Arping – To Discover Hosts on a Computer Network

Arping is a computer software tool that is used to discover hosts on a computer network. The program tests whether a given IP address is in use on the local network, and can get additional information about the device using that address.

Arping operates work at the layer 2 (or the link layer of the OSI model) using the Address Resolution Protocol (ARP) for probing hosts. Since ARP is non-routable, this only works for the local network.

However, in networks employing repeaters that use proxy ARP, the ARP response may be coming from such proxy hosts and not from the probed target

Arping Options

-help     Show extended help. Not quite as extensive as this manpage, but
more than -h.

-0       Use this option to ping with source IP address 0.0.0.0. Use thiswhen you haven't configured your interface yet. Note that this may get the MAC-ping unanswered. This is an alias for -S 0.0.0.0.

-a         Audible ping.

-A        Only count addresses matching requested address (This *WILL* break most things you do. Only useful if you are arpinging many hosts at once. See arping-scan-net.sh for an example).

-b        Like -0 but source broadcast source address (255.255.255.255). Note that this may get the arping unanswered since it's not normal behavior for a host.

-B        Use instead of host if you want to address 255.255.255.255.

-c        count Only send count requests.

-d       Find duplicate replies. Exit with 1 if there are answers from two different MAC addresses.

-D      Display answers as dots and missing packets as exclamation points. Like flood ping on a Cisco.

-e      Like -a but beep when there is no reply.

-F      Don't try to be smart about the interface name. Even if this switch is not given, -i disables this smartness.

-h      Displays a help message and exits.

-i       interface Don't guess, use the specified interface.

-p      Turn on promiscious mode on interface, use this if you don't "own" the MAC address you are using.

-q      Does not display messages, except error messages.

-r      Raw output: only the MAC/IP address is displayed for each reply.

-R      Raw output: Like -r but shows "the other one", can be combined with -r.

-s       MAC Set source MAC address. You may need to use -p with this.

-S       IP Like -b and -0 but with set source address. Note that this may get the arping unanswered if the target does not have routing to the IP. If you don't own the IP you are using, you may need to turn on promiscious mode on the  interface (with -p). With this switch you can find out what IP-address a host has without taking an IP-address  yourself.

-t       MAC Set target MAC address to use when pinging IP address.

-T     IP Use -T as target address when pinging MACs that won't respond to a broadcast ping but perhaps to a directed broadcast.

 

-u     Show index=received/sent instead of just index=received when pinging MACs.

-v      Verbose output. Use twice for more messages.

-w     Time to wait between pings, in microseconds.

Manual Page: http://www.unix.com/man-page/all/8/arping/

Lab1 find out MAC address by using victim IP address

This demonstrates the mere-simple use of arping for determining a remote MAC address.

Syntax:  arping –c ‘no. of request’ Ip Address

Command:  arping –c 4 192.168.0.157