--- embedaddon/arping/README 2012/02/21 22:16:27 1.1.1.1 +++ embedaddon/arping/README 2021/03/16 23:40:57 1.1.1.4 @@ -2,7 +2,7 @@ arping/README ARP Ping - By Thomas Habets + By Thomas Habets http://www.habets.pp.se/synscan/ http://github.com/ThomasHabets/arping @@ -10,7 +10,7 @@ arping/README Introduction ------------ -Arping is a util to find out it a specific IP address on the LAN is 'taken' +Arping is a util to find out if a specific IP address on the LAN is 'taken' and what MAC address owns it. Sure, you *could* just use 'ping' to find out if it's taken and even if the computer blocks ping (and everything else) you still get an entry in your ARP cache. But what if you aren't on a routable net? Or @@ -43,15 +43,15 @@ I try to test arping on these platforms before any rel * Latest Debian stable x86 and amd64 * Linux (Debian or Ubuntu) on arm * Latest OpenBSD x86 or amd64 -* FreeBSD x86 -* Solaris 10 sparc -I don't have these systems up and runnig 24/7, but I try to get them tested -every now and then: +Systems that it should still work on, but I don't personally regularly test: +* Debian Alpha +* FreeBSD +* IRIX 6.5 mips (last test 2009-09-27) * MacOS X -* Debian alpha +* NetBSD * OpenBSD sparc64 (last test: 2009-10-02) -* IRIX 6.5 mips (last test 2009-09-27) +* Solaris Mailing list ------------ @@ -122,18 +122,12 @@ A: -T allows you to restrict the arping to a --- Q: ./configure says I need libnet and/or libpcap -A: Arping depends on libnet 1.1.x and libpcap, get libnet at: - http://www.packetfactory.net/libnet and libpcap from http://www.tcpdump.org. +A: Arping depends on libnet 1.1 or newer, and libpcap. Get libnet from + https://github.com/libnet/libnet and libpcap from http://www.tcpdump.org. + Or more likely they were both included in your Linux distribution. - Lately www.packetfactory.net seems to be down, so you can get the original - tarball from the Debian archives: - http://ftp.debian.org/debian/pool/main/libn/libnet/libnet_1.1.4.orig.tar.gz - If that exact file doesn't exist there probably is one with a higher - version number. - - Or github.com: - http://github.com/sam-github/libnet - http://github.com/ThomasHabets/libnet + The original libnet site + was http://packetfactory.openwall.net/projects/libnet/, but is not updated. --- Q: I get bus error on my non-x86 box @@ -191,13 +185,17 @@ A: Be my guest, but if care about security *at all* yo a network debugging tool, which generates low-level network packets that ordinary users have absolutely no business generating. - For example, I don't protect against an ALRM signal flood, which will result - in a packet flood. (arping 2.x doesn't have this issue) - If you are honestly debugging the network then I don't see why you aren't root already. - If you think I'm wrong, tell me why. + That being said, on Linux you can add the CAP_NET_RAW capability to arping + limiting the damage if arping were to be compromised: + sudo setcap cap_net_raw+ep /usr/local/sbin/arping + This requires a libnet 1.1.5 or higher, which does not explicitly check for + uid 0. + + For older versions of Libnet: + http://github.com/ThomasHabets/libnet/commit/aaa383b5c816107082508b7646929a9479b81645 --- Q: What's this -A switch all about, I don't understand it. @@ -280,5 +278,5 @@ For pinging MAC addresses: range it searches is hard-coded. I may add this to arping some day, but don't hold your breath. ----------------------------------------------------------------------------- -Send questions/suggestions/patches/rants/money/alphas to thomas@habets.pp.se +----------------------------------------------------------------------- +Send questions/suggestions/patches/rants/money/envy to thomas@habets.se