There are no reviews yet. Be the first to send feedback to the community and the maintainers!
arping/README ARP Ping By Thomas Habets <[email protected]> http://www.habets.pp.se/synscan/ http://github.com/ThomasHabets/arping git clone https://github.com/ThomasHabets/arping.git Introduction ------------ Arping is a util to find out if a specific IP address on the LAN is 'taken' and what MAC address owns it. Sure, you *could* just use 'ping' to find out if it's taken and even if the computer blocks ping (and everything else) you still get an entry in your ARP cache. But what if you aren't on a routable net? Or the host blocks ping (all ICMP even)? Then you're screwed. Or you use arping. Why it's not stupid ------------------- Say you have a block of N real IANA-assigned IP-addresses. You want to debug the net and you don't know which IP addresses are taken. You can't ping anyone before you take the IP, and you can't pick an IP before you know which are already taken. Catch 22. But with arping you can 'ping' the IP and if you get no response, the IP is available. Example uses ------------ If some box is dumping non-IP (like IPX) garbage and you don't know which box it is, you can ping by MAC to get the IP and fix the problem. If you are on someone else's net and want to 'borrow' a real IP address instead of using one of those 10.x.x.x-addresses the DHCP hands out you probably want to know which ones are taken, or people will get mad (a friend of mine got a call on his cellphone about 15 seconds after he accidentally 'stole' an IP, oops). Compiling / installing ---------------------- See INSTALL file. I try to test arping on these platforms before any release: * Latest Debian stable x86 and amd64 * Linux (Debian or Ubuntu) on arm * Latest OpenBSD x86 or amd64 Systems that it should still work on, but I don't personally regularly test: * Debian Alpha * FreeBSD * IRIX 6.5 mips (last test 2009-09-27) * MacOS X * NetBSD * OpenBSD sparc64 (last test: 2009-10-02) * Solaris Mailing list ------------ Check out http://www.habets.pp.se/synscan/mailinglists.php for information on how to subscribe to help- and announce-lists. How it does it -------------- See 'Technical' at the bottom of this file. FAQ --- Q: Where is Arping 1.x? I use libnet 1.0.x so I need that! A: Arping 1 has finally been removed from the Arping 2.x tarball in 2.09. Arping 1.x currently only lives in the Arping packages 2.08 and lower. If features are to be added or bugs fixed it will show up again as a separate package forked from Arping 2.08. For now just get arping-2.08.tar.gz and use that. --- Q: Where's the Windows version? A compiled .exe would be nice. A: I don't have a windows box, so the .exe I'm providing was NOT compiled by me. If something is strange about it tell me, but there won't be much I can do about it. That being said: http://www.habets.pp.se/synscan/files/arping-for-windows-not-compiled-by-me.exe --- Q: After compiling arping without any problem, i test it first with localhost... but it doesn't respond. Isn't that strange? A: Not really, as you can see by typing 'ifconfig' the lo (local) interface does not have a MAC address. It's not a physical device! MAC addresses are there to differentiate computers on a shared medium (the aether, or ether) and since packets to localhost does not go over any wire there is no need to identify which box is talking to which. There is only one. --- Q: Arping can't ping anything! A: Check which interface is active with -v. If it's the wrong one, use -i to set it right. --- Q: Arping finds some hosts, but not others. why? BTW, I have several NICs. A: You have to choose interface with the -i switch if the default is wrong for you. --- Q: I tried to ping my own MAC address, but it doesn't work. A: A sane OS will think it's suspicious if you send packets to yourself over the wire and will ignore them. And why would you want to lookup the IP or MAC of yourself? ifconfig can tell you that. --- Q: I can't ping any/some MAC address on my LAN. A: Arping when pinging a MAC relies on the host to answer a broadcast ping (icmp echo request) properly (IIRC: not the windows way). If you want a host to pop up on MAC ping, you have to config it to respond to broadcast pings. (for linux, make sure /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is 0) A: -T <IP/host> allows you to restrict the arping to a limited subnet, which may or may not work for you. For example if the box 00:01:02:03:04:05 is on 192.168.0.0/24 then the broadcast probably is 192.168.0.255, so try: # arping -T 