arp-scan ARP scanning and fingerprinting tool

arp-scan ARP scanning and fingerprinting tool

Last Updated on 2017-03-02 by Sture


arp-scan is a command-line tool that uses the ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence.


Preparation for Installation

Start PuTTY on a Windows PC, Terminal on a Mac or similar terminal application on a Linux PC.

In this example Terminal on a Mac is used.

Open a remote SSH session to the server with:

Mac:~ user$ ssh user@ [enter]
N.B.: Replace user@ with User ID and IP Address on Your server!
[user@server ~]$

Enable superuser privileges with:

[user@server ~]$ sudo -s [enter]
Password: <-- passwd [enter]
[root@server /usr/home/user]#

N.B.: Enter user password, not the root password!


Search for isc-dhcp in the remote package repositories with:

[root@server /usr/home/user]# pkg search arp-scan [enter]
arp-scan-1.9                   ARP scanning and fingerprinting tool
[root@server /usr/home/user]#

In this example arp-scan will be installed.

Install arp-scan with;

[root@server /usr/home/user]# pkg install arp-scan [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	arp-scan: 1.9

Number of packages to be installed: 1

252 KiB to be downloaded.

Proceed with this action? [y/N]: y [enter]
Fetching arp-scan-1.9.txz: 100%  252 KiB 258.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing arp-scan-1.9...
[1/1] Extracting arp-scan-1.9: 100%
[root@server /usr/home/user]#


No configuration needed!n

How to Use

Display up Network Interface Cards with:

[root@server /usr/home/user]# ifconfig -u [enter]
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 84:2b:2b:bf:b4:bf
	inet netmask 0xffffff00 broadcast 
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
	inet netmask 0xff000000 
	groups: lo 
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
	groups: pflog
[root@server /usr/home/user]#

In this example Network Interface Card em0 was found.

Scan local network and list all devices found:

[root@server /usr/home/user]# arp-scan --interface=em0 --localnet [enter]
Interface: em0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (	50:c7:bf:01:cc:0f	(Unknown)	00:1b:21:a4:4e:cc	Intel Corporate	a4:5d:36:5d:30:e9	Hewlett Packard	00:08:9b:f8:db:03	ICP Electronics Inc.	00:11:32:0f:42:ec	Synology Incorporated	00:23:df:fd:6f:18	Apple, Inc	1c:1b:0d:66:e3:f0	(Unknown)	9c:20:7b:9a:d1:53	Apple Inc	00:04:a3:91:58:d1	Microchip Technology, Inc.	00:1d:ec:0a:e2:8b	Marusys	68:5b:36:00:8a:bd	POWERTECH INDUSTRIAL CO., LTD.	68:5b:36:00:81:0a	POWERTECH INDUSTRIAL CO., LTD.	60:c5:47:54:81:07	Apple, Inc.	d4:9a:20:5a:e8:0e	Apple, Inc	c8:69:cd:6e:26:30	(Unknown)	d0:ae:ec:4e:2e:67	Alpha Networks Inc.	68:5b:36:00:88:5b	POWERTECH INDUSTRIAL CO., LTD.

556 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9: 256 hosts scanned in 2.201 seconds (116.31 hosts/sec). 17 responded
[root@server /usr/home/user]#

Leave a Reply