arp-sk

ARP-SK(1)             arp-sk - A swiss knife tool for ARP            ARP-SK(1)



NAME
       arp-sk - A swiss knife tool for ARP


SYNOPSIS
       arp-sk MODE OPTIONS

       where MODE is either one among BASIC or ADVANCED and OPTIONS lets you
       control each address of the ARP message (at link and logical layers -
       i.e. Ethernet and IP addresses), and lots of other sending parameters
       (interface, frequency, amount, and so on).

DESCIRPTION
       arp-sk is an ARP packet generator aimed to illustrate ARP protocol
       fails. It allows custom packets to be generated from link layer to ARP
       layer.

       It supports currently only Ethernet and IP protocols but is designed to
       also work with other addresses (in a far away future ;-)

BASIC MODES
       -w, --who-has
              Send an ARP Who-has.

       -r, --reply
              Send a ARP Reply.

ADVANCED MODES
       None are yet implemented but they should appear very soon. They should
       be considered as combinations and shortcuts of what you can do by
       sending several basic packets.

       -o, --spoof
              For those used to Dug Song's arpspoof in dsniff (NOT YET
              IMPLEMENTED)

       -p, --arping
              (bad) RARP emulation. (NOT YET IMPLEMENTED)

       -m, --arpmim
              Man in the Middle. (NOT YET IMPLEMENTED)

LINK LAYER OPTIONS
       These parameters let you control what will appear in the packet at link
       layer (Ethernet addresses of the ARP message). These addresses don't
       need to be the same as those specified in the ARP message itself. The
       RFC 826 (ARP's one) does not specify that there must be some
       consistency between ARP and Ethernet layer. That means you can provide
       uncorrelated addresses between these 2 layers.

       This is very useful if you want reach all hosts on the network (use
       broadcast address as destination) or a particular host (the gateway for
       instance), or you can hide the source of the ARP message by providing a
       fake source address.

       Here, you can provide either a hostname, an IP address or a MAC
       address. If you use a hostname or an IP address and that Ethernet
       address is not present in your ARP cache, a malformed DNS packet is
       sent to the target. But since the cache does not contain the Ethernet
       address, an ARP query is firstly sent on the network. The target
       answers with an ARP and you got the Ethernet address.

       -d, --dst HOST
              Set link layer destination.  HOST can be a hostname, an IP
              address or a MAC address.

       -s, --src HOST
              Set link layer source.  HOST can be a hostname, an IP address or
              a MAC address.

       --rand-hwa
              Set random addresses in link header

       --rand-hwa-dst
              Set random destination in link header.

       --rand-hwa-src
              Set random source in link header.

LOGICAL LAYER OPTIONS
       These parameters let you control what will appear in the ARP message
       itself, that is mainly the pairs <IP:MAC> for both source and
       destination hosts.

       You can specify either both IP and MAC (1.1.1.1:11:11:11:11:11:11),
       only IP (1.1.1.1, information provided is the link layer will be used
       to complete the ARP message), or only MAC (:11:11:11:11:11:11, then IP
       is set to broadcast).

       -D, --arp-dst HOST[:MAC]
              Set logical layer destination.  HOST can be a hostname or an IP
              address. A MAC address can be specified with MAC.  If not, HOST
              will be resolved.

       -S, --arp-src HOST[:MAC]
              Set logical layer source.  HOST can be a hostname or an IP
              address. A MAC address can be specified with MAC.  If not, HOST
              will be resolved.

       --rand-arp
              Set random addresses in ARP message.

       --rand-arp-dst
              Set random destination adsresses in ARP message.

       --rand-arp-src
              Set random source addresses in ARP message.

       --rand-arp-hwa-dst
              Set random destination MAC address in ARP message.

       --rand-arp-log-dst
              set random dst IP address in ARP message.

       --rand-arp-hwa-src
              Set random source MAC address in ARP message.

       --rand-arp-log-src
              Set random source IP address in ARP message.

MISCELLANEOUS OPTIONS
       -i, --interface IFACE
              Use IFACE as output interface (default: eth0).

       -c, --count NUM
              Send NUM packets

       -T, --time NUM
              Wait the NUM seconds between sending each packet ( NUM can be
              prefixed with u for microseconds)

       --rand-time NUM
              Randomize the sending period of the packets by adding a random
              salt choosen between -NUM and NUM.

       --beep Beep for each packet sent.

       --use-ts
              Send an icmp-timestamp to resolve MAC to IP.

       -n, --network ADDRESS
              Use ADDRESS as broadcast address for sending icmp-timestamp.

       -N, --call-dns
              Force address name resolution. This should never be used since
              it sends DNS messages on the LAN and slows down performances of
              arp-sl.

       -V, --version
              Print version and exit.

       -h, --help

BUGS
       No known bugs. Please contact AUTHORS if you found one.

AUTHORS
       arp-sk is written by Frédéric Raynal <pappy@security-labs.org>. This
       man page was written by Cédric Blancher <blancher@cartel-securite.fr>.
       They are both licenced under the terms of the GNU GPL.



Cédric Blancher                24 August 2002                       ARP-SK(1)