version 1.1, 2012/02/21 22:16:27
|
version 1.1.1.4, 2021/03/16 23:40:57
|
Line 2 arping/README
|
Line 2 arping/README
|
|
|
ARP Ping |
ARP Ping |
|
|
By Thomas Habets <thomas@habets.pp.se> | By Thomas Habets <thomas@habets.se> |
|
|
http://www.habets.pp.se/synscan/ |
http://www.habets.pp.se/synscan/ |
http://github.com/ThomasHabets/arping |
http://github.com/ThomasHabets/arping |
Line 10 arping/README
|
Line 10 arping/README
|
|
|
Introduction |
Introduction |
------------ |
------------ |
Arping is a util to find out it a specific IP address on the LAN is 'taken' | Arping is a util to find out if a specific IP address on the LAN is 'taken' |
and what MAC address owns it. Sure, you *could* just use 'ping' to find out if |
and what MAC address owns it. Sure, you *could* just use 'ping' to find out if |
it's taken and even if the computer blocks ping (and everything else) you still |
it's taken and even if the computer blocks ping (and everything else) you still |
get an entry in your ARP cache. But what if you aren't on a routable net? Or |
get an entry in your ARP cache. But what if you aren't on a routable net? Or |
Line 43 I try to test arping on these platforms before any rel
|
Line 43 I try to test arping on these platforms before any rel
|
* Latest Debian stable x86 and amd64 |
* Latest Debian stable x86 and amd64 |
* Linux (Debian or Ubuntu) on arm |
* Linux (Debian or Ubuntu) on arm |
* Latest OpenBSD x86 or amd64 |
* Latest OpenBSD x86 or amd64 |
* FreeBSD x86 |
|
* Solaris 10 sparc |
|
|
|
I don't have these systems up and runnig 24/7, but I try to get them tested | Systems that it should still work on, but I don't personally regularly test: |
every now and then: | * Debian Alpha |
| * FreeBSD |
| * IRIX 6.5 mips (last test 2009-09-27) |
* MacOS X |
* MacOS X |
* Debian alpha | * NetBSD |
* OpenBSD sparc64 (last test: 2009-10-02) |
* OpenBSD sparc64 (last test: 2009-10-02) |
* IRIX 6.5 mips (last test 2009-09-27) | * Solaris |
|
|
Mailing list |
Mailing list |
------------ |
------------ |
Line 122 A: -T <IP/host> allows you to restrict the arping to a
|
Line 122 A: -T <IP/host> allows you to restrict the arping to a
|
--- |
--- |
Q: ./configure says I need libnet and/or libpcap |
Q: ./configure says I need libnet and/or libpcap |
|
|
A: Arping depends on libnet 1.1.x and libpcap, get libnet at: | A: Arping depends on libnet 1.1 or newer, and libpcap. Get libnet from |
http://www.packetfactory.net/libnet and libpcap from http://www.tcpdump.org. | https://github.com/libnet/libnet and libpcap from http://www.tcpdump.org. |
| Or more likely they were both included in your Linux distribution. |
|
|
Lately www.packetfactory.net seems to be down, so you can get the original | The original libnet site |
tarball from the Debian archives: | was http://packetfactory.openwall.net/projects/libnet/, but is not updated. |
http://ftp.debian.org/debian/pool/main/libn/libnet/libnet_1.1.4.orig.tar.gz | |
If that exact file doesn't exist there probably is one with a higher | |
version number. | |
| |
Or github.com: | |
http://github.com/sam-github/libnet | |
http://github.com/ThomasHabets/libnet | |
--- |
--- |
Q: I get bus error on my non-x86 box |
Q: I get bus error on my non-x86 box |
|
|
Line 191 A: Be my guest, but if care about security *at all* yo
|
Line 185 A: Be my guest, but if care about security *at all* yo
|
a network debugging tool, which generates low-level network packets that |
a network debugging tool, which generates low-level network packets that |
ordinary users have absolutely no business generating. |
ordinary users have absolutely no business generating. |
|
|
For example, I don't protect against an ALRM signal flood, which will result |
|
in a packet flood. (arping 2.x doesn't have this issue) |
|
|
|
If you are honestly debugging the network then I don't see why you aren't |
If you are honestly debugging the network then I don't see why you aren't |
root already. |
root already. |
|
|
If you think I'm wrong, tell me why. | That being said, on Linux you can add the CAP_NET_RAW capability to arping |
| limiting the damage if arping were to be compromised: |
| sudo setcap cap_net_raw+ep /usr/local/sbin/arping |
| This requires a libnet 1.1.5 or higher, which does not explicitly check for |
| uid 0. |
| |
| For older versions of Libnet: |
| http://github.com/ThomasHabets/libnet/commit/aaa383b5c816107082508b7646929a9479b81645 |
--- |
--- |
Q: What's this -A switch all about, I don't understand it. |
Q: What's this -A switch all about, I don't understand it. |
|
|
Line 280 For pinging MAC addresses:
|
Line 278 For pinging MAC addresses:
|
range it searches is hard-coded. |
range it searches is hard-coded. |
I may add this to arping some day, but don't hold your breath. |
I may add this to arping some day, but don't hold your breath. |
|
|
---------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
Send questions/suggestions/patches/rants/money/alphas to thomas@habets.pp.se | Send questions/suggestions/patches/rants/money/envy to thomas@habets.se |