我们可以使用Pcap自己来构造这个数据包(具体过程参考Pcap的相关文档,这里我们使用SendARP()来实现),SendARP()是Microsoft Platform SDK中提供用来获得目标主机的MAC地址的函数,SendARPSendARP的函数原型如下:
DWORD SendARP(
IPAddr DestIP, // 目标IP地址
IPAddr SrcIP, // 源IP地址
PULONG pMacAddr, // 返回MAC地址指针
PULONG PhyAddrLen // 返回MAC地址长度
);
下面这个例子摘至MSND,稍做改动可以成为一个以太网内活动主机探测工具
//
// Link with ws2_32.lib and iphlpapi.lib
//
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <iphlpapi.h>
int __cdecl main()
{
HRESULT hr;
IPAddr ipAddr;
ULONG pulMac[2];
ULONG ulLen;
ipAddr = inet_addr ("192.168.0.1"
;
memset (pulMac, 0xff, sizeof (pulMac));
ulLen = 6;
hr = SendARP (ipAddr, 0, pulMac, &ulLen);
printf ("Return %08x, length %8d/n", hr, ulLen);
size_t i, j;
char * szMac = new char[ulLen*3];
PBYTE pbHexMac = (PBYTE) pulMac;
//
// Convert the binary MAC address into human-readable
//
for (i = 0, j = 0; i < ulLen - 1; ++i) {
j += sprintf (szMac + j, "%02X:", pbHexMac
);
}
sprintf (szMac + j, "%02X", pbHexMac);
printf ("MAC address %s/n", szMac);
delete [] szMac;
return 0;
}
