RN/Blatt02/Blatt02.md
2024-12-01 13:05:12 +01:00

505 lines
32 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

![image-20241110210209022](./assets/image-20241110210209022.png)
```
root@pc1:~# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:35:04.553056 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo request, id 38058, seq 1, length 64
19:35:04.555038 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo reply, id 38058, seq 1, length 64
19:35:05.554500 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo request, id 38058, seq 2, length 64
19:35:05.555265 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo reply, id 38058, seq 2, length 64
19:35:06.555772 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo request, id 38058, seq 3, length 64
19:35:06.556673 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo reply, id 38058, seq 3, length 64
19:35:07.557110 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo request, id 38058, seq 4, length 64
19:35:07.557961 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo reply, id 38058, seq 4, length 64
19:35:08.558528 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo request, id 38058, seq 5, length 64
19:35:08.559256 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo reply, id 38058, seq 5, length 64
19:35:08.722292 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo request, id 10952, seq 1, length 64
19:35:08.722331 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo reply, id 10952, seq 1, length 64
19:35:09.631016 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, neighbor solicitation, who has fe80::216:3eff:fe00:2, length 32
19:35:09.631064 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, neighbor advertisement, tgt is fe80::216:3eff:fe00:2, length 24
19:35:09.723566 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo request, id 10952, seq 2, length 64
19:35:09.723596 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo reply, id 10952, seq 2, length 64
19:35:10.724802 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo request, id 10952, seq 3, length 64
19:35:10.724838 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo reply, id 10952, seq 3, length 64
19:35:11.726031 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo request, id 10952, seq 4, length 64
19:35:11.726064 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo reply, id 10952, seq 4, length 64
19:35:12.727250 IP6 fe80::216:3eff:fe00:4 > fe80::216:3eff:fe00:2: ICMP6, echo request, id 10952, seq 5, length 64
19:35:12.727282 IP6 fe80::216:3eff:fe00:2 > fe80::216:3eff:fe00:4: ICMP6, echo reply, id 10952, seq 5, length 64
```
```
root@pc1:~# python3 208.py
Ether / fe80::216:3eff:fe00:2 > ff02::16 (0) / IPv6ExtHdrHopByHop / ICMPv6MLReport2
Ether / fe80::216:3eff:fe00:2 > ff02::16 (0) / IPv6ExtHdrHopByHop / ICMPv6MLReport2
Ether / fe80::216:3eff:fe00:4 > ff02::16 (0) / IPv6ExtHdrHopByHop / ICMPv6MLReport2
Ether / fe80::216:3eff:fe00:4 > ff02::16 (0) / IPv6ExtHdrHopByHop / ICMPv6MLReport2
