Add support for ARP

Question

Add support for ARP

GyulyVGC opened this issue 10 months ago · 5 comments

Considered the new capabilities of etherparse v0.17 (#679), we should consider adding support for the Address Resolution Protocol in Sniffnet.

Answer 1 · 2025-03-15T15:41:05.000Z

Hello, @GyulyVGC
Nice to meet you.

I'm shu-kitamura.
I'm interested in this issue.
I'd like to try to add this feature.

I modified some functions so that I can capture ARP packets in my local environment.
I confirmed that I can see ARP packets on the screen as shown below.

As I understand it, ARP packet support is as shown in the image. Is it correct?

This is my first time contributing to OSS, so I'm sure there are many things I don't understand.

Answer 2 · 2025-03-15T16:49:22.000Z

Hi @shu-kitamura, thanks for your interest!

Yes there is probably something to improve but we'll discuss about it in the PR eventually.

For now, I just want to say that I'm not sure it's completely correct to include ARP as "protocol" since it's on a different layer of the ISO/OSI stack with respect to TCP/UDP/ICMP.

However it doesn't even make sense to include it as an IP version, so yeah probably the most meaningful thing is to categorize it as protocol.

This uncertainty is also the reason why I was hesitant to implement this feature.

Answer 3 · 2025-03-15T16:53:14.000Z

What I'd also like for ARP is to have the list of addresses that were object of the resolution: similarly to ICMP for which I report the list of messages, it'd be nice to add the list of addresses that were resolved by each ARP connection.
Or the amount of ARP requests/replies.

Answer 4 · 2025-03-15T17:06:54.000Z

Please let me confirm.
Are you saying that, just as the ICMP output shows a list of source/destination IP addresses, the ARP output should also display a similar list that clearly indicates which IP addresses were resolved?

Answer 5 · 2025-03-15T17:10:28.000Z

I'm referring to the information that is available when you click on one of the rows in the inspect page table.
For ICMP there is a section reporting the list of message types part of that connection.
I believe we should report something also for ARP, like maybe the number of requests VS responses message, or other details that we can extract from the etherparse ARP header.