doc updates and arping-scan-net.sh

4 files changed, 122 insertions, 6 deletions

diff --git a/README b/README
index c0587f9..40701cf 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-$Id: README 533 2002-01-20 23:14:08Z marvin $
+$Id: README 546 2002-02-12 18:17:47Z marvin $
 
  ARP Ping
 
@@ -42,7 +42,7 @@ it belongs.
  
 How it does it
 --------------
-Bah, just read the source. Or the help text.
+See 'Technical' at the bottom of this file.
 
 FAQ
 ---
@@ -184,5 +184,72 @@ License
 -------
 It's GPL, see the LICENSE file.
 
+Technical
+---------
+Yes, I've finally bothered to write how it works.
+tcpdumps were taken with "tcpdump -vven 'arp or icmp'".
+
+The source box is 192.168.0.2/0:10:5a:3e:c5:b4 and the target box is
+192.168.0.1/0:60:93:34:91:99.
+
+For pinging IP addresses:
+ When a host wants to send an IP packet to another host, it sends out an ARP
+ packet asking what MAC the destination IP addr has, a so-called 'who-has'
+ packet. This is then answered by another ARP packet, the 'is-at' packet.
+ 
+ 18:16:07.179699 0:10:5a:3e:c5:b4 ff:ff:ff:ff:ff:ff 0806 42:
+                 arp who-has 192.168.0.1 tell 192.168.0.2
+ 
+ This is the packet generated by arping.
+ An ethernet frame from my 3com card to the broadcast address carrying an arp
+ packet asking what MAC 192.168.0.1 has (who-has).
+ 
+ 18:16:07.180221 0:60:93:34:91:99 0:10:5a:3e:c5:b4 0806 60:
+                 arp reply 192.168.0.1 is-at 0:60:93:34:91:99
+ 
+ The answer, that 192.168.0.1 has MAC 0:60:93:34:91:99 (is-at).
+ 
+For pinging MAC addresses:
+ A broadcast ping (255.255.255.255, or any address supplied with -T, see below)
+ is sent out on the ethernet, but in an ethernet frame addressed to the target
+ MAC only.
+ 
+ 18:20:09.627321 0:10:5a:3e:c5:b4 0:60:93:34:91:99 0800 42:
+                 192.168.0.2 > 255.255.255.255: icmp: echo request
+                 (ttl 48, id 17767, len 28)
+ 
+ This is the packet generated by arping.
+ Ethernet frame from my 3com nic to the destination MAC, carrying a broadcast
+ ping.
+ 
+ 18:20:09.628432 0:60:93:34:91:99 0:10:5a:3e:c5:b4 0800 60:
+                 192.168.0.1 > 192.168.0.2: icmp: echo reply
+                 (ttl 255, id 7593, len 28)
+ 
+ The answer, including the source address of the target host. Note that this
+ is not how every OS responds to a broadcast ping (if at all). Some answer with
+ a source address equal to the broadcast address, and others dont' answer at
+ all.
+ This is why pinging a raw MAC doesn't always work, and you may need to play
+ with -T to get it to answer correctly (or at all). You can always brute-force
+ if you can't even find a broadcast that the box will answer correctly to.
+ -------
+ for d in $(seq 0 255); do
+     sudo arping -q -c 1 -T $a.$b.$c.$d 0:60:93:34:91:99
+     if [ $? == 0 ]; then
+       echo "Got answer with address: 192.168.0.$d"
+     fi
+ done
+ --------
+ Note that this script will take 1 second per IP since that is how long arping
+ waits, so scanning a C-class net will take 256 seconds. If you have a bigger
+ net, then write a program that will run several arpings at the same time to
+ go through more in less time.
+ arping-scan-net.sh is a more capable script for scanning, but you need to
+ edit it since the address range it searches is hard-coded.
+ If you like this feature, mail me and I may put it into the main arping.
+ But no need wasting my time if no-one wants it.
+ (I'll probably add it anyway some day, but not soon)
+
 ----------------------------------------------------------------------------
 Send questions/suggestions/patches/rants/money/sparcs to thomas@habets.pp.se
diff --git a/arping-scan-net.sh b/arping-scan-net.sh
new file mode 100755
index 0000000..e22abe3
--- /dev/null
+++ b/arping-scan-net.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+# $Id: arping-scan-net.sh 546 2002-02-12 18:17:47Z marvin $
+#
+#  Copyright (C) 2002 Thomas Habets <thomas@habets.pp.se>
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public
+#  License as published by the Free Software Foundation; either
+#  version 2 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
+#
+
+trap "exit 0" INT
+
+TARGET_MAC="0:60:93:34:91:99"
+
+if [ "$1" != "" ]; then
+    TARGET_MAC="$1"
+fi
+
+#
+# first number after 'seq' is range start, second is range end
+#
+# default is [192-192].[168-168].[0-0].[0-255]
+#
+#
+# If you think this is useful, tell me and I'll incorperate it into arping
+#
+for a in $(seq 192 192); do
+    for b in $(seq 168 168); do
+	for c in $(seq 0 0); do
+	    for d in $(seq 0 255); do
+		arping -q -c 1 -T $a.$b.$c.$d $TARGET_MAC
+		if [ $? == 0 ]; then
+		    echo "Got answer with address: $a.$b.$c.$d"
+		fi
+	    done
+	done
+    done
+done
+exit 1
diff --git a/arping.8 b/arping.8
index 9d067bf..d11b1c5 100644
--- a/arping.8
+++ b/arping.8
@@ -1,10 +1,10 @@
-.TH "arping" "8" "21th Jan, 2002" "arping" "" 
+.TH "arping" "8" "12th Feb, 2002" "arping" "" 
 .PP 
 .SH "NAME" 
 arping \- sends arp and/or ip pings to a given host
 .PP 
 .SH "SYNOPSIS" 
-\fBarping\fP [-hqavrRd0bp] [-S \fIhost/ip\fP] [-S \fIhost/ip\fP] [-s \fIMAC\fP]    [-t \fIMAC\fP] [-c \fIcount\fP] [-i \fIinterface\fP] <\fIhost\fP | -B>
+\fBarping\fP [-hqavrRd0bp] [-S \fIhost/ip\fP] [-T \fIhost/ip\fP] [-s \fIMAC\fP]    [-t \fIMAC\fP] [-c \fIcount\fP] [-i \fIinterface\fP] <\fIhost\fP | -B>
 .PP 
 .SH "DESCRIPTION" 
 The \fIarping\fP utility sends \fBARP\fP and/or \fBICMP\fP requests to the specified \fIhost\fP and displays the replies\&. The \fIhost\fP may be specified by its \fBhostname\fP, its \fBIP\fP address, or its \fBMAC\fP address\&.
diff --git a/arping.c b/arping.c
index 14f4355..b9f874a 100644
--- a/arping.c
+++ b/arping.c
@@ -12,7 +12,7 @@
  *
  * Also finds out IP of specified MAC
  *
- * $Id: arping.c 533 2002-01-20 23:14:08Z marvin $
+ * $Id: arping.c 546 2002-02-12 18:17:47Z marvin $
  */
 /*
  *  Copyright (C) 2000-2002 Thomas Habets <thomas@habets.pp.se>
@@ -78,7 +78,7 @@
 #define DEBUG(a)
 #endif
 
-const float version = 1.03;
+const float version = 1.04;
 
 struct ether_addr *mymac;
 static u_char eth_xmas[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};