|
version 1.1, 2012/02/21 22:16:27
|
version 1.1.1.4, 2021/03/16 23:40:57
|
|
Line 2 arping/README
|
Line 2 arping/README
|
| |
|
| ARP Ping |
ARP Ping |
| |
|
| By Thomas Habets <thomas@habets.pp.se> | By Thomas Habets <thomas@habets.se> |
| |
|
| http://www.habets.pp.se/synscan/ |
http://www.habets.pp.se/synscan/ |
| http://github.com/ThomasHabets/arping |
http://github.com/ThomasHabets/arping |
|
Line 10 arping/README
|
Line 10 arping/README
|
| |
|
| Introduction |
Introduction |
| ------------ |
------------ |
| Arping is a util to find out it a specific IP address on the LAN is 'taken' | Arping is a util to find out if a specific IP address on the LAN is 'taken' |
| and what MAC address owns it. Sure, you *could* just use 'ping' to find out if |
and what MAC address owns it. Sure, you *could* just use 'ping' to find out if |
| it's taken and even if the computer blocks ping (and everything else) you still |
it's taken and even if the computer blocks ping (and everything else) you still |
| get an entry in your ARP cache. But what if you aren't on a routable net? Or |
get an entry in your ARP cache. But what if you aren't on a routable net? Or |
|
Line 43 I try to test arping on these platforms before any rel
|
Line 43 I try to test arping on these platforms before any rel
|
| * Latest Debian stable x86 and amd64 |
* Latest Debian stable x86 and amd64 |
| * Linux (Debian or Ubuntu) on arm |
* Linux (Debian or Ubuntu) on arm |
| * Latest OpenBSD x86 or amd64 |
* Latest OpenBSD x86 or amd64 |
| * FreeBSD x86 |
|
| * Solaris 10 sparc |
|
| |
|
| I don't have these systems up and runnig 24/7, but I try to get them tested | Systems that it should still work on, but I don't personally regularly test: |
| every now and then: | * Debian Alpha |
| | * FreeBSD |
| | * IRIX 6.5 mips (last test 2009-09-27) |
| * MacOS X |
* MacOS X |
| * Debian alpha | * NetBSD |
| * OpenBSD sparc64 (last test: 2009-10-02) |
* OpenBSD sparc64 (last test: 2009-10-02) |
| * IRIX 6.5 mips (last test 2009-09-27) | * Solaris |
| |
|
| Mailing list |
Mailing list |
| ------------ |
------------ |
|
Line 122 A: -T <IP/host> allows you to restrict the arping to a
|
Line 122 A: -T <IP/host> allows you to restrict the arping to a
|
| --- |
--- |
| Q: ./configure says I need libnet and/or libpcap |
Q: ./configure says I need libnet and/or libpcap |
| |
|
| A: Arping depends on libnet 1.1.x and libpcap, get libnet at: | A: Arping depends on libnet 1.1 or newer, and libpcap. Get libnet from |
| http://www.packetfactory.net/libnet and libpcap from http://www.tcpdump.org. | https://github.com/libnet/libnet and libpcap from http://www.tcpdump.org. |
| | Or more likely they were both included in your Linux distribution. |
| |
|
| Lately www.packetfactory.net seems to be down, so you can get the original | The original libnet site |
| tarball from the Debian archives: | was http://packetfactory.openwall.net/projects/libnet/, but is not updated. |
| http://ftp.debian.org/debian/pool/main/libn/libnet/libnet_1.1.4.orig.tar.gz | |
| If that exact file doesn't exist there probably is one with a higher | |
| version number. | |
| |
| Or github.com: | |
| http://github.com/sam-github/libnet | |
| http://github.com/ThomasHabets/libnet | |
| --- |
--- |
| Q: I get bus error on my non-x86 box |
Q: I get bus error on my non-x86 box |
| |
|
|
Line 191 A: Be my guest, but if care about security *at all* yo
|
Line 185 A: Be my guest, but if care about security *at all* yo
|
| a network debugging tool, which generates low-level network packets that |
a network debugging tool, which generates low-level network packets that |
| ordinary users have absolutely no business generating. |
ordinary users have absolutely no business generating. |
| |
|
| For example, I don't protect against an ALRM signal flood, which will result |
|
| in a packet flood. (arping 2.x doesn't have this issue) |
|
| |
|
| If you are honestly debugging the network then I don't see why you aren't |
If you are honestly debugging the network then I don't see why you aren't |
| root already. |
root already. |
| |
|
| If you think I'm wrong, tell me why. | That being said, on Linux you can add the CAP_NET_RAW capability to arping |
| | limiting the damage if arping were to be compromised: |
| | sudo setcap cap_net_raw+ep /usr/local/sbin/arping |
| | This requires a libnet 1.1.5 or higher, which does not explicitly check for |
| | uid 0. |
| | |
| | For older versions of Libnet: |
| | http://github.com/ThomasHabets/libnet/commit/aaa383b5c816107082508b7646929a9479b81645 |
| --- |
--- |
| Q: What's this -A switch all about, I don't understand it. |
Q: What's this -A switch all about, I don't understand it. |
| |
|
|
Line 280 For pinging MAC addresses:
|
Line 278 For pinging MAC addresses:
|
| range it searches is hard-coded. |
range it searches is hard-coded. |
| I may add this to arping some day, but don't hold your breath. |
I may add this to arping some day, but don't hold your breath. |
| |
|
| ---------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
| Send questions/suggestions/patches/rants/money/alphas to thomas@habets.pp.se | Send questions/suggestions/patches/rants/money/envy to thomas@habets.se |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to README CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / arping