In network communication, the application program of the source host knows the IP address and port number of the destination host, but does not know the hardware address of the destination host, and the data packet is first received by the network card and then processed by the upper layer protocol, if the received data If the hardware address of the packet does not match the local machine, it will be discarded.Therefore, the destination host hardware address must be obtained before communication.The ARP protocol plays this role.The source host sends an ARP request and asks “the hardware address of the host whose IP address is” and broadcasts this request to the local network segment (The hardware address of the Ethernet frame header is FF:FF:FF:FF:FF :FF indicates broadcast. When the destination host receives the broadcast ARP request and finds that the IP address matches the local machine, it sends an ARP reply packet to the source host and fills in its own hardware address in the reply packet.

Each host maintains an ARP cache table, which can be viewed using the arp -a command.The entries in the cache table have an expiration time (generally 20 minutes). If no entry is used again within 20 minutes, the entry is invalidated. The next time an ARP request is sent to obtain the target host's hardware address. This project is based on win cap. To successfully run this code, you need to download and install win cap and WpdPack and configure wincap library in visual studio.

C++ parsing ARP packets (optional network card)



