Transmitting and receiving ARP data on Windows from user mode programs

3.1k views Asked by At

(ARP = Address Resolution Protocol - RFC 826) Is there a way to send and receive ARP traffic on Windows through user world programs? On Linux, we can just create raw sockets to send ARP traffic, but on Windows, my research suggests that we need to write a driver that can be used to send such traffic. I thought about using WinPcap, but it internally installs a driver which can be used to send/receive such traffic.

My question is: without installing a driver, are there any ways in which Windows will allow transmission/reception of ARP packets?

1

There are 1 answers

2
Jerry Coffin On BEST ANSWER

The easiest way to send an ARP packet is probably using SendARP.

You can, then use GetIpNetTable to retrieve the address from the IP stack's ARP table. To be sure you're getting a current address, you usually want to do DeleteIpNetEntry to remove the address, then SendARP, then wait a while and GetIpNetTable (if necessary repeating a few times, until you get one with an entry for the desired address).

Alternatively, for Vista or newer, you can use ResolveIpNetEntry2 to retrieve the data a bit more directly. This automatically flushes the current entry (if any) for the address, sends an ARP packet, and returns a current result (which is also used to update the stacks's ARP table, if I'm not mistaken).