Ether / IPv6 / ICMPv6 Echo Request (id: 0x3d3d seq: 0x1)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x3d3d seq: 0x1)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x3d3d seq: 0x2)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x3d3d seq: 0x2)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x3d3d seq: 0x3)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x3d3d seq: 0x3)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x3d3d seq: 0x4)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x3d3d seq: 0x4)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x3d3d seq: 0x5)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x3d3d seq: 0x5)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x6b18 seq: 0x1)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x6b18 seq: 0x1)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x6b18 seq: 0x2)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x6b18 seq: 0x2)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x6b18 seq: 0x3)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x6b18 seq: 0x3)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x6b18 seq: 0x4) Ether / IPv6 / ICMPv6 Echo Reply (id: 0x6b18 seq: 0x4)
Ether / IPv6 / ICMPv6 Echo Request (id: 0x6b18 seq: 0x5)
Ether / IPv6 / ICMPv6 Echo Reply (id: 0x6b18 seq: 0x5)
```
![image-20241114215255732](https://lsky.mhrooz.xyz/2024/11/14/876adec1dda00.png)
![image-20241114221022240](./assets/image-20241114221022240.png)
![image-20241120144256948](./assets/image-20241120144256948.png)
```
buf :255 255 255 255 255 255 174 171 50 9 142 180 8 6 0 1 8 0 6 4 0 1 174 171 50 9 142 180 10 5 1 1 0 0 0 0 0 0 10 5 1 2 0 0 0 0 0 0 0 0 0 0 0 22 58 0 5 2 0 0 1 0 143 0 117 226 0 0 0 1 4 0 0 0 255 2 0 0 0 0 0 0 0 0 0 1 255 9 142 180 0 0 0 0 0 0 0 0 0 0 0 0 0 0 156 111 139 231 79 127 0 0 95 154 127 103 0 0 0 0 1 0 0 0 0 0 0 0 228 77 109 231 79 127 0 0 240 212 138 231 79 127 0 0 9 0 0 0 0 0 0 0 164 115 139 231 79 127 0 0 196 0 0 0 0 0 0 0 16 78 110 231 79 127 0 0 0 112 138 231 79 127 0 0 216 182 6 248 254 127 0 0 212 182 6 248 254 127 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 16 78 110 231 79 127 0 0 224 111 109 231 79 127 0 0 49 217 138 231 79 127 0 0 95 154 127 103 0 0 0 0 105 254 157 1 0 0 0 0 212 182 6 248 254 127 0 0 32 117 138 231 79 127 0 0 160 183 6 248 254 127 0 0 240 212 138 231 79 127 0 0 144 183 6 248 254 127 0 0 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 95 154 127 103 0 0 0 0 232 148 141 231 79 127 0 0 49 217 138 231 79 127 0 0 184 184 6 248 254 127 0 0 144 183 6 248 254 127 0 0 160 183 6 248 254 127 0 0 225 124 139 231 79 127 0 0 1 0 0 0 0 0 0 0 168 121 138 231 79 127 0 0 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 232 137 141 231 79 127 0 0 48 151 141 231 79 127 0 0 168 121 138 231 79 127 0 0 232 137 141 231 79 127 0 0 0 0 0 0 1 0 0 0 232 148 141 231 79 127 0 0 0 0 0 0 0 0 0 0 216 210 10 248 254 127 0 0 184 209 10 248 254 127 0 0 255 255 255 255 0 0 0 0 83 143 48 104 0 0 0 0 64 130 109 231 79 127 0 0 0 112 138 231 79 127 0 0 88 151 141 231 79 127 0 0 176 184 6 248 254 127 0 0 192 185 6 248 254 127 0 0 3 0 0 0 0 0 0 0 208 184 6 248 254 127 0 0 100 223 139 231 79 127 0 0 217 118 141 231 79 127 0 0 80 223 138 231 79 127 0 0 48 185 6 248 254 127 0 0 7 0 0 0 0 0 0 0 7 0 0 0 8 0 0 0 240 212 138 231 79 127 0 0 232 137 141 231 79 127 0 0 77 146 139 231 79 127 0 0 0 0 0 0 0 0 0 0 216 160 139 231 79 127 0 0 128 184 6 248 254 127 0 