192.168.0.255 00:01:02:03:04:05 --- Q: ./configure says I need libnet and/or libpcap A: Arping depends on libnet 1.1 or newer, and libpcap. Get libnet from https://github.com/libnet/libnet and libpcap from http://www.tcpdump.org. Or more likely they were both included in your Linux distribution. The original libnet site was http://packetfactory.openwall.net/projects/libnet/, but is not updated. --- Q: I get bus error on my non-x86 box A: Damn, I thought I fixed those. Tell me how you got it and I'll try to fix it. Attaching config.log always helps. --- Q: I get "libnet_get_ipaddr(): no error" when I run arping with IP (src or dst) 255.255.255.255. A: Use the -b/-B switches. Libnet sucks (ha ha only serious) and returns -1 for error == int32 encoded 255.255.255.255. --- Q: I used to be able to use -S 255.255.255.255, now it fails. What's going on? Q: Why can't I arping 255.255.255.255? A: Argh! Why would you want to? Anyway, this one is due to libnets resolving, and my unwillingness to reimplement it (in a portable manner, ugh). -S 255.255.255.255 can be replaced with -b, and pinging broadcast (why you would do that eludes me) -B. To be extra perverted, try: # ./arping -b -B (yes, I added -b and -B just so that version 1.0 should be complete) --- Q: 1.01 is out, didn't you just say 1.0 was supposed to be the last one? A: Shut up. --- Q: The roundtrip times are off, sometimes by milliseconds! A: I know. Short answer: 'ping' does the same thing. (ping from iputils-ss010824 anyway) Long answer: I can't (portably anyway) do anything other than queue a packet to the network. That means I don't know exactly when it arrived. Also, I can't tell when a packet arrives on the wire, only when arping gets it from the kernel. Just make sure neither the network (whole segment if you are hubbed, just your NIC if you are switched) nor your box is loaded when you care about timing, and/or run arping with higher priority. # nice -n -15 arping foobar But if you find way to get more exact timing portably (or just for one OS really), let me know. --- Q: Is it OK to make arping suid root? A: Be my guest, but if care about security *at all* you will have to restrict execution of arping to trusted users. I could remove "dangerous" features from the code when it's running suid, but I honestly don't want to. This is a network debugging tool, which generates low-level network packets that ordinary users have absolutely no business generating. If you are honestly debugging the network then I don't see why you aren't root already. That being said, on Linux you can add the CAP_NET_RAW capability to arping limiting the damage if arping were to be compromised: sudo setcap cap_net_raw+ep /usr/local/sbin/arping This requires a libnet 1.1.5 or higher, which does not explicitly check for uid 0. For older versions of Libnet: http://github.com/ThomasHabets/libnet/commit/aaa383b5c816107082508b7646929a9479b81645 --- Q: What's this -A switch all about, I don't understand it. A: Normally arping packets are sent out to some kind of broadcast (MAC or IPv4 broadcast) and hosts reply with source address == their address. If -A is given, only packets coming in with a *source* address equal to the *destination* address in the query is accepted. If you don't understand, don't worry. You won't need it. But for an example use, see the arping-scan-net.sh script. --- License ------- It's GPLv2, see the LICENSE file. Technical --------- Yes, I've finally bothered to write how it works. tcpdumps were taken with "tcpdump -vven 'arp or icmp'". The source box is 192.168.0.2/0:10:5a:3e:c5:b4 and the target box is 192.168.0.1/0:60:93:34:91:99. For pinging IP addresses: When a host wants to send an IP packet to another host, it sends out an ARP packet asking what MAC the destination IP address has, a so-called 'who-has' packet. This is then answered by another ARP packet, the 'is-at' packet. 18:16:07.179699 0:10:5a:3e:c5:b4 ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.0.1 tell 192.168.0.2 This is the packet generated by arping. An Ethernet frame from my 3com card to the broadcast address carrying an arp packet asking what MAC 192.168.0.1 has (who-has). 