WalkerWiki - wiki.alanwalker.uk

User Tools

Site Tools

Trace: view_statmux_messages_ssh sytaxhighlighter disable_ipv6_in_alma_linux
arp-scan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
arp-scan [2016/09/20 19:17] walkeradminarp-scan [2016/09/20 19:34] – [Searching for a particular MAC] walkeradmin
Line 3: Line 3:
 \\  \\ 
 <color red>Arp-Scan</color> is a command line utility for scanning MAC addresses that are stored in the ARP Table. By default on Raspbian the timeout for ARP table entries is 60s, you can check <color red>cat /proc/sys/net/ipv4/neigh/default/gc_stale_time</color> for exact time. <color red>Arp-Scan</color> is a command line utility for scanning MAC addresses that are stored in the ARP Table. By default on Raspbian the timeout for ARP table entries is 60s, you can check <color red>cat /proc/sys/net/ipv4/neigh/default/gc_stale_time</color> for exact time.
 +\\ 
 +\\ 
 +==== Installation ====
 +\\ 
 +To install Arp-Scan, from the command line enter: Note: you may have to do a <color red>sudo apt-get update</color> first.
 +\\ 
 +    sudo apt-get install arp-scan
 +\\ 
 +\\ 
 +==== Operation ====
 +\\ 
 +To use <color red>arp-scan</color> enter the following from the command line:
 +\\ 
 +    sudo arp-scan -l
 +<color red>arp-scan</color> will not show the <color red>local NIC</color> doing the scan mac address
 +\\ 
 +\\ 
 +==== Example Output ====
 +<file>
 +Interface: eth0, datalink type: EN10MB (Ethernet)
 +Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
 +192.168.100.1     11:1d:aa:a6:66:1b       DrayTek Corp.
 +192.168.100.2     aa:ac:6f:0c:cf:66       Dell Inc
 +192.168.100.3     ac:da:0b:6b:cd:ab       (Unknown)
 +192.168.100.4     ab:61:bb:df:da:dd       (Unknown)
 +192.168.100.5     aa:00:eb:06:ba:bd       (Unknown)
 +192.168.100.6     aa:00:eb:a0:ba:ab       (Unknown)
 +192.168.100.7     aa:aa:b6:6a:ba:d1       (Unknown)
 +192.168.100.16    b1:bd:6c:1e:b6:bb       (Unknown)
 +192.168.100.61    11:1a:fb:bb:6b:a6       BSkyB Ltd
 +192.168.100.66    a6:aa:6e:b1:ba:d1       (Unknown)
 +192.168.100.66    a6:aa:6e:b1:ba:d1       (Unknown) (DUP: 2)
 +192.168.100.60    aa:ae:6a:0b:ba:a1       (Unknown)
 +192.168.100.62    11:ae:fa:f1:ab:aa       (Unknown)
 +192.168.100.63    fb:6c:ba:ec:1f:ab       (Unknown)
 +192.168.100.64    aa:ae:6a:1a:10:1d       (Unknown)
 +</file>
 +\\ 
 +<color red>*Note: these are fabricated IP and MAC Addresses</color> so don't go looking for them :)
 +\\ 
 +\\ 
 +\\ 
 +==== Searching for a particular MAC ====
 +\\ 
 +If there are a lot of devices on the network, and you know the MAC, you can search using <color red>arp-scan</color>
 + and filter the output with <color red>grep</color>
 +\\ 
 +    sudo arp-scan -l | grep "MAC"
 +    
 +    sudo apr-scan -l | grep "00:a1:d0:00-4a:01"
 \\  \\ 
 \\  \\ 
  
arp-scan.txt · Last modified: 2023/03/09 22:35 by 127.0.0.1