0 200 197 110 231 79 127 0 0 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 185 6 248 254 127 0 0 0 0 0 0 0 0 0 0 0 185 6 248 254 127 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 96 215 138 231 79 127 0 0 232 148 141 231 79 127 0 0 132 217 138 231 79 127 0 0 48 212 138 231 79 127 0 0 72 128 141 231 79 127 0 0 0 208 138 231 79 127 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 64 130 109 231 79 127 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 186 183 144 108 127 166 0 0 3 232 138 108 127 166 0 0 128 145 141 231 79 127 0 0 128 145 141 231 79 127 0 0 232 70 140 231 79 127 0 0 208 187 6 248 254 127 0 0 31 27 139 231 79 127 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 64 133 138 231 79 127 0 0 128 144 141 231 79 127 0 0 0 0 0 0 0 0 0 0 1 189 6 248 254 127 0 0 1 151 141 231 79 127 0 0 232 137 141 231 79 127 0 0 184 185 6 248 254 127 0 0 3 232 138 108 127 166 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 24 210 10 248 254 127 0 0 0 0 0 0 32 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 246 117 174 3 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 230 207 6 248 254 127 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 194 0 0 0 0 0 0 0 215 187 6 248 254 127 0 0 149 84 245 242 222 85 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Read 42 bytes from device tap0
```
```
buf :FF FF FF FF FF FF AE AB 32 09 8E B4 08 06 00 01 08 00 06 04 00 01 AE AB 32 09 8E B4 0A 05 01 01 00 00 00 00 00 00 0A 05 01 02 00 00 00 00 00 00 00 00 00 00 00 16 3A 00 05 02 00 00 01 00 8F 00 75 E2 00 00 00 01 04 00 00 00 FF 02 00 00 00 00 00 00 00 00 00 01 FF 09 8E B4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9C CF 46 E5 67 7F 00 00 5F 9A 7F 67 00 00 00 00 01 00 00 00 00 00 00 00 E4 AD 28 E5 67 7F 00 00 F0 34 46 E5 67 7F 00 00 09 00 00 00 00 00 00 00 A4 D3 46 E5 67 7F 00 00 C4 00 00 00 00 00 00 00 10 AE 29 E5 67 7F 00 00 00 D0 45 E5 67 7F 00 00 88 E3 64 9A FE 7F 00 00 84 E3 64 9A FE 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 AE 29 E5 67 7F 00 00 E0 CF 28 E5 67 7F 00 00 31 39 46 E5 67 7F 00 00 5F 9A 7F 67 00 00 00 00 69 FE 9D 01 00 00 00 00 84 E3 64 9A FE 7F 00 00 20 D5 45 E5 67 7F 00 00 50 E4 64 9A FE 7F 00 00 F0 34 46 E5 67 7F 00 00 40 E4 64 9A FE 7F 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5F 9A 7F 67 00 00 00 00 E8 F4 48 E5 67 7F 00 00 31 39 46 E5 67 7F 00 00 68 E5 64 9A FE 7F 00 00 40 E4 64 9A FE 7F 00 00 50 E4 64 9A FE 7F 00 00 E1 DC 46 E5 67 7F 00 00 01 00 00 00 00 00 00 00 A8 D9 45 E5 67 7F 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 E8 E9 48 E5 67 7F 00 00 30 F7 48 E5 67 7F 00 00 A8 D9 45 E5 67 7F 00 00 E8 E9 48 E5 67 7F 00 00 00 00 00 00 01 00 00 00 E8 F4 48 E5 67 7F 00 00 00 00 00 00 00 00 00 00 D8 52 6F 9A FE 7F 00 00 B8 51 6F 9A FE 7F 00 00 FF FF FF FF 00 00 00 00 53 8F 30 68 00 00 00 00 40 E2 28 E5 67 7F 00 00 00 D0 45 E5 67 7F 00 00 58 F7 48 E5 67 7F 00 00 60 E5 64 9A FE 7F 00 00 70 E6 64 9A FE 7F 00 00 03 00 00 00 00 00 00 00 80 E5 64 9A FE 7F 00 00 64 3F 47 E5 67 7F 00 00 D9 D6 48 E5 67 7F 00 00 50 3F 46 E5 67 7F 00 00 E0 E5 64 9A FE 7F 00 00 07 00 00 00 00 00 00 00 07 00 00 00 08 00 00 00 F0 34 46 E5 67 7F 00 00 E8 E9 48 E5 67 7F 00 00 4D F2 46 E5 67 7F 00 00 00 00 00 00 00 00 00 