From 0c335903494fc23c6a223dbf9797fb52265729d1 Mon Sep 17 00:00:00 2001
From: Dimitri Lozeve <delta.lozeve@gmail.com>
Date: Sat, 4 Jun 2016 09:44:10 +0200
Subject: [PATCH] arp_scan function

---
 arp.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 arp.h | 13 +++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/arp.c b/arp.c
index ec3e8a5..b4d0eeb 100644
--- a/arp.c
+++ b/arp.c
@@ -229,3 +229,56 @@ int listen_arp_frame(int sockfd, struct ether_arp *result)
   return -1;
 }
 
+
+
+/* Scans the subnet by sending ARP requests. If a reply is received,
+   we know that the target is alive.
+
+   sockfd: socket file descriptor
+   ifindex: index of the interface
+   ipaddr: local IP address
+   macaddr: local hardware address
+   netmask: local netmask
+
+   Returns 0 when the scan is complete.
+ */
+int arp_scan(int sockfd, int ifindex, struct sockaddr_in *ipaddr, unsigned char *macaddr, struct sockaddr_in *netmask)
+{
+
+  /* Using the local IP address and netmask, we can loop on every IP
+     address on the subnet, and send to every one an ARP request. */
+
+  /* This counter will loop through every available IP address on the
+     current subnet */
+  unsigned long ip_counter = ntohl(ipaddr->sin_addr.s_addr) & ntohl(netmask->sin_addr.s_addr);
+  /* The maximum address on the subnet */
+  unsigned long ip_max = ip_counter + (~ntohl(netmask->sin_addr.s_addr));
+
+  while (ip_counter < ip_max) {
+    char ip_string[16];
+    struct in_addr target_ip;
+    target_ip.s_addr = htonl(ip_counter);
+    if (!inet_ntop(AF_INET, &target_ip.s_addr, ip_string, sizeof(ip_string))) {
+      perror("[FAIL] inet_ntop()");
+      exit(EXIT_FAILURE);
+    }
+
+    send_arp_request(sockfd, ifindex, ipaddr, macaddr, target_ip);
+
+    struct ether_arp *result = malloc(sizeof(struct ether_arp));
+    int isalive = listen_arp_frame(sockfd, result);
+    if (isalive == 0) {
+      printf("Host %d.%d.%d.%d is alive!\n",
+	     result->arp_spa[0],result->arp_spa[1],
+	     result->arp_spa[2],result->arp_spa[3]);
+    }
+    
+    ++ip_counter;
+  }
+
+  
+  return 0;
+}
+
+
+
diff --git a/arp.h b/arp.h
index 76b11d6..eeb5272 100644
--- a/arp.h
+++ b/arp.h
@@ -61,5 +61,18 @@ int send_arp_reply(int sockfd, int ifindex, struct sockaddr_in *sender_ip, unsig
 int listen_arp_frame(int sockfd, struct ether_arp *result);
 
 
+/* Scans the subnet by sending ARP requests. If a reply is received,
+   we know that the target is alive.
+
+   sockfd: socket file descriptor
+   ifindex: index of the interface
+   ipaddr: local IP address
+   macaddr: local hardware address
+   netmask: local netmask
+
+   Returns 0 when the scan is complete.
+ */
+int arp_scan(int sockfd, int ifindex, struct sockaddr_in *ipaddr, unsigned char *macaddr, struct sockaddr_in *netmask);
+
 
 #endif /* ARP_H_ */