[HN Gopher] Arpchat - Text your friends on the same network usin...
___________________________________________________________________
Arpchat - Text your friends on the same network using just ARP
Author : louismerlin
Score : 251 points
Date : 2023-08-09 14:24 UTC (8 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| gorkish wrote:
| It's fun that it abuses ARP's ability to include an arbitrary
| payload, but just to remind everyone of networking 101, thing
| that the author is relying on is just the simple fact that
| switches flood packets addressed to ff:ff:ff:ff:ff to the entire
| broadcast domain. You can achieve similar message flooding
| without having to have superuser/raw packet permissions by
| directing packets to the L3 broadcast address whereupon they will
| (usually) be L2 flooded (Aka it's fun to ping the broadcast
| address.)
|
| Using ARP doesn't offer any particular advantage, and I would
| note since many modern switches do thinks like snooping arp
| packets, putting a high amount of bogus ARP traffic on the
| network could actually have some negative impact. It's still fun
| at any rate and reminds me of the type of crap that I used to
| make when I was learning. As alluded to before, I personally
| would have chosen to abuse ICMP for this purpose; maybe it's a
| future avenue for development. Kudos to the fun project!
| omitmyname wrote:
| Are you referring to https://hpbn.co/?
| jandrese wrote:
| This may be even more fun than you expect. We were doing VLANs
| using hardware from a major vendor to partition a network and
| discovered that while the VLANs worked most of the time, they
| were leaky with ARP traffic. It was causing us headaches because
| the machines were supposed to be sending all of their traffic
| through the router, but sometimes they were seeing ARP replies
| that they shouldn't and were thinking that the other machines
| would be reachable directly, causing them to be unable to send
| traffic until the ARP cache entry timed out. We couldn't get the
| vendor to show any interest in fixing the bug either, because
| they were too big to care.
|
| It's possible this chat app could break through VLANs in certain
| circumstances.
| brirec wrote:
| This is interesting to me for basically the same reason --
| being able to send and receive ARP messages with arbitrary
| payloads would definitely make troubleshooting VLANs (and other
| L2 connectivity) easier!
| jandrese wrote:
| Check out arping[1].
|
| But it is easy to send out arbitrary ARP requests using
| almost anything and watch them with Wireshark.
|
| [1] https://man7.org/linux/man-pages/man8/arping.8.html
| archmaster wrote:
| From my testing, it can break through a lot of things!
| catboybotnet wrote:
| Haha, this is amazing. Going to see if I'll get caught using this
| later today. :)
| teddyh wrote:
| If you're limiting yourself to the local network, why use IP at
| all, when you could use CHAOSNET?
| hiAndrewQuinn wrote:
| Oh heck yeah now this is what I'm talking about! Data link layer
| shenanigans!!
|
| For that of you who have no idea what the Address Resolution
| Protocol (ARP) is, to a first approximation it is the missing
| link between your MAC address (what Ethernet runs on) and your IP
| address (what Internet runs on). After your IP routing table,
| which you can see with `route`, decides what immediate next IP
| address to forward a packet to, then your ARP cache, which you
| can see with `arp`, will decide which MAC address that IP
| correspond to (usually your router's local IP address).
|
| Knowing that ARP even exists is considered mild esoterica today,
| to say nothing of its IPv6 sibling the Network Discovery
| Protocol. But even though you don't use it much in modern cloud-
| based deployments, knowing it exists makes your bird's eye view
| of how the whole network stack works that much more holistic.
| pcthrowaway wrote:
| > For that of you who have no idea what the Address Resolution
| Protocol (ARP) is, to a first approximation it is the missing
| link between your MAC address (what Ethernet runs on) and your
| IP address (what Internet runs on)
|
| More commonly, this is 802.11 nowadays, though I guess ARP
| would be used at any data link layer protocol when the host
| needs to get an IP:
| https://en.wikipedia.org/wiki/Data_link_layer
| tibordp wrote:
| Not sure I'd agree about it being esoteric. Understanding or at
| least knowing about ARP is still very much essential for people
| in networking. arping is a very useful tool for seeing if
| machines on the same network segment are up and just not
| responding to ICMP pings. Anyone looking at tcpdump/Wireshark
| dumps will run into it sooner or latter.
|
| It is true that software engineers may sooner run into it when
| debugging their home network than their application though as
| cloud and traditional networks are very different.
| rkagerer wrote:
| If it really is becoming obscure that's a shame, I'm not sure
| how you could pretend to understand how IP networks work
| without having at least cursory familiarity with it.
| ianlevesque wrote:
| Well, it's like a series of tubes...
| TacticalCoder wrote:
| > Knowing that ARP even exists is considered mild esoterica
| today
|
| And you can, say, hardcode the ARP entries from other computers
| on your network when they have fixed IP addresses.
| hk1337 wrote:
| I did this with "net send" back in high school and got in
| trouble.
| hiatus wrote:
| I don't think "net send" uses ARP as you had to be connected to
| a domain iirc.