00 D8 00 47 E5 67 7F 00 00 30 E5 64 9A FE 7F 00 00 C8 25 2A E5 67 7F 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B0 E5 64 9A FE 7F 00 00 00 00 00 00 00 00 00 00 B0 E5 64 9A FE 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 37 46 E5 67 7F 00 00 E8 F4 48 E5 67 7F 00 00 84 39 46 E5 67 7F 00 00 30 34 46 E5 67 7F 00 00 48 E0 48 E5 67 7F 00 00 00 30 46 E5 67 7F 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 40 E2 28 E5 67 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 33 C8 BC BE A7 00 00 3F 90 B0 BC BE A7 00 00 80 F1 48 E5 67 7F 00 00 80 F1 48 E5 67 7F 00 00 E8 A6 47 E5 67 7F 00 00 80 E8 64 9A FE 7F 00 00 1F 7B 46 E5 67 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 E5 45 E5 67 7F 00 00 80 F0 48 E5 67 7F 00 00 00 00 00 00 00 00 00 00 01 EA 64 9A FE 7F 00 00 01 F7 48 E5 67 7F 00 00 E8 E9 48 E5 67 7F 00 00 68 E6 64 9A FE 7F 00 00 3F 90 B0 BC BE A7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 52 6F 9A FE 7F 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 F6 75 AE 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E6 EF 64 9A FE 7F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 87 E8 64 9A FE 7F 00 00 F5 64 7B 22 E1 55 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Read 42 bytes from device tap0
```
```
buf :FF FF FF FF FF FF AE AB 32 09 8E B4 08 06 00 01 08 00 06 04 00 01 AE AB 32 09 8E B4 0A 05 01 01 00 00 00 00 00 00 0A 05 01 02
Read 42 bytes from device tap0
```
```
buf :FF FF FF FF FF FF AE AB 32 09 8E B4 08 06 00 01 08 00 06 04 00 01 AE AB 32 09 8E B4 0A 05 01 01 00 00 00 00 00 00 0A 05 01 03
Read 42 bytes from device tap0
```
00:16:3e:00:00:04
52:5e:a1:8f:e3:6a
根据提供的 `buf` 内容,可以解析出这是一个 **ARP 请求包**。以下是详细的解析步骤。
---
### **1. ARP 数据包结构**
ARP 请求包的基本结构如下:
| 字段名称 | 长度(字节) | 说明 |
| --------------------- | ------------ | ---------------------------------------------- |
| 目标 MAC 地址 | 6 | 广播地址(`FF:FF:FF:FF:FF:FF` |
| 源 MAC 地址 | 6 | 发送方的 MAC 地址 |
| 上层协议类型 | 2 | 表示这是一个 ARP 包(值为 `0x0806` |
| 硬件类型 | 2 | 通常为以太网(值为 `0x0001` |
| 协议类型 | 2 | 表示 IP 协议(值为 `0x0800` |
| 硬件地址长度 | 1 | MAC 地址的长度,通常为 6 |
| 协议地址长度 | 1 | IP 地址的长度,通常为 4 |
| 操作码 | 2 | `0x0001` 表示 ARP 请求,`0x0002` 表示 ARP 响应 |
| 发送方硬件地址SHA | HLEN6 | 发送方的 MAC 地址 |
| 发送方协议地址SPA | PLEN4 | 发送方的 IP 地址 |
| 目标硬件地址THA | HLEN6 | 目标的 MAC 地址ARP 请求中为全 0 |
| 目标协议地址TPA | PLEN4 | 目标的 IP 地址 |
---
### **2. 提供的 `buf` 内容**
原始数据:
```
FF FF FF FF FF FF AE AB 32 09 8E B4 08 06 00 01 08 00 06 04 00 01 AE AB 32 09 8E B4 0A 05 01 01 00 00 00 00 00 00 0A 05 01 02
```
**分解字段:**
| 偏移 | 字节范围 | 内容 | 解析说明 |
| ---- | ------------------- | ------------------------------------------ | -------------------------------------------- |
| 0 | `FF FF FF FF FF FF` | 目标 MAC 地址:广播地址 | 目标为全网广播 |
| 6 | `AE AB 32 09 8E B4` | 源 MAC 地址:`AE:AB:32:09:8E:B4` | PC2 的 `tap0` MAC 地址 |
| 12 | `08 06` | 上层协议类型ARP 包 (`0x0806`) | 表示这是一个 ARP 包 |
| 14 | `00 01` | 硬件类型:以太网 (`0x0001`) | 表示硬件类型为以太网 |
| 16 | `08 00` | 协议类型IPv4 (`0x0800`) | 表示要解析的协议为 IPv4 |
| 18 | `06` | 硬件地址长度HLEN6 | MAC 地址长度为 6 字节 |
| 19 | `04` | 协议地址长度PLEN4 | IP 地址长度为 4 字节 |
| 20 | `00 01` | 操作码OPER请求 (`0x0001`) | 表示这是一个 ARP 请求包 |
| 22 | `AE AB 32 09 8E B4` | 发送方硬件地址SHA`AE:AB:32:09:8E:B4` | 发送方 MAC 地址,来自 PC2 的 `tap0` 接口 |
| 28 | `0A 05 01 01` | 发送方协议地址SPA`10.5.1.1` | 发送方 IP 地址 |
