John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
SHA-1 HMAC generated with the pass parameter as secret key, and counter, version, type, vhid, and virtual IP address as the message digest.
Packet format:
field#
bits
Description
version
4
The version of the CARP protocol.This is statically defined as 2 in the header file /usr/src/netinet/ip_carp.h.
type
4
The type field defines the type of CARP packet. This value can be 0x01 (advertisement) or 0x02 (leave group), but the latter is only defined in the header file; I have not seen it being used anywhere.
vhid
8
Virtual host id.
advskew
8
Advertisement skew.
authlen
8
Size of Counter field + md field in 32 bit chunks.Statically defined as 7 in the header file.
Pad1
8
Unused, must be 0.
advbase
8
Advertisement interval.
cksum
16
Checksum for Internet Protocol family headers.
counter
64
Two counters used for replay detection.(not implemented yet)
Md
160
SHA-1 HMAC generated with the passparameter as secret key, and counter, version, type, vhid, and virtual IP address as the message digest
SHA-1 HMAC generated with the pass parameter as secret key, and counter, version, type, vhid, and virtual IP address as the message digest.
Packet format:
/usr/src/netinet/ip_carp.h
.read more: https://www.giac.org/paper/gsec/4031/carp-free-fail-over-protocol/106433
see also: https://github.com/jedisct1/UCarp/blob/master/src/carp.c https://github.com/openbsd/src/blob/master/sys/netinet/ip_carp.c
Scapy already supports it: https://github.com/secdev/scapy/blob/master/scapy/contrib/carp.py