> I wouldn't bother with Perl at all in this case. A much better solution for scanning large networks and seeing what's alive is thcrut.

I've just tried to compile 'thcrut' in a sandbox - pure curiosity, since I've got a Perl script that does host discovery for me - and I've got to say that the message at the end of running 'configure' does not inspire much confidence in me.

[...]
Preprocessor flags: -I../pcre-3.9 -I../Libnet-1.0.2a/include  -I/usr/l
+ocal/include
      Linker flags: -L../pcre-3.9 -L../Libnet-1.0.2a/src  -L/usr/local
+/lib
         Libraries: -L/usr/local/lib -lpcre -lnet -lpcap -lnsl
                                                                      
+     _
                                                                      
+   _( (~\
                  _ _                        /                        
+  ( \> > \
              -/~/ / ~\                     :;                \       
+_  > /(~\/
             || | | /\ ;\                   |l      _____     |;     (
+ \/    > >
 --------.    _\\)\)\)/ ;;;                  `8o __-~     ~\   d|     
+ \      //
 * HELP * |  ///(())(__/~;;\                  "88p;.  -. _\_;.oP      
+  (_._/ /
 * HELP * | (((__   __ \\   \                  `>,% (\  (\./)8"       
+  ;:'  i
          | )))--`.'-- (( ;,8 \               ,;%%%:  ./V^^^V'        
+  ;.   ;.
 I'M JUST | ((\   |   /)) .,88  `: ..,,;;;;,-::::::'_::\   ||\        
+ ;[8:   ;
 STUPID   !  )|  ~-~  |(|(888; ..``'::::8888oooooo.  :\`^^^/,,~--._   
+ |88::  |
 WHITEHAT.|_____-===- /|  \8;; ``:.      oo.8888888888:`((( o.ooo8888O
+o;:;:'  |
          |. |_~-___-~_|   `-\.   `        `o`88888888b` )) 888b88888P
+""'     ;
PLEASE    | ; ~~~~;~~         "`--_`.       b`888888888;(.,"888b888"  
+..::;-'
DONT HURT |   ;      ;              ~"-....  b`8888888:::::.`8888. .:;
+;;''
MEEEEEE!  |      ;    ;                 `:::. `:::OOO:::::::.`OO' ;;;'
+'
          | :       ;                     `.      "``::::::''    .'
* HELP *  |    ;                           `.   \_              /
* HELP *  |  ;       ;                       +:   ~~--  `:'  -';
__________!                                   `:         : .::/  -Tua 
+Xiong
                 ;                            ;;+_  :::. :..;;;
-=[ (C) THE HACKERS CHOICE - Estd. 1995 ]=- -=[ www.ircsnet.net /j #TH
+C ]=-
------=[ WHQ: http://www.thc.org ]=- - -=[ Enjoy your enemy... ]=-----
+-----
Configuration complete. Now type: make all install; thcrut -h
[download]

I don't know about you, but I'd much rather "bother" with a Perl script - especially since you'd need to run 'thcrut' as root to get any useful action. I'll leave the dubious pleasure of carefully vetting several hundred K of C code to someone else.

-- 
Human history becomes more and more a race between education and catastrophe. -- HG Wells

It's a tool. Granted, that dopey ASCII art thing is pretty dumb, but I got over it, and it's a valuable addition to my toolbox.

You may not realise that to do lots of useful things, you need to be root. Had a look at ping(1) recently? It's setuid root, because only root may issue icmp packets.

And your firewall will of course block any egress attempts from the host on which you run this program, right? I doubt there's a rootkit in there, but I haven't looked closely. I imagine that if there was anything fishy going on, we would have heard about it by now.

• another intruder with the mooring in the heart of the Perl

I'm not sure what it is that you claim you "got over". The risk of having your system back-doored by a program of unknown reliability? Nope. The legal risk of having that system used as, say, a botnet director or a spam mail server? No. I could go on, but I assume you get the point.

As to 'ping' - I know where mine comes from (my Linux distro), and I trust it with good reason. You, on the other hand, are giving root access to a program for which you have no chain of trust whatsoever - and that, in fact, specifically implies (via that ASCII graphic) that its author violates other people's systems and is gleeful about it. Good luck "getting over" that.

> I imagine that if there was anything fishy going on, we would have heard about it by now.

A pious wish, backed by absolutely nothing. Imagine having to rebuild your system from scratch because you installed this thing. Would you report it here, especially after having been told that it's not the smartest thing you could do? I seriously doubt it.

-- 
Human history becomes more and more a race between education and catastrophe. -- HG Wells

WalkingZero writes:

I am trying to write a function that, given an array of IP addresses, will run ARP requests to find out which IPs are currently assigned to live hosts.

If that's all you are trying to do then send some packet to the host that you think it will respond to and, if it responds, then your ARP cache is correct. Look in the ARP cache for the MAC.

I think Net::Pcap is probably half of what I need.

Not likely.

I still feel that dealing with a raw ARP Request and Reply over the wire is the best way to accomplish my ends.

If you use a perl module to construct a packet to send then most such modules also will provide a way to deconstruct the packet you receive. For ARP packets you might try NetPacket::ARP. Claims to do what you need. You'll have to open a socket to your destination to send the packets formated by NetPacket::ARP.

---

s//----->\t/;$~="JAPH";s//\r<$~~/;{s|~$~-|-~$~|||s |-$~~|$~~-|||s,<$~~,<~$~,,s,~$~>,$~~>,, $|=1,select$,,$,,$,,1e-1;print;redo}

After the blessed duh moment pointed out by the Anonymous monk, I have the sending don with Net::ARP however a strange thing occurs. NOTHING bothers listening for the reply packet. I watched with wireshark and I get the reply, but it is not stored in ARP Cache and if Net::ARP is listening for it somewhere I don't know where it could be. So I just need to figure out the best way to listen for this reply packet. I'm looking at both Net::Pcap and the Net::Frame tools