/*
 * arp-scan.c - (c) 2000 noah williamsson [noah@hd.se] 
 *
 *
 * arp-scan(1) for Linux:
 *  $ su -
 *  # bash
 *  # tcpdump -p -t arp > replies &
 *  # ./arp-scan eth0 192.168.0.0/255.255.255.0
 *  # grep reply replies|awk '{print$3}'
 *  # kill -9 %1
 *
 * arp-scan(1) for Solaris:
 *  $ su -
 *  # bash
 *  # snoop -P arp > replies &
 *  # ./arp-scan eth0 192.168.0.0/255.255.255.0
 *  # grep 'ARP R' replies|awk '{print$7}'
 *  # kill -9 %1
 *
 * Requires libnet.
 *   http://www.packetfactory.net/Projects/Libnet/dist/libnet.tar.gz
 *
 * Compile:
 *   gcc -o arp-scan arp-scan.c -O2 -Wall \
     `libnet-config --cflags --defines --libs`
 * Add -lresolv for Solaris
 *
 * Found working on Linux 2.2 and Solaris 7.
 * Should work on any other libnet supported OS too.
 *
 */

#include <stdio.h>
#include <libnet.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int main(int argc, char **argv)
{
        u_char eth_broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
        u_char ebuf[0xff], *mdma, *eth_src, *nm_ptr;
        u_long ip, s_ip, e_ip, my_ip, nm;
        struct in_addr ia;
        struct libnet_link_int *intf;



        if(getuid()) {
                printf("arp-scan: run as root stupid!\n");
                return -1;
        }

        if(argc != 3) {
                printf("Usage: %s <interface> <ip block>\n"
                        "\tEx: %s xl0 10.0.0.0/255.255.255.0\n", argv[0], argv[0]);
                return -1;
        }


        nm_ptr = strchr(argv[2], '/');
        if(!nm_ptr) {
                printf("Invalid block!\n");
                return -1;
        }

        *(nm_ptr++) = '\0';


        printf("Using interface %s\n", argv[1]);
        intf = libnet_open_link_interface(argv[1], ebuf);
        if(!intf) {
                printf("libnet_open_link_interface(%s): %s\n", argv[1], ebuf);
                return -1;
        }

        if(!(eth_src = (u_char *)libnet_get_hwaddr(intf, argv[1], ebuf))) {
                printf("libnet_get_hwaddr(): %s\n", ebuf);
                return -1;
        }

        if(!(my_ip = libnet_get_ipaddr(intf, argv[1], ebuf))) {
                printf("libnet_get_ipaddr(): %s\n", ebuf);
                return -1;
        }

        my_ip = ntohl(my_ip);

        inet_aton(nm_ptr, &ia);
        nm = ia.s_addr;
        printf("Using netmask %s\n", inet_ntoa(ia));

        inet_aton(argv[2], &ia);
        e_ip = ia.s_addr | (~nm);

        ia.s_addr += htonl(1);
        s_ip = ia.s_addr;
        printf("Using start ip: %s\n", inet_ntoa(ia));

        ia.s_addr = e_ip;
        printf("Using end ip: %s\n", inet_ntoa(ia));

        ia.s_addr = my_ip;
        printf("Your IP: %s\n", inet_ntoa(ia));

                
        for(ip = s_ip; ip < e_ip; ip += htonl(1)) {
                if(libnet_init_packet(LIBNET_ETH_H+LIBNET_ARP_H, &mdma) < 0) {
                        printf("libnet_init_packet(): out of memory.\n");
                        return -1;
                }

                libnet_build_ethernet(eth_broadcast, eth_src,
                                        ETHERTYPE_ARP, NULL, 0, mdma);

                libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, ETHER_ADDR_LEN,
                                 4, ARPOP_REQUEST, 
                                 eth_src, (u_char *)&my_ip,
                                 eth_broadcast, (u_char *)&ip, 
                                 NULL, 0, mdma + LIBNET_ETH_H);

                if(libnet_write_link_layer(intf, argv[1], mdma, 
                        LIBNET_ETH_H+LIBNET_ARP_H) < 0) {
                        printf("libnet_write_link_layer(): "
                                "Couldn't write packet\n");
                        return -1;
                }

                libnet_destroy_packet(&mdma);
        }

        return 0;
}