| 32 | `00 00 00 00 00 00` | 目标硬件地址THA`00:00:00:00:00:00` | 目标 MAC 地址为空,全零(未解析) |
| 38 | `0A 05 01 02` | 目标协议地址TPA`10.5.1.2` | 目标 IP 地址PC1 的 `tap0` 接口的 IP 地址) |
---
### **3. 分析说明**
- **目标 MAC 地址(广播)**
目标 MAC 地址是 `FF:FF:FF:FF:FF:FF`,表示这是一个广播包,发往子网内的所有设备。
- **源 MAC 地址**
源 MAC 地址是 `AE:AB:32:09:8E:B4`,这对应 PC2 的 `tap0` 接口。
- **操作类型(请求)**
操作码是 `0x0001`,表明这是一个 ARP 请求包。
- **发送方 IP 地址和 MAC 地址**
发送方 IP 地址是 `10.5.1.1`MAC 地址是 `AE:AB:32:09:8E:B4`
- **目标 IP 地址**
目标 IP 地址是 `10.5.1.2`,这对应 PC1 的 `tap0` 接口的 IP 地址。
- **目标 MAC 地址为空**
因为这是一个 ARP 请求,目标的 MAC 地址尚未解析,所以此字段为全零。
---
### **4. 整体解析结果**
PC1 的 `tap0` 接口收到的 `buf` 是一个 **ARP 请求包**,由 PC2 的 `tap0` 接口发送,目的是解析目标 IP 地址 `10.5.1.2` 对应的 MAC 地址。
**PC1 的响应:**
- PC1 的 `tap0` 应该生成一个 ARP 响应包,包含以下信息:
- 目标 MAC 地址:`AE:AB:32:09:8E:B4`PC2 的 MAC 地址)。
- 目标 IP 地址:`10.5.1.1`PC2 的 IP 地址)。
- 源 MAC 地址PC1 的 `tap0` 的 MAC 地址。
- 源 IP 地址:`10.5.1.2`PC1 的 IP 地址)。
---
### **抓包工具验证**
你可以使用 `tcpdump``Wireshark` 来验证 ARP 包的内容:
```bash
sudo tcpdump -i tap0 -vv arp
```
或者在 Wireshark 中直接查看 ARP 请求的详细信息,与上述解析进行对比。
![image-20241120184425244](https://lsky.mhrooz.xyz/2024/11/20/d151d433d8965.png)
```
buf :FF FF FF FF FF FF AE AB 32 09 8E B4 08 06 00 01 08 00 06 04 00 01 AE AB 32 09 8E B4 0A 05 01 01 00 00 00 00 00 00 0A 05 01 02 00 00 00 00 00 00 00 00 00 00 00 00
```
=======
![image-20241119151751751](https://lsky.mhrooz.xyz/2024/11/19/b3f815eeb9aec.png)
![image-20241119153648360](https://lsky.mhrooz.xyz/2024/11/19/cf14356ea79d8.png)
root@pc1:~# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:53:47.911087 IP6 2001:db8:5::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:5::1, length 32
10:53:47.911189 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, neighbor advertisement, tgt is 2001:db8:5::1, length 32
10:53:47.912325 IP6 2001:db8:5::2 > 2001:db8:5::1: ICMP6, echo request, id 56760, seq 1, length 64
10:53:47.912349 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, echo reply, id 56760, seq 1, length 64
10:53:48.904692 IP6 2001:db8:5::2 > 2001:db8:5::1: ICMP6, echo request, id 56760, seq 2, length 64
10:53:48.904719 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, echo reply, id 56760, seq 2, length 64
10:53:49.906078 IP6 2001:db8:5::2 > 2001:db8:5::1: ICMP6, echo request, id 56760, seq 3, length 64
10:53:49.906103 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, echo reply, id 56760, seq 3, length 64
10:53:50.907512 IP6 2001:db8:5::2 > 2001:db8:5::1: ICMP6, echo request, id 56760, seq 4, length 64
10:53:50.907538 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, echo reply, id 56760, seq 4, length 64
10:53:51.908904 IP6 2001:db8:5::2 > 2001:db8:5::1: ICMP6, echo request, id 56760, seq 5, length 64
10:53:51.908929 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, echo reply, id 56760, seq 5, length 64
10:53:52.926411 IP6 fe80::216:3eff:fe00:2 > 2001:db8:5::2: ICMP6, neighbor solicitation, who has 2001:db8:5::2, length 32
10:53:52.927121 IP6 2001:db8:5::2 > fe80::216:3eff:fe00:2: ICMP6, neighbor advertisement, tgt is 2001:db8:5::2, length 24
13:14:32.958532 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, neighbor advertisement, tgt is 2001:db8:5::2, length 32
0x0000: 0016 3e00 0004 0016 3e00 0602 86dd 6000 ..>.....>.....`.
