Discover your local network with ” arp-scan ” on Linux

arp-scan is a must-have tool for network security , administration , training and discovering all  hosts (devices) on your local network , even firewall-ed hosts that won’t respond to pings . First important to note is that arp scanning is a local discovery process only , arp packets are non routable packets ( they don’t have an IP header ) , they can’t go through a routing device (router) , so they can only go so far as their broadcast domain .
Arp-scanning will find a firewall-ed host that is configured  not to respond to ping (ICMP echo request ) — ARP is never blocked .

An experienced Linux user would say that nmap can also do this job and even more . But arp-scan fits exactly the Linux philosophy — do just one think and do it best —
arp-scan makes minimal bandwidth overhead and uses natural protocol behavior .

arp-scan sends packets to hosts on the local network and displays any responses that are received . By default the ARP packets are send to the Ethernet broadcast address ” ff:ff:ff:ff:ff:ff ” , but can be changed with the ” – -destaddr ” option .

The target host to scan may be specified in one of the following three ways :

1. by specifying targets directly on the terminal
2. by specifying a file containing the targets “ – – file “
3. by specifying the  “ – – localhost or -l ” option witch causes all posible hosts attached to the local network  to respond

You can use either IP addresses , host names or network specifications ie :

• IPnetwork/bits   192.168.1.0/24
• IPnetwork_start – IPnetwork_end  192-168-1-20-25
• IPnetwork:netmask  192.168.1.0:255.255.255.0

arp-scan is not installed by default on CentOs 5.x , but is provided from EPEL  and can be installed with :  yum  install arp-scan .
The most basic usage is to scan your local network as follows :

Have a look at arp-scan’s  cousin (arpwatch)  >>>>>>