How to Get an ARP Table with an IP Helper API



Click here for a larger image.

Compiled on: Visual Studio 6.0 & Windows XP Pro.

Tested on: Win2K Server, WinXP Pro, WinXP Home Edition, & Win2003 Server

Introduction

There are some articles related to ARP, but I think it has been difficult to find a program to get an ARP table on a Windows system. This program provides you with the information on how to get an ARP table in VS60 on Windows by using iphlpapi.lib.

As you know, ARP stands for address resolution protocol and maintains IP address/physical address pairs.

By spoofing this ARP table, you can get a man-in-the-middle attack and sniff all the packets or even switch networks. Because of this, many programmers related to security should know to manipulate an ARP table.

Description

This program is very simple, at most 100 lines. I think this is easy to understand. None the less, I think that a description of some API functions related to ARP in iphlpapi.lib is needed.

The IP Helper APIs available for ARP on Windows are listed below:

  • GetIpNetTable: Retrieves address resolution table information.
  • SetIpNetEntry: Adds entry to the ARP table.
  • DeleteIpNetEntry: Deletes entry from the ARP table.
  • CreateIpNetEntry: Creates an entry in the ARP table.
  • FlushIpNetTable: Deletes all ARP entries for the specified interface from the ARP table
  • SendARP: Sends an ARP request to obtain the physical address that corresponds to the specified destination IP address

The structures available in IP Helper APIs for ARP follow:

  • MIB_IPNETTABLE: Contains a table of ARPentries.
  • PMIB_IPNETTABLE: Pointer to MIB_IPNETTABLE structure.
  • MIB_IPNETROW: Contains information for an ARPtable entry.
  • PMIB_IPNETROW: Pointer to MIB_IPNETROW structure.

In this program, GetIpNetTable of the API functions is used as follows:

ULONG nSize=400;

PMIB_IPNETTABLE pMib = (PMIB_IPNETTABLE)malloc(sizeof(
                        MIB_IPNETTABLE)+
                        sizeof(MIB_IPNETROW)*nSize);

DWORD dwRet = GetIpNetTable(pMib,&nSize,TRUE);

.
.
.

for (int i =0;i<nSize;i++)
{
  char ipaddr[20], macaddr[20];

  sprintf(ipaddr,"%d.%d.%d.%d",
    ( pMib->table[i].dwAddr&0x0000ff),
     ((pMib->table[i].dwAddr&0xff00)>>8),
    ((pMib->table[i].dwAddr&0xff0000)>>16),
     (pMib->table[i].dwAddr>>24)
    );

  sprintf(macaddr, "%02x-%02x-%02x-%02x-%02x-%02x",
    pMib->table[i].bPhysAddr[0],pMib->table[i].bPhysAddr[1],
    pMib->table[i].bPhysAddr[2],pMib->table[i].bPhysAddr[3],
    pMib->table[i].bPhysAddr[4],pMib->table[i].bPhysAddr[5]
  );

  printf("%-20s %-25s",ipaddr,macaddr);

  if (pMib->table[i].dwType == 3) printf("Dynamic\n");
    else if (pMib->table[i].dwType == 4) printf("Static\n");
}

Iphlpapi.lib is included in Platform SDK.

About the Author

Gordon Ahn is a software engineer and network security expert and works for www.nextsecurity.net.

If you have any questions, don't hesitate to e-mail me, or visit the above site.

Downloads

Download source code and demo project - 33 Kb


Comments

  • which device ?

    Posted by Legacy on 01/22/2004 12:00am

    Originally posted by: lolosoft

    which device (if many) for the ARP table

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • 10 Rules that Make or Break Enterprise App Development Projects In today's app-driven world, application development is a top priority. Even so, 68% of enterprise application delivery projects fail. Designing and building applications that pay for themselves and adapt to future needs is incredibly difficult. Executing one successful project is lucky, but making it a repeatable process and strategic advantage? That's where the money is. With help from our most experienced project leads and software engineers, …

  • Live Event Date: September 19, 2014 @ 2:00 p.m. ET / 11:00 a.m. PT In response to the rising number of data breaches and the regulatory and legal impact that can occur as a result of these incidents, leading analysts at Forrester Research have developed five important design principles that will help security professionals reduce their attack surface and mitigate vulnerabilities. Check out this upcoming eSeminar and join Chris Sherman of Forrester Research to learn how to deal with the influx of new device …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds