Injcode attaches to the target process using ptrace(). It then copies code and data into the memory space of the process and runs that. Then it cleans up as if it had never been there. It includes the ability to: move a program from one TTY to another; close fd; and close fd and reopen another file in its place.
> Its feature to map MAC addresses back to
> IP is quite
> useful. Unfortunately, that only works
> for machines which
> answer broadcast pings, i.e. not for
> windows machines :-(
Check out arping-scan-net.sh, included in arping. It
scans an IP network for a certain MAC address. It's only
needed for those that don't answer broadcast pings (also,
you can try the multicast IP 18.104.22.168), but when all else
fails, the script *will* find the box (unless it's actually
not answering ICMP pings).
Re: uhm.. iputils..
> You do realize that arping is already
> part of iputils..
As another comment has pointed out, that is a less capable arping, it's not the same program.
Arping exists in debian (though currently lagging on the 1.02 version) in the package arping.
The less capable arping from iputils is now in the package iputils-arping.