE_NAME
    cat $TEMP_FILE_NAME | awk '{split($0,ip,"[()]"); printf ip[2] " "; a=index($0," at "); b=index($0," on "); print substr($0,a+4,b-a-4)}' > "$OUT_FILE_NAME"
    echo "The result of ip-MAC matching has been saved to:$OUT_FILE_NAME"
    while read -r line
    do
        array=($line)
        ip=${array[0]}
        mac=${array[1]}
        handle_ip_mac $ip $mac;
    done < $OUT_FILE_NAME;
fi;
echo "Done!!! After the script is executed, you can view the detailed result$OUT_FILE_NAME";
Copy the code

The result is as follows:

192.168.20.1 8C: F2:28:11:76:56 192.168.20.100 F8:62:14:46:E6:5F 192.168.20.101 3C :22: FB :47: A5: Ed 192.168.20.102 94:65:2D :20: D7: E6 192.168.20.103 54:9F :13: C5:82:1c 192.168.20.105 (incomplete) 192.168.20.255 FF :ff:ff:ff:ff:ff :ff 224.0.0.251 1:0:5e:0:0: FB 224.0.0.252 1:0:5e:0:0: FC 239.255.255.250 1:0:5e:7f:ff:faCopy the code

summary

  1. The result returned is(incomplete)

If the MAC ADDRESS field is Incomplete during ARP entry viewing, the current entry is a temporary ARP entry, which cannot guide packet forwarding.

  1. The result returned isff:ff:ff:ff:ff:ff

Arp spoofing, specific still do not understand!