WalkerWiki - wiki.alanwalker.uk

User Tools

Site Tools

Trace:
arp-scan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
arp-scan [2016/09/20 19:15] – created walkeradminarp-scan [2023/03/09 22:35] (current) – external edit 127.0.0.1
Line 2: Line 2:
 \\  \\ 
 \\  \\ 
-<color red>Arp-Scan</color> is a command line utility for scanning MAC addresses that are stored in the ARP Table. By default on Raspbian the timeout for ARP table entries is 60s (check </color red>cat /proc/sys/net/ipv4/neigh/default/gc_stale_time</color> for exact time)+<color red>Arp-Scan</color> is a command line utility for scanning MAC addresses that are stored in the ARP Table. By default on Raspbian the timeout for ARP table entries is 60s, you can check <color red>cat /proc/sys/net/ipv4/neigh/default/gc_stale_time</color> for exact time
 +\\  
 +\\  
 +==== Installation ==== 
 +\\  
 +To install Arp-Scan, from the command line enter: Note: you may have to do a <color red>sudo apt-get update</color> first. 
 +\\  
 +    sudo apt-get install arp-scan 
 +\\  
 +\\  
 +==== Operation ==== 
 +\\  
 +To use <color red>arp-scan</color> enter the following from the command line: 
 +\\  
 +    sudo arp-scan -l 
 +<color red>arp-scan</color> will not show the <color red>local NIC</color> doing the scan mac address 
 +\\  
 +\\  
 +==== Example Output ==== 
 +<file> 
 +Interface: eth0, datalink type: EN10MB (Ethernet) 
 +Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/
 +192.168.100.1     11:1d:aa:a6:66:1b       DrayTek Corp. 
 +192.168.100.2     aa:ac:6f:0c:cf:66       Dell Inc 
 +192.168.100.3     ac:da:0b:6b:cd:ab       (Unknown) 
 +192.168.100.4     ab:61:bb:df:da:dd       (Unknown) 
 +192.168.100.5     aa:00:eb:06:ba:bd       (Unknown) 
 +192.168.100.6     aa:00:eb:a0:ba:ab       (Unknown) 
 +192.168.100.7     aa:aa:b6:6a:ba:d1       (Unknown) 
 +192.168.100.16    b1:bd:6c:1e:b6:bb       (Unknown) 
 +192.168.100.61    11:1a:fb:bb:6b:a6       BSkyB Ltd 
 +192.168.100.66    a6:aa:6e:b1:ba:d1       (Unknown) 
 +192.168.100.66    a6:aa:6e:b1:ba:d1       (Unknown) (DUP: 2) 
 +192.168.100.60    aa:ae:6a:0b:ba:a1       (Unknown) 
 +192.168.100.62    11:ae:fa:f1:ab:aa       (Unknown) 
 +192.168.100.63    fb:6c:ba:ec:1f:ab       (Unknown) 
 +192.168.100.64    aa:ae:6a:1a:10:1d       (Unknown) 
 +</file> 
 +\\  
 +<color red>*Note: these are fabricated IP and MAC Addresses</color> so don't go looking for them :) 
 +\\  
 +\\  
 +\\  
 +==== Searching for a particular MAC ==== 
 +\\  
 +If there are a lot of devices on the network, and you know the MAC, you can search using <color red>arp-scan</color> 
 + and filter the output with <color red>grep</color> 
 +\\  
 +    sudo arp-scan -l | grep "MAC" 
 +     
 +    sudo apr-scan -l | grep "00:a1:d0:00-4a:01"
 \\  \\ 
 \\  \\ 
  
arp-scan.1474395335.txt.gz · Last modified: 2023/03/09 22:35 (external edit)