| junon wrote:
| Unless the network analyzer cared about malformed or weird ARP
| packets (which it probably doesn't) then ARP messaging would
| probably be undetectable.
| huhtenberg wrote:
| `write` sends its regards.
|
| https://en.wikipedia.org/wiki/Write_(Unix)
| Terr_ wrote:
| > I found that trick and showed it to some friends... But it's
| hard to keep a secret, and somehow a larger non-friend group
| was using it to cheat in a computer-lab class. I was offended
| by the blatant cheating, and a little by the idea that certain
| people I didn't particularly like were profiting from what I'd
| found.
|
| > So I spoofed the system administrator's username (not hard on
| Win9x) and sent off a stern warning, which must've surprised
| them since suddenly all the messages stopped. :)
| yarekt wrote:
| Haha those were the days. Accidentally (on purpose) sent a
| message to entire domain in college, IT teachers immediately
| looked to us trouble makers :D
| greenie_beans wrote:
| was just thinking about the same thing but they didn't catch
| me!
| [deleted]
| jedahan wrote:
| I love (ab)using protocols that are built-in to most OS'. I wrote
| a dumb fake samba share that let people see messages in
| Finder.app/Explorer.exe/Gnome/KDE since I couldn't find a cross-
| platform gui or cli messaging system that didn't require
| installing special client software. (even netcat invocations were
| not working when trying on our local network, and had OS-specific
| flag differences if we wanted to do broadcast).
|
| You see the samba share message in your file browser, click it
| and can edit the filenames to update a 3-line "bulletin board".
|
| https://github.com/jedahan/samba-haiku/blob/master/index.js
|
| Even this was a re-implementation that used WIFI ssids to make a
| captive portal haiku.
|
| https://github.com/jedahan/haiku-wifi
| cyberax wrote:
| Ah, good old days of NetBEUI are finally returning!
| lyapunova wrote:
| This is a great and fairly accessible project. I'd like to give
| this a shot at my local hackerspace!
| archmaster wrote:
| Hey, I made this! I also made this other thing on HN today
| (https://news.ycombinator.com/item?id=37062422), really cool to
| see ArpChat as well (guess someone went through my profile). It
| was a super fun project and I learned a lot about networking.
|
| I actually got a chance to use it in a totally-offline setting a
| bit ago, which was fun! ... however, I then found a major bug
| that was causing tons of latency, and I fixed it but I haven't
| gotten around to building new artifacts yet, so you might want to
| build from scratch if you're planning on testing it out in a real
| setting for some reason. I also added fun username colors and
| message times. I promise I'll upload a new release soon!
|
| If you're interested, I wrote an article about a year ago about
| how ArpChat works: https://kognise.dev/writing/arp
| fullstop wrote:
| Do you expect this to work on Linux? # sudo
| getcap ./arpchat ./arpchat cap_net_raw=ep
|
| I receive "error getting channel, might be missing permissions"
|
| edit: the received error is from arpchat, not any of the setcap
| setup.
| archmaster wrote:
| not sure if your formatting is messed up, but these commands
| should work: $ sudo setcap CAP_NET_RAW+ep
| ./arpchat $ ./arpchat
|
| perhaps try sudo on the arpchat binary if not
| adsche wrote:
| If you use SELinux, you might want to check
| /var/log/audit/audit.log
| fullstop wrote:
| That was me showing you that setcap had, in fact, been
| called. That's why it's the output of getcap.
|
| I tried it with sudo and it also failed with the same
| message.
|
| I've tried it on an arch-based laptop and a debian-based
| laptop with the same results.
| archmaster wrote:
| i see. hmmmmm ... that's not supposed to happen, and it
| works fine on both nixos and ubuntu for me. may be
| something funky going on, i'll see if i can take a look
| sometime soon.
| fullstop wrote:
| Using the prebuilt binary works. Building from source
| does not.
| anfractuosity wrote:
| By modifying Cargo.toml slightly, I no longer got the
| same error, which seems to somehow relate to pnet
| library. pnet = "0.34.0"
|
| Interestingly with Arch it worked fine for me before, but
| with my Pi, I got the permission error, but changing the
| pnet ver seemed to fix anyway.
| fullstop wrote:
| This fixed it for me.
|
| Regarding Arch, I updated everything earlier today but I
| am running the LTS kernel.
| junon wrote:
| The readme banner at the bottom is absolutely hilarious and
| beautiful. This is neat, great job!
| [deleted]
| IgorPartola wrote:
| Back when IPv4 NAT was sort of standard (still is but so is IPv6
| as well as GCNAT now), I created a thing I called NATChat. It
| would basically just create a chat room for you based on your
| public IPv4 address, allowing you to chat with anyone on your
| network. Was kinda neat to use in office with others (back when
| that was also a thing).
| bgorman wrote:
| It is also possible to configure device IP addresses directly
| with ARP https://jetdirect.printerdepo.com/en/hp-jetdirect-print-
| serv...
___________________________________________________________________
(page generated 2023-08-09 23:00 UTC)