[Winpcap-users] pcap_sendpacket to local adaptor (Sending to thelocal machine)
Mark Pizzolato - WinPCap-Users
winpcap-users-20040408 at subscriptions.pizzolato.net
Wed May 19 10:26:29 PDT 2010
On Wednesday, May 19, 2010 at 9:52 AM Kyle Brotheridge wrote:
> Subject: [Winpcap-users] pcap_sendpacket to local adaptor (Sending to
> thelocal machine)
>
> Part of the little project I'm writing involves ARP replying on behalf
> of a host that doesn't exist on the local network - but I cannot get
it
> to work!
>
> To elaborate a bit more; an example:
>
> My program, using WinPCAP is running on host A, bound to interface X
> (With the MAC address AA:AA:AA:AA:AA:AA), my program (pcap) captures
an
> ARP request (generated by the OS) from the local PC
> (AA:AA:AA:AA:AA:AA), looking for Host "B" at 10.10.10.3
>
> My program processes this, and assembles an ARP reply from
"10.10.10.3"
> with the MAC address of BB:BB:BB:BB:BB:BB (The virtual host B) and
> sends it via pcap_sendpacket to the MAC address of AA:AA:AA:AA:AA:AA
> (The local PC).
>
> Windows doesn't register the reply (there's no arp entry in arp -a for
> 10.10.10.3).
Well, what you are seeing is exactly what is expected based on what you
are doing.
In general, a host never sends packets on a LAN to itself. NICs are not
designed to do that. Pcap_sendpacket() merely asks the NIC to do what
it normally does and send the packet out.
In the past (using XP) I was able to get the behavior you desire to work
ONLY IF I configured my LAN interface as part of a Bridge. When you
enable bridging on a LAN interface windows moves the IP stack (and the
other protocols) from the NIC interface to the newly create Bridge
pseudo-interface. I got your behavior to work by opening the Bridge
pseudo interface with pcap_openlive(), and then used pcap_sendpacket().
When I did this, I bridged the LAN interface with another interface,
which I happened to have on the machine in question, and then I was
actually able to remove the other interface from the bridge and have
things continue to work. In cases where there wasn't another LAN device
already installed on the system I was able to install the OpenVPN
TAP-Win32 driver to get a virtual LAN device which was bridgeable.
I recently revisited this subject with Windows 7 as the OS and sadly the
above mentioned technique does not seem to work anymore.
> I've considered that if I was to send to the local PC, then the CRC +
> Padding done by the NIC might not happen and the kernel mode driver
> would drop the frame... But I'm still not sure.
I don't think that is a factor since the NIC is responsible for both
generating and validating packet CRCs. But once again, outgoing packets
really don't have a path to the incoming side of the device.
Let us know if you come up with a working model.
- Mark Pizzolato
More information about the Winpcap-users
mailing list