0x0010: 0000 0020 3aff 2001 0db8 0005 0000 0000 ....:...........
0x0020: 0000 0000 0001 2001 0db8 0005 0000 0000 ................
0x0030: 0000 0000 0002 8800 484c 6000 0000 2001 ........HL`.....
0x0040: 0db8 0005 0000 0000 0000 0000 0002 0201 ................
0x0050: 0016 3e00 0602 ..>...
```
13:14:32.958532 IP6 2001:db8:5::1 > 2001:db8:5::2: ICMP6, neighbor advertisement, tgt is 2001:db8:5::2, length 32
0x0000: 0016 3e00 0004 0016 3e00 0602 86dd 6000 ..>.....>.....`.
0x0010: 0000 0020 3aff 2001 0db8 0005 0000 0000 ....:...........
0x0020: 0000 0000 0001 2001 0db8 0005 0000 0000 ................
0x0030: 0000 0000 0002 8800 484c 6000 0000 2001 ........HL`.....
0x0040: 0db8 0005 0000 0000 0000 0000 0002 0201 ................
0x0050: 0016 3e00 0602 ..>...
```
00:16:3e:00:00:02
这个包是一个 **ICMPv6 邻居通告Neighbor Advertisement, NA** 消息,表明发送方(`2001:db8:5::1`)告知接收方(`2001:db8:5::2`),其目标地址(`tgt`的链路层MAC信息。
以下是对这个包的逐字段详细分析:
------
### **1. 数据包的结构**
ICMPv6 邻居通告消息由以下几部分组成:
| **字段** | **长度** | **解释** |
| ------------------- | -------- | ------------------------------------------------------ |
| **以太网帧头** | 14 字节 | 包括源 MAC 地址、目标 MAC 地址和以太网类型。 |
| **IPv6 头** | 40 字节 | IPv6 源地址、目的地址,及与数据包相关的信息。 |
| **ICMPv6 头** | 4 字节 | 包括类型Type、代码Code、校验和Checksum。 |
| **ICMPv6 数据部分** | 可变长度 | 邻居通告消息的具体内容,包括目标地址和链路层地址选项。 |
------
### **2. 分析具体字段**
#### **以太网帧头**
```
0x0000: 0016 3e00 0004 0016 3e00 0602 86dd
```
| 偏移量 | 字段 | 值 | 解释 |
| -------- | ------------- | ------------------- | --------------------------------------- |
| `0x0000` | 目标 MAC 地址 | `00:16:3e:00:00:04` | 目标设备的链路层地址(目的 MAC 地址)。 |
| `0x0006` | 源 MAC 地址 | `00:16:3e:00:06:02` | 源设备的链路层地址(发送方 MAC 地址)。 |
| `0x000c` | 以太网类型 | `0x86dd` | 表示接下来的数据是 IPv6 数据包。 |
------
#### **IPv6 头部**
```
0x0010: 6000 0000 0020 3aff 2001 0db8 0005 0000
0x0020: 0000 0000 0001 2001 0db8 0005 0000 0000
0x0030: 0000 0000 0002
```
| 偏移量 | 字段 | 值 | 解释 |
