Menu
When I use arping to send ARP request(I know a sleeping iPhone doesn't reply to ICMP ping) to sleeping iPhones/Androids(means they are on but the screen is dark) connected on the same wifi, the iPhone replies to me like this:
ARPING 10.109.201.139
Timeout
Timeout
Timeout
42 bytes from e0:ac:cb:b0:22:5b (10.109.201.139): index=0 time=20.201 msec
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
42 bytes from e0:ac:cb:b0:22:5b (10.109.201.139): index=1 time=65.401 msec
Timeout
but occasionally, the iPhone replies continually. Sometimes it doesn't answer the arping at all. Android answers like so:
ARPING 10.109.201.119
Timeout
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=0 time=78.345 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=1 time=148.228 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=2 time=217.777 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=3 time=84.933 msec
Timeout
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=4 time=174.140 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=5 time=78.559 msec
It seems Android is more positive. So what's the strategy of iPhone/Android responding to ARP request(This post may be related)? May home-grade routers be related to this?
Actually I'm writing an ARP scanner with libpcap(I can provide the golang code if that helps), so how can I detect phones as much as possible?
ps: I know this question is kind of off-topic, but it really annoys me where I should put this question, Super User doesn't allow questions about phones, Ask different is not proper as this question is not only about Apple hardware or software. I put it on networkengineering, but it's put on hold as off-topic.
617
ARP broadcasts a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it sends a reply so ARP can update the cache for future reference and proceed with the communication.
When you attempt to ping an IP address, an ARP request is sent at the same time. Your firewall may be blocking the ICMP echo, but chances are the computer will receive an ARP reply. Your computer's ARP table will contain the IP address and MAC address of the host you are trying to reach.
both my wife's sleeping iphone and sleeping ipad seem to respond to an icmp ping request fine when sent via the .net ping.send method detailed here.
I use this in a program which I wrote myself and have recently made available as freeware at http://www.rlatour.com/myarp
Also this post say that it works using another program called tcping
hope this helps
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
