Sometimes you need to know what is active on your local network. This little application scans the ARP table and displays the results. So what is the ARP table? Your local network is more than likely an Ethernet network. Ethernet identifies each participant by a unique address called a MAC (Media Access Control) address. But we commonly communicate with other members of the local network using IP addresses. The ARP (Address Resolution Protocol) table is what is used to convert MAC addresses to IP addresses and visa versa.
The entries of the ARP table are volatile. There are some permanent entries, but most of the entries are dynamic. The makeup is best explained by looking at the structure used to maintain the table.
Code:
Private Type MIB_IPNETROW
dwIndex As Long 'Interface index of the adapter
dwPhysAddrLen As Long 'The byte length of the MAC address
bPhysAddr(8) As Byte 'The MAC address
dwAddr As Long 'IPv4 IP Address (IPv6 is 16 bytes)
dwType As Long 'The type of ARP entry 1 = Other, 2 = Invalid, 3 = Dynamic, 4 = static
End Type
Wait a minute. Why are there 8 bytes allocated for the MAC address when only 6 are required? That is because Windows works on Word boundaries (4 bytes), and the actual length used is defined in "dwPhysAddrLen".
Each defined network has a broadcast address. For the MAC addresses it is "ff-ff-ff-ff-ff-ff" and is equated to the last address in the defined IP network. For example, a network defined as 192.168.1.0/24 (IP Mask 255.255.255.0) the last valid address would be 192.168.1.255. This results in a static ARP entry of:
Code:
192.168.1.255 ff-ff-ff-ff-ff-ff static
When a Ethernet device becomes active, it sends out an ARP announcement on the broadcast address advertising that it is joining the network. Other active participants should react to this message and add the address to it's dynamic table. By the same token, if an active participant wants to contact an inactive participant, it will send out an ARP broadcast message inviting that participant to join the network.
So why does it go through this complicated process. Like any cache table, each entry in the table comes with a timeout. Older versions of Windows used to have a timeout of 2 minutes for ARP entries, while newer versions have lowered this time to a random value between 15 seconds and 45 seconds. If the address is not used again within that time, it is removed from the table. This prevents entries from becoming stale and overcrowding the table.
J.A. Coutts
Last edited by couttsj; Aug 7th, 2019 at 11:03 AM.
I was just "reviewing" dilletante's GetAdaptsInfo.bas and here I find it copy/pasted verbatim with no original author attribution. (No one else uses so complicated HexBytes implementation:-))
it is not my code clearly
i download the code here: http://www.vbforums.com/showthread.p...=1#post5261833
and i have made a little change for myself, also change the module name, but the original code there have no author info, so lazy me, have not added the author info into the module
sorry for @dilettante
This version replaces the ARP table lookup with ARP requests. This allows us to find network devices that are alive but not active. To accomplish this I am using the "SendARP" API call adapted from SendARP by Randy Birch.
An ARP request does not necessarily consist of a single request. Before it gives up, it actually sends 3 requests for a total time on my system of 3.2 seconds (see packet jpeg). The API call does not return until after this period of time when requesting a non-utilized address. To prevent the program from hanging during this time, it needs to be on a separate thread. To accomplish this I am using a separate program and communicating between the 2 programs utilizing the Windows messaging system. When the "ARP" program is activated, it activates the "SendARP" program.
The ARP program has 2 buttons. Like the previous program, the "Get Network" button finds the current adapter and lists some of it's properties. One of those properties is the network definition, which is calculated by "AND"ing the NetMask with the Adapter IP address. For example, if the Adapter address is "192.168.1.8" and the NetMask is "255.255.255.0", the result would be "192.168.1.0".
When the "Get MAC" button is clicked, the network definition address is incremented by one and sent to the "SendARP" program. If "SendARP" gets a response to it's ARP request, it returns the MAC address immediately. If it does not get a response, it returns "Not Found!" after 3.2 seconds. If you click the "Get MAC" button several times in succession, it will increment the IP address that number of times and send out the requests. Obviously the requests are cached and returned in order. I do not know how many cached requests it can handle, but it can take some time if many IPs are not utilized. The safe way would be not to send another request until the response has been received from the previous request. This is a work in progress.
A word of caution if you are stepping through the program and the system is unable to process system messages. It can cause some IDE functions to not respond, or in extreme cases to crash the IDE.
J.A. Coutts
Last edited by couttsj; Aug 12th, 2019 at 09:32 AM.
After I posted this, I started to wonder if this was a 'Roll Your Own' app.
Originally Posted by couttsj
That is my network Packet Analyzer program.
I'm so impressed with the breath of app. functionality you have created.
Did you see my 'Contacts' app. Ad. on this site ?
Then I could pay you for your efforts and a small 'repayment' for all your past efforts.
BTW - I have a procedural C app. ( Yes not C Plus Plus - so decades old ) that interrogates a routers ARP cache as part of our security audit, if you do not use DHCP you can then trigger when hackers connect to a LAN
How to use multiple network cards in a computer? Such as wired network card WIFI, USB network card, corresponding to 3 different optical fibers or broadband.
How does a program specify a certain network card for downloading?
Or 3 multi-threads, each thread uses a broadband network cable (network card)?
route add IP1,NETCARD 1?
Last edited by xiaoyao; Sep 2nd, 2021 at 08:05 PM.