search

ThomasHabets / arping

ARP Ping
http://www.habets.pp.se/synscan/programs.php
GNU General Public License v2.0
403 stars 63 forks source link

arping on macOS 10.11.6 not working #43

Open LowKnee opened 3 years ago

LowKnee commented 3 years ago

macOS 10.11.6 libnet 1.2 no wireshark, no little snitch

sudo arping -i en0 192.168.1.1 Password: arping: libnet_init(LIBNET_LINK, en0): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied

ls -l bpf0 crw------- 1 root wheel 23, 0 5 Aug 15:30 bpf0

==============

sudo arping -vvvvv 192.168.1.1 arping: Using gettimeofday() for time measurements arping: libnet_init() arping: libnet_init(lo) arping: libnet_init(LIBNET_LINK, ): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied

==============

sudo tcpdump -i en0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes

==============

sudo dtruss arping 192.168.1.1

arping: libnet_init(LIBNET_LINK, ): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied SYSCALL(args) = return thread_selfid(0x0, 0x0, 0x0) = 114667 0 csops(0x0, 0x0, 0x7FFF51F3BB10) = 0 0 issetugid(0x0, 0x0, 0x7FFF51F3BB10) = 1 0 shared_region_check_np(0x7FFF51F39A18, 0x0, 0x7FFF51F3BB10) = 0 0 stat64("/usr/lib/libpcap.A.dylib\0", 0x7FFF51F3ADA8, 0x7FFF51F3BB10) = 0 0 stat64("/usr/local/opt/libnet/lib/libnet.9.dylib\0", 0x7FFF51F3ADA8, 0x7FFF51F3BB10) = 0 0 open("/usr/local/opt/libnet/lib/libnet.9.dylib\0", 0x0, 0x0) = 3 0 pread(0x3, "\317\372\355\376\a\0", 0x1000, 0x0) = 4096 0 mmap(0x10DCD0000, 0xE000, 0x5, 0x12, 0x3, 0x0) = 0x10DCD0000 0 mmap(0x10DCDE000, 0x1000, 0x3, 0x12, 0x3, 0xE000) = 0x10DCDE000 0 mmap(0x10DCE1000, 0x3334, 0x1, 0x12, 0x3, 0xF000) = 0x10DCE1000 0 fcntl(0x3, 0x2C, 0x7FFF51F39148) = 0 0 close(0x3) = 0 0 stat64("/usr/lib/libSystem.B.dylib\0", 0x7FFF51F3ADA8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libcache.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148 = 0 0 stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libdyld.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/liblaunch.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libmacho.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_coretls.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148 = 0 0 stat64("/usr/lib/system/libsystem_kernel.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_network.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_platform.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_pthread.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libunc.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libunwind.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/system/libxpc.dylib\0", 0x7FFF51F3A8D8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/libobjc.A.dylib\0", 0x7FFF51F39BB8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/libauto.dylib\0", 0x7FFF51F39BB8, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/libc++abi.dylib\0", 0x7FFF51F39A98, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/libc++.1.dylib\0", 0x7FFF51F39A98, 0x7FFF51F39148) = 0 0 stat64("/usr/lib/libDiagnosticMessagesClient.dylib\0", 0x7FFF51F39988, 0x7FFF51F39148) = 0 0 getpid(0x7FFF85EE2740, 0x7FFF51F39988, 0x7FFF51F39148) = 17334 0 open("/dev/dtracehelper\0", 0x2, 0x7FFF51F3B9D0) = 3 0 ioctl(0x3, 0x80086804, 0x7FFF51F3B958) = 0 0 close(0x3) = 0 0 sysctl(0x7FFF51F3B070, 0x2, 0x7FFF51F3B080) = 0 0 thread_selfid(0x7FFF51F3B070, 0x2, 0x7FFF51F3B080) = 114667 0 bsdthread_register(0x7FFF8E3E8344, 0x7FFF8E3E8334, 0x2000) = 1073741887 0 mprotect(0x10DCE5000, 0x88, 0x1) = 0 0 mprotect(0x10DCE7000, 0x1000, 0x0) = 0 0 mprotect(0x10DCFD000, 0x1000, 0x0) = 0 0 mprotect(0x10DCFE000, 0x1000, 0x0) = 0 0 mprotect(0x10DD14000, 0x1000, 0x0) = 0 0 mprotect(0x10DD15000, 0x1000, 0x1) = 0 0 mprotect(0x10DCE5000, 0x88, 0x3) = 0 0 mprotect(0x10DCE5000, 0x88, 0x1) = 0 0 issetugid(0x10DCE5000, 0x88, 0x1) = 1 0 getpid(0x10DCE5000, 0x88, 0x1) = 17334 0 stat64("/AppleInternal/XBS/.isChrooted\0", 0x7FFF51F3AFD8, 0x1) = -1 Err#2 stat64("/AppleInternal\0", 0x7FFF51F3AF48, 0x1) = -1 Err#2 csops(0x43B6, 0x7, 0x7FFF51F3AA60) = -1 Err#22 sysctl(0x7FFF51F3AE20, 0x4, 0x7FFF51F3AB98) = 0 0 csops(0x43B6, 0x7, 0x7FFF51F3A350) = -1 Err#22 proc_info(0x2, 0x43B6, 0x11) = 56 0 socket(0x2, 0x2, 0x0) = 3 0 ioctl(0x3, 0xC00C6924, 0x7FFF51F38280) = 0 0 ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206921, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206921, 0x7FFF51F3C2A0) = -1 Err#49 ioctl(0x3, 0xC0206911, 0x7FFF51F3C2A0) = 0 0 ioctl(0x3, 0xC0206921, 0x7FFF51F3C2A0) = -1 Err#49 close(0x3) = 0 0 open("/dev/bpf0\0", 0x2, 0x10DCDD8BF) = -1 Err#13 socket(0x2, 0x2, 0x0) = 3 0 ioctl(0x3, 0xC0206911, 0x7FFF51F3C168) = -1 Err#6 close(0x3) = 0 0 write_nocancel(0x2, "arping: libnet_init(LIBNET_LINK, ): libnet_bpf_open(): open(): (/dev/bpf0): Permission denied\n\0", 0x64) = 100 0 getuid(0x2, 0x7FFF51F3BD70, 0x64) = 0 0

ThomasHabets commented 3 years ago

I don't have a mac to try to reproduce this, but does tcpdump work?

LowKnee commented 3 years ago

yes, tcpdump works, I copied the first line in my post above:

sudo tcpdump -i en0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes

ThomasHabets commented 3 years ago

Oops, sorry I missed that.

Is tcpdump on a mac special? Is it suid to something?

LowKnee commented 3 years ago

I don't know, tcpdump needs sudo it uses /dev/bpf0 without sudo you get same error as arping, but sudo with Arping does not work.

see error tcpdump without sudo: tcpdump -i en0 tcpdump: en0: You don't have permission to capture on that device ((cannot open BPF device) /dev/bpf0: Permission denied)