9

I'm trying to generate ARP (Address Resolution Protocol) request packets on the iPhone and listen for the associated responses that come back.

Google searches have led me into a dead-end. In order to send logical-layer packets, I'd need something along the lines of a raw socket, but need super-user permissions to create them. I'm trying to avoid jailbreaking my phone.

There's lots of c code out there that can do this, but I can't find anything that can translate to iOS due to the permissions.

I was ready to throw in the towel when I decided to Wireshark a couple network discovery apps I have. Namely "Fing" and "Pinggy" (hats off to Fing and Pinggy btw... awesome apps!)

https://itunes.apple.com/us/app/pinggy/id562201096?mt=8

https://itunes.apple.com/us/app/fing-network-scanner/id430921107?mt=8

Running Wireshark alongside these iPhone apps shows that they do an ARP scan from XXX.XXX.X.0 all the way to XXX.XXX.X.255. I do not see any ICMP packets go out simultaneously with the "ARPs". This leads me to believe that sending and receiving ARP packets are indeed possible on iOS.

I've thought about a ping sweep, assuming that it will generate ARP requests on its own. However, I will still need a raw socket to listen to the responses, correct?

Questions: What's available for sending/receiving packets at the logical layer? Specifically for sending receiving ARP packets? Am I missing anything fundamental?

Thanks in advance!

Ohm Unmongkolthavong
  • 141
  • 1
  • 7
  • Do you need to listen to the responses? Why not just watch the system's ARP table? – David Schwartz Jan 22 '13 at 20:12
  • Hi David, thanks for the reply. I was previously getting the local ARP table after a ping sweep. However, I found that this would miss devices that didn't response to pings. If there was a way to force an ARP request for that device I could use that as well. I haven't been able to reliably make that happen though. – Ohm Unmongkolthavong Jan 22 '13 at 20:18
  • 2
    There's no reason that would miss devices that don't respond to pings. Whether or not they respond to pings, they should respond to the ARP request that precedes the ping. – David Schwartz Jan 22 '13 at 20:29
  • Tests on my home network confirm what you're saying. I will leave the question open until the end of the week when I can test against the problem devices at work. Thanks, David! – Ohm Unmongkolthavong Jan 23 '13 at 19:40

2 Answers2

3

ARP requests do go out when I attempted to ping the problematic devices. This was seen with a Wireshark session running alongside the ping scanner. I found that I could not reproduce the "missing devices" I was seeing earlier that led me to ask my original question.

So, to answer my own question: ARP requests are sent per IP address when doing a simple ping scan on my subnet. I would see the ARP request go out (using Wireshark) as well as the ping request. If you need to generate an ARP request, simply send out a ping.

Even if the "problematic" device won't respond to ping requests, the ARP table will be notified of its existence.

Ohm Unmongkolthavong
  • 141
  • 1
  • 7
1

You can't do what you want to do, and get the app in the AppStore, since what you are trying to do isn't in the public API.

So one thing you could do, for testing purposes on your own network, or enterprise distributed apps is looking in the private/undocumented APIs.

One such list is maintained at https://github.com/nst/iOS-Runtime-Headers, but I can't vouch for its accuracy.

Good luck!

RandomSort
  • 600
  • 7
  • 22