Difference between revisions of "Talk:Arp-scan Desired New Features"
m (→Token Ring Support) |
(No difference)
|
Latest revision as of 09:16, 13 April 2007
Token Ring Support
Token ring adapter is pcmcia on Debian sarge:
$ ifconfig tr0
tr0 Link encap:16/4 Mbps Token Ring (New) HWaddr 00:A0:24:F9:D5:06
inet addr:192.168.99.102 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2000 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:990 (990.0 b) TX bytes:844 (844.0 b)
Interrupt:3 Base address:0xa20 Memory:d4000-d7fff
There are three systems on the ring:
| IP Address | MAC Address | System |
|---|---|---|
| 192.168.99.100 | 00:00:F6:C8:B2:A1 | Windows XP |
| 192.168.99.101 | 00:00:83:2A:CB:A3 | Windows XP |
| 192.168.99.102 | 00:A0:24:F9:D5:06 | Debian Sarge |
tcpdump output showing a normal ARP request and response:
# tcpdump -n -i tr0 -s 0 -e -xx -v -v
tcpdump: listening on tr0, link-type IEEE802 (Token ring), capture size 65535 bytes
10:49:28.401482 10 40 00:a0:24:f9:d5:06 ff:ff:ff:ff:ff:ff 52: Single-route Forwa
rd (2052) LLC, dsap SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, arp who-has 192.168
.99.101 tell 192.168.99.102 hardware #6
0x0000: 1040 ffff ffff ffff 80a0 24f9 d506 c220 .@........$.....
0x0010: aaaa 0300 0000 0806 0006 0800 0604 0001 ................
0x0020: 00a0 24f9 d506 c0a8 6366 0000 0000 0000 ..$.....cf......
0x0030: c0a8 6365 ..ce
10:49:28.402105 18 40 00:a0:24:f9:d5:06 ff:ff:ff:ff:ff:ff 52: Single-route Forwa
rd (2052) LLC, dsap SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, arp who-has 192.168
.99.101 tell 192.168.99.102 hardware #6
0x0000: 1840 ffff ffff ffff 80a0 24f9 d506 c220 .@........$.....
0x0010: aaaa 0300 0000 0806 0006 0800 0604 0001 ................
0x0020: 00a0 24f9 d506 c0a8 6366 0000 0000 0000 ..$.....cf......
0x0030: c0a8 6365 ..ce
10:49:28.402386 18 40 00:00:83:2a:cb:a3 00:a0:24:f9:d5:06 50: LLC, dsap SNAP (0x
aa), ssap SNAP (0xaa), cmd 0x03, arp reply 192.168.99.101 is-at 00:00:83:2a:cb:a
3 hardware #6
0x0000: 1840 00a0 24f9 d506 0000 832a cba3 aaaa .@..$......*....
0x0010: 0300 0000 0806 0006 0800 0604 0002 0000 ................
0x0020: 832a cba3 c0a8 6365 00a0 24f9 d506 c0a8 .*....ce..$.....
0x0030: 6366 cf
Another tcpdump example.
# tcpdump -n -i tr0 -s 256 -xx -v -v -e arp
tcpdump: listening on tr0, link-type IEEE802 (Token ring), capture size 256 bytes
16:45:30.883338 10 40 00:00:f6:c8:b2:a1 ff:ff:ff:ff:ff:ff 50: LLC, dsap SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, arp who-has 192.168.99.101 tell 192.168.99.100 hardware #6
0x0000: 1040 ffff ffff ffff 0000 f6c8 b2a1 aaaa .@..............
0x0010: 0300 0000 0806 0006 0800 0604 0001 0000 ................
0x0020: f6c8 b2a1 c0a8 6364 0000 0000 0000 c0a8 ......cd........
0x0030: 6365 ce
16:45:41.133093 10 40 00:00:f6:c8:b2:a1 ff:ff:ff:ff:ff:ff 50: LLC, dsap SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, arp who-has 192.168.99.102 tell 192.168.99.100 hardware #6
0x0000: 1040 ffff ffff ffff 0000 f6c8 b2a1 aaaa .@..............
0x0010: 0300 0000 0806 0006 0800 0604 0001 0000 ................
0x0020: f6c8 b2a1 c0a8 6364 0000 0000 0000 c0a8 ......cd........
0x0030: 6366 cf
16:45:46.131337 10 40 00:a0:24:f9:d5:06 00:00:f6:c8:b2:a1 50: LLC, dsap SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, arp who-has 192.168.99.100 tell 192.168.99.102 hardware #6
0x0000: 1040 0000 f6c8 b2a1 00a0 24f9 d506 aaaa .@........$.....
0x0010: 0300 0000 0806 0006 0800 0604 0001 00a0 ................
0x0020: 24f9 d506 c0a8 6366 0000 0000 0000 c0a8 $.....cf........
0x0030: 6364 cd
16:45:46.132019 10 40 00:00:f6:c8:b2:a1 00:a0:24:f9:d5:06 50: LLC, dsap SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, arp reply 192.168.99.100 is-at 00:00:f6:c8:b2:a1 hardware #6
0x0000: 1040 00a0 24f9 d506 0000 f6c8 b2a1 aaaa .@..$...........
0x0010: 0300 0000 0806 0006 0800 0604 0002 0000 ................
0x0020: f6c8 b2a1 c0a8 6364 00a0 24f9 d506 c0a8 ......cd..$.....
0x0030: 6366 cf
arp-scan fails:
# arp-scan --interface=tr0 192.168.99.0/24 Interface: tr0, datalink type: IEEE802 (Token ring) WARNING: Unsupported datalink type Starting arp-scan 1.5.6 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) ERROR: failed to send packet: No buffer space available
ARP on Token Ring uses SNAP encoding:
| Header | Field | Size |
|---|---|---|
| 802.5 | AC | 1 octet |
| 802.5 | FC | 1 octet |
| 802.5 | destination address | 6 octets |
| 802.5 | source address | 6 octets |
| 802.5 | routing information | 0-18 octets |
| 802.2 | 0xaa | 1 octet |
| 802.2 | 0xaa | 1 octet |
| 802.2 | UI | 1 octet |
| SNAP | protocol ID | 1 octet |
| SNAP | type | 1 octet |
| N/A | data | Varies |
RFC 1042 details IP over SNAP.
