arp-scan ARP scanning and fingerprinting tool
Last Updated on 2017-03-02 by Sture
Description
arp-scan is a command-line tool that uses the ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence.
WWW: http://www.isc.org/products/DHCP/.
Preparation for Installation
Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.
In this example Terminal on a Mac is used.
Open a remote SSH session to the server with:
Mac:~ user$ ssh user@192.168.1.4 [enter][user@server ~]$Enable superuser privileges with:
[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#N.B.: Enter user password, not the root password!
Installation
Search for isc-dhcp in the remote package repositories with:
[root@server /usr/home/user]# pkg search arp-scan [enter]
arp-scan-1.9 ARP scanning and fingerprinting tool
[root@server /usr/home/user]#In this example arp-scan will be installed.
Install arp-scan with;
[root@server /usr/home/user]# pkg install arp-scan [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
arp-scan: 1.9
Number of packages to be installed: 1
252 KiB to be downloaded.
Proceed with this action? [y/N]: y [enter]
Fetching arp-scan-1.9.txz: 100% 252 KiB 258.2kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing arp-scan-1.9...
[1/1] Extracting arp-scan-1.9: 100%
[root@server /usr/home/user]#Configuration
No configuration needed!n
How to Use
Display up Network Interface Cards with:
[root@server /usr/home/user]# ifconfig -u [enter]
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 84:2b:2b:bf:b4:bf
inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
[root@server /usr/home/user]#In this example Network Interface Card em0 was found.
Scan local network and list all devices found:
[root@server /usr/home/user]# arp-scan --interface=em0 --localnet [enter]
Interface: em0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1 50:c7:bf:01:cc:0f (Unknown)
192.168.1.7 00:1b:21:a4:4e:cc Intel Corporate
192.168.1.9 a4:5d:36:5d:30:e9 Hewlett Packard
192.168.1.10 00:08:9b:f8:db:03 ICP Electronics Inc.
192.168.1.11 00:11:32:0f:42:ec Synology Incorporated
192.168.1.20 00:23:df:fd:6f:18 Apple, Inc
192.168.1.22 1c:1b:0d:66:e3:f0 (Unknown)
192.168.1.113 9c:20:7b:9a:d1:53 Apple Inc
192.168.1.210 00:04:a3:91:58:d1 Microchip Technology, Inc.
192.168.1.211 00:1d:ec:0a:e2:8b Marusys
192.168.1.114 68:5b:36:00:8a:bd POWERTECH INDUSTRIAL CO., LTD.
192.168.1.115 68:5b:36:00:81:0a POWERTECH INDUSTRIAL CO., LTD.
192.168.1.132 60:c5:47:54:81:07 Apple, Inc.
192.168.1.201 d4:9a:20:5a:e8:0e Apple, Inc
192.168.1.209 c8:69:cd:6e:26:30 (Unknown)
192.168.1.206 d0:ae:ec:4e:2e:67 Alpha Networks Inc.
192.168.1.205 68:5b:36:00:88:5b POWERTECH INDUSTRIAL CO., LTD.
556 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9: 256 hosts scanned in 2.201 seconds (116.31 hosts/sec). 17 responded
[root@server /usr/home/user]#