| -------- | ---------------- | --------------- | -------------------------------------------- |
| `0x0010` | 版本/流量类/流标 | `6000 0000` | IPv6 版本号6流量类别0流标0。 |
| `0x0014` | 载荷长度 | `0020` | 载荷长度 32 字节。 |
| `0x0016` | 下一头部类型 | `3a` | 表示下一头部为 ICMPv658。 |
| `0x0017` | 跳数限制 | `ff` | 初始跳数设置为 255避免跨链路转发。 |
| `0x0018` | 源地址 | `2001:db8:5::1` | 发送方 IPv6 地址。 |
| `0x0028` | 目的地址 | `2001:db8:5::2` | 接收方 IPv6 地址。 |
------
#### **ICMPv6 头部**
```
0x0030: 8800 484c
```
| 偏移量 | 字段 | 值 | 解释 |
| -------- | ------------ | ------ | ------------------------------------------------ |
| `0x0030` | 类型Type | `88` | 表示这是一个邻居通告Neighbor Advertisement。 |
| `0x0031` | 代码Code | `00` | 固定为 0邻居通告无子代码。 |
| `0x0032` | 校验和 | `484c` | 校验和,确保 ICMPv6 数据的完整性。 |
------
#### **ICMPv6 数据部分**
```
0x0034: 6000 0000 2001 0db8 0005 0000 0000 0000 0002
0x0050: 0201 0016 3e00 0602
```
##### **(a) 邻居通告标志和目标地址**
```
0x0034: 6000 0000 2001 0db8 0005 0000 0000 0000 0002
```
| 偏移量 | 字段 | 值 | 解释 |
| -------- | -------- | --------------- | ---------------------------------- |
| `0x0034` | 目标地址 | `2001:db8:5::2` | 目标设备的 IPv6 地址,告知请求方。 |
##### **(b) 链路层地址选项**
```
0x0050: 0201 0016 3e00 0602
```
| 偏移量 | 字段 | 值 | 解释 |
| -------- | -------- | ------------------- | ---------------------------------------------------- |
| `0x0050` | 选项类型 | `02` | 链路层地址选项Target Link-Layer Address Option。 |
| `0x0051` | 选项长度 | `01` | 长度为 1单位8 字节)。 |
| `0x0052` | MAC 地址 | `00:16:3e:00:06:02` | 目标设备的链路层地址MAC 地址)。 |
------
### **3. 总结这个包的含义**
1. **包类型**
- 这是一个 **ICMPv6 邻居通告NA** 数据包。
2. **发送方信息**
- IPv6 地址:`2001:db8:5::1`。
- MAC 地址:`00:16:3e:00:06:02`。
3. **接收方信息**
- 目标 IPv6 地址:`2001:db8:5::2`。
- 目标链路层地址MAC`00:16:3e:00:04`。
4. **作用**
- 通知目标设备(`2001:db8:5::2`IPv6 地址 `2001:db8:5::1` 解析为 MAC 地址 `00:16:3e:00:06:02`
5. **网络流程**
- 这是对之前邻居请求NS消息的回复目标设备将更新其邻居表以便后续通信。
------
### **补充**
- **邻居通告的用途**
- 用于响应邻居请求。
- 通知链路上的其他设备该地址的链路层信息。
- **校验关键点**
- 确认 IPv6 头部和 ICMPv6 数据是否正确匹配。
- 确保链路层地址和目标地址一致。
如果你需要进一步分析或有其他问题,请随时补充!
