Nping - support for ARP spoofing on bare interface (no IPv4 configured)

[Stefan Kooman <stefan () kooman org>]

Hi Dev's,

This afternoon I tried to do the following. I wanted to send an
gratuitous ARP reply on a bare interface (no IP's configured) like this:

nping -c 4 --arp-sender-mac "mac-to-spoof-here" --arp-sender-ip
"spoofed-ip-here" --arp-type ar --arp-target-mac ff:ff:ff:ff:ff:ff
255.255.255.255 --interface targetdev. Where "targetdev" is the actual
interface I want to send the spoofed ARP reply on. Unfortunately nping
won't find an interface and gives the following response: "Could not
find interface targetdev which was specified by -e". After some
debugging with help from "jaybosamiya" and "bonsaiviking" on #nmap irc
channel the reason why nping won't "find" an interface is because it
does not have an IPv4 address configured (nmap --iflist would list the
interface just fine). I would like to have support in nping for sending
arp replies like the above but without the need for configuring an IPv4
address on the "targetdev".

Use case:

Virtual Machine (VM) live migration. VM moves from switch A to B.
Upstream switches/Routers (as seen from switch A and B) don't know the
VM has moved and will send frames to the wrong switch port. A gratuitous
ARP reply send on the hypervisor on behalf of the VM would update their
MAC tables and ultimately result in restored IPv4 network connectivity.

Thanks,

Stefan Kooman
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/