jump to navigation

Discover your local network with ” arp-scan ” on Linux January 26, 2011

Posted by Tournas Dimitrios in Linux admin tools.

arp-scan is a must-have tool for network security , administration , training and discovering all  hosts (devices) on your local network , even firewall-ed hosts that won’t respond to pings . First important to note is that arp scanning is a local discovery process only , arp packets are non routable packets ( they don’t have an IP header ) , they can’t go through a routing device (router) , so they can only go so far as their broadcast domain .
Arp-scanning will find a firewall-ed host that is configured  not to respond to ping (ICMP echo request ) — ARP is never blocked .

An experienced Linux user would say that nmap can also do this job and even more . But arp-scan fits exactly the Linux philosophy — do just one think and do it best —
arp-scan makes minimal bandwidth overhead and uses natural protocol behavior .

arp-scan sends packets to hosts on the local network and displays any responses that are received . By default the ARP packets are send to the Ethernet broadcast address ” ff:ff:ff:ff:ff:ff ” , but can be changed with the ” – -destaddr ” option .

The target host to scan may be specified in one of the following three ways :

  1. by specifying targets directly on the terminal
  2. by specifying a file containing the targets “ – – file
  3. by specifying the  “ – – localhost or -l ” option witch causes all posible hosts attached to the local network  to respond

You can use either IP addresses , host names or network specifications ie :

  • IPnetwork/bits
  • IPnetwork_start – IPnetwork_end  192-168-1-20-25
  • IPnetwork:netmask

arp-scan is not installed by default on CentOs 5.x , but is provided from EPEL  and can be installed with :  yum  install arp-scan .
The most basic usage is to scan your local network as follows :

Have a look at arp-scan’s  cousin (arpwatch)  >>>>>>


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s