=======
是的,你可以在这个 `tuntap.c` 文件的基础上完成第二问和第三问。以下是如何扩展这个文件来实现处理 ARP 请求和生成 ARP 响应的建议步骤:
---
### **扩展步骤**
#### **1. 增加 ARP 数据包解析和生成的逻辑**
- 定义 ARP 数据包的结构。
- 添加解析函数,用于从 `buf` 中提取 ARP 请求包的信息。
- 添加响应生成函数,用于根据解析结果生成 ARP 响应包。
#### **2. 在现有的读取逻辑中嵌入 ARP 处理**
- 当前的代码已经实现了从 `TUN/TAP` 设备读取数据的功能(`read`)。
- 在读取的数据中,检查是否为 ARP 请求包(根据协议类型和操作码)。
- 如果是 ARP 请求,则生成响应数据,并通过设备写回。
#### **3. 实现发送 ARP 响应的逻辑**
- 使用 `write` 系统调用,将生成的 ARP 响应包通过 `tap` 接口发送回去。
---
### **代码实现(示例)**
以下是如何在现有代码基础上扩展实现 ARP 请求解析和响应的代码示例。
#### **(1) 定义 ARP 数据包结构和处理函数**
在文件顶部增加 ARP 相关的定义和函数:
```c
#include <stdint.h>
#include <string.h>
// 定义 ARP 包结构
typedef struct arp_packet {
uint16_t hardware_type;
uint16_t protocol_type;
uint8_t hardware_len;
uint8_t protocol_len;
uint16_t opcode;
uint8_t sender_mac[6];
uint8_t sender_ip[4];
uint8_t target_mac[6];
uint8_t target_ip[4];
} arp_packet_t;
// 解析 ARP 请求
int parse_arp_request(const uint8_t *buf, arp_packet_t *arp_req) {
memcpy(arp_req, buf + 14, sizeof(arp_packet_t)); // 跳过以太网头部
return ntohs(arp_req->opcode) == 1; // 返回是否为 ARP 请求
}
// 生成 ARP 响应
void create_arp_response(const arp_packet_t *arp_req, uint8_t *buf) {
memset(buf, 0, 42); // 清空响应缓冲区
// 填充以太网头部
memcpy(buf, arp_req->sender_mac, 6); // 目标 MAC 地址(原请求的发送方)
uint8_t mac[6] = {0xDE, 0xAD, 0xBE, 0xEF, 0x00, 0x01}; // 响应方 MAC
memcpy(buf + 6, mac, 6); // 源 MAC 地址
buf[12] = 0x08; buf[13] = 0x06; // ARP 协议类型 (0x0806)
// 填充 ARP 数据包部分
arp_packet_t *arp_resp = (arp_packet_t *)(buf + 14);
arp_resp->hardware_type = htons(1); // 硬件类型 (Ethernet)
arp_resp->protocol_type = htons(0x0800); // 协议类型 (IPv4)
arp_resp->hardware_len = 6;
arp_resp->protocol_len = 4;
arp_resp->opcode = htons(2); // ARP 响应
memcpy(arp_resp->sender_mac, mac, 6); // 响应方 MAC
memcpy(arp_resp->sender_ip, arp_req->target_ip, 4); // 响应方 IP
memcpy(arp_resp->target_mac, arp_req->sender_mac, 6); // 请求方 MAC
memcpy(arp_resp->target_ip, arp_req->sender_ip, 4); // 请求方 IP
}
```
---
#### **(2) 修改 `main` 函数,添加 ARP 处理逻辑**
`main` 函数的 `while` 循环中扩展读取和处理逻辑:
```c
uint8_t buf[BUF_LEN];
uint8_t response_buf[BUF_LEN]; // 用于存储响应数据
arp_packet_t arp_req;
while (running) {
int nread;
if ((nread = read(tun_fd, buf, BUF_LEN)) < 0) {
perror("ERR: Read from tun_fd");
break;
}
printf("Read %d bytes from device %s\n", nread, dev);
// 检查是否为 ARP 包
if (nread >= 42 && buf[12] == 0x08 && buf[13] == 0x06) {
printf("ARP packet detected\n");
// 解析 ARP 请求
if (parse_arp_request(buf, &arp_req)) {
printf("Processing ARP request from %d.%d.%d.%d\n",
arp_req.sender_ip[0], arp_req.sender_ip[1],
arp_req.sender_ip[2], arp_req.sender_ip[3]);
// 生成 ARP 响应
create_arp_response(&arp_req, response_buf);
// 发送 ARP 响应
if (write(tun_fd, response_buf, 42) < 0) {
perror("ERR: Write to tun_fd");
} else {
printf("Sent ARP response\n");
}
}
}
}
```
---
### **功能验证**
1. **启动 `tuntap.c` 程序**
```bash
sudo ./tuntap mytap0
```
2. **使用 `arping` 测试**
在另一台主机上运行以下命令:
```bash
arping -I mytap0 <tap0 对应的 IP 地址>
```
程序应打印检测到 ARP 请求,并生成和发送 ARP 响应。
---
### **总结**
- 第二问通过定义 `arp_packet_t` 数据结构和解析/生成函数,设计了一个合适的接口。
- 第三问通过扩展 `tuntap.c` 文件,增加了 ARP 请求处理和响应功能。
- 使用 `arping` 工具可以测试实现的正确性。