Discover your local network with ” arp-scan ” on Linux January 26, 2011Posted by Tournas Dimitrios in Linux admin tools.
arp-scan is a must-have tool for network security , administration , training and discovering all hosts (devices) on your local network , even firewall-ed hosts that won’t respond to pings . First important to note is that arp scanning is a local discovery process only , arp packets are non routable packets ( they don’t have an IP header ) , they can’t go through a routing device (router) , so they can only go so far as their broadcast domain .
Arp-scanning will find a firewall-ed host that is configured not to respond to ping (ICMP echo request ) — ARP is never blocked .
An experienced Linux user would say that nmap can also do this job and even more . But arp-scan fits exactly the Linux philosophy — do just one think and do it best —
arp-scan makes minimal bandwidth overhead and uses natural protocol behavior .
arp-scan sends packets to hosts on the local network and displays any responses that are received . By default the ARP packets are send to the Ethernet broadcast address ” ff:ff:ff:ff:ff:ff ” , but can be changed with the ” – -destaddr ” option .
The target host to scan may be specified in one of the following three ways :
- by specifying targets directly on the terminal
- by specifying a file containing the targets “ – – file “
- by specifying the “ – – localhost or -l ” option witch causes all posible hosts attached to the local network to respond
You can use either IP addresses , host names or network specifications ie :
- IPnetwork/bits 192.168.1.0/24
- IPnetwork_start – IPnetwork_end 192-168-1-20-25
- IPnetwork:netmask 192.168.1.0:255.255.255.0
arp-scan is not installed by default on CentOs 5.x , but is provided from EPEL and can be installed with : yum install arp-scan .
The most basic usage is to scan your local network as follows :
Have a look at arp-scan’s cousin (arpwatch) >>>>>>