Arp-scan
Arp-scan is a commandline utility for linux that can be used to scan the network of a certain interface for alive hosts. It shows the ip address and mac addresses of all the hosts/nodes found.
Project website
http://www.nta-monitor.com/tools-resources/security-tools/arp-scan
Install on ubuntu
$ sudo apt-get install arp-scan
The documentation can be found at
http://www.nta-monitor.com/wiki/index.php/Arp-scan_Documentation
Usage
Quick example
$ sudo arp-scan --interface=eth0 --localnet Interface: eth0, datalink type: EN10MB (Ethernet) Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) 192.168.1.1 00:21:2c:82:08:87 SemIndia System Private Limited 192.168.1.2 6c:f0:49:69:c1:25 GIGA-BYTE TECHNOLOGY CO.,LTD. 2 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.8.1: 256 hosts scanned in 1.435 seconds (178.40 hosts/sec). 2 responded
So in the above example arp-scan was used to scan the network of the device eth0, and it discovered 2 alive nodes apart from localhost machine. The option localnet makes arp-scan scan the local network.
In place of the localnet option arp-scan can also take a range of ip addresses to scan. For example :
$ sudo arp-scan --interface=eth0 192.168.1.1/24 Interface: eth0, datalink type: EN10MB (Ethernet) WARNING: host part of 192.168.1.1/24 is non-zero Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) 192.168.1.1 00:21:2c:82:08:87 SemIndia System Private Limited 192.168.1.2 6c:f0:49:69:c1:25 GIGA-BYTE TECHNOLOGY CO.,LTD. 2 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.8.1: 256 hosts scanned in 1.421 seconds (180.15 hosts/sec). 2 responded
The ip range has been given in CIDR notation. The number after the forward slash indicates how many bits stay constant from the left. So 24 means that the first 24 left bits stays constant and rest can change, which implies that the last octet can change, so the range is effectively 192.168.1.1 to 192.168.1.256
please help me!!! I am trying to use this on bash on Ubuntu on windows and it keeps saying link_open: Address family not supported by protocol what do I do?????!!!
run as sudo
when i am run ‘sudo apt-get install arp-scan’ command i am getting
Reading package lists… Done
Building dependency tree
Reading state information… Done
E: Unable to locate package arp-scan
this message what is the solution for this pblm
Shiva jps try using apt-get update (this will refresh your repositories)
Thank you.
One question that I have, and correct if I am wrong or missing anything. Even with every option used, I still can’t figure how to make arp-scan list the information from the interface it is running from.
So basically in my example, the workstation on the lan that I am running arp-scan from has IP 192..168.0.10, yet that is not listed in the results. But running arp-scan from another workstation, I see that listed, and that new workstation’s information is not. Probably by design, but I was wondering if there was any way around it.
I have read the man pages, the user wiki, this can nowhere be found.
Thank you.
That is because the host you are ARP-scanning from doesnt respon on its own requests,