18:16:07.180221 0:60:93:34:91:99 0:10:5a:3e:c5:b4 0806 60: arp reply 192.168.0.1 is-at 0:60:93:34:91:99 The answer, that 192.168.0.1 has MAC 0:60:93:34:91:99 (is-at). For pinging MAC addresses: A broadcast ping (255.255.255.255, or any address supplied with -T, see below) is sent out on the Ethernet, but in an Ethernet frame addressed to the target MAC only. 18:20:09.627321 0:10:5a:3e:c5:b4 0:60:93:34:91:99 0800 42: 192.168.0.2 > 255.255.255.255: icmp: echo request (ttl 48, id 17767, len 28) This is the packet generated by arping. Ethernet frame from my 3com NIC to the destination MAC, carrying a broadcast ping. 18:20:09.628432 0:60:93:34:91:99 0:10:5a:3e:c5:b4 0800 60: 192.168.0.1 > 192.168.0.2: icmp: echo reply (ttl 255, id 7593, len 28) The answer, including the source address of the target host. Note that this is not how every OS responds to a broadcast ping (if at all). Some answer with a source address equal to the broadcast address, and others don't' answer at all. This is why pinging a raw MAC doesn't always work, and you may need to play with -T to get it to answer correctly (or at all). You can always brute-force if you can't even find a broadcast that the box will answer correctly to. ------- for d in $(seq 0 255); do sudo arping -q -c 1 -T $a.$b.$c.$d 0:60:93:34:91:99 if [ $? = 0 ]; then echo "Got answer with address: 192.168.0.$d" fi done -------- Note that this script will take 1 second per IP since that is how long arping waits, so scanning a C-class net will take 256 seconds. If you have a bigger net, then write a program that will run several arpings at the same time to go through more in less time, or check out arping-scan-net.sh, which is a more capable script for scanning, but you need to edit it since the address range it searches is hard-coded. I may add this to arping some day, but don't hold your breath. ----------------------------------------------------------------------- Send questions/suggestions/patches/rants/money/envy to [email protected]
simple-tpm-pk11
Simple PKCS11 provider for TPM chipscmdg
Command line Gmail clientinjcode
Inject code into a running processssh-scripts
Some SSH-related scriptsmonotonic_clock
Portable C library for getting monotonic timexor-analyze
Program for cryptanalyzing xor "encryption" with variable key lengthax25ms
This project is a set of AX.25 microservices, to be pluggable for any implementation.tlssh
TLS Shellbthelper
Bluetooth helper tools for setting up serial ports for e.g. SSHeggpd
Erlang BGP daemonsshproxy
SSH Proxy / Load balancerradiostuff
My collection of gnuradio stuffopenssl-tpm-engine
TPM engine module for OpenSSL (this is not upstream)rslurp
slurp down a whole HTTP directory, with parallel goodnessgtping
GTP Pingsim
Multi Party Authorization version of sudo/doasind
Indent output from subprocessweberl
Like web.py, but for Erlangclipsniff
Sniff the clipboard of a Unix X server.goircd
Minimalistic simple Internet Relay Chat (IRC) serverpipebench
Measures the speed of stdin/stdout communication. I would actually recommend 'pv' over this program. I put it on github in order to collect everything in one place.hamtransfer
Tool for transferring files over amateur radio using modern techniquesdejitun
De-jitter tunnelyhsmpam
YubiHSM PAM module backendgoodpipe
qpov
Tool for converting Quake demo files to POV-Raydotfiles
My dotfilestlscheck
Quickly check TLS certificates of frontends and backendslibopenpty
openpty() for platforms that don't have itrustradio
Like GNURadio, but in Rustdiamond_linking_example
Example of a diamond linking thingy with version problems. See http://blog.habets.pp.se/2012/05/Shared-libraries-diamond-problemmultitraceroute
Fast traceroute that does TCP, UDP and ICMP traceroute in parallel and shows the results in one big table.tcpstats
Collect stats on TCP connections on close()wifispace
GNURadio program for measuring how busy wifi channels arelightwave
Like google wave, but much dumber and written in erlangzipbrute
Old project for brute forcing zip file passwords I found in an old backup from 2001.tarweb
Serve a static website from a tar filehamwebby
Web interface for remote rig control of ham radiosopwgen
Generate passwords like OPIE generates OTPs: readablyfluxbox
Fluxbox window managernetmap
Make and organize network maps from data directly out of your routersgopload
Self-contained simple HTTP upload handler using websockets to show progressopenvpn
OpenVPN, with SSL Engine (TPM) supportcert-sig-pin
Extract a certificate signature suitable for Chrome public key pinning.pam_externalpass
Spawn external program from PAM to do authenticationyurate
Curate Youtube videos so that you don't miss any subscribed content.temp-to-cloud
Upload temperature measurements to Stackdrivergo-uuid
Local mirror of deleted codesite projectfirewalls-at-the-source
x11type
Simulate keypresses in Xtravelling-amateur
Tool for finding rules for operating amateur radio while visiting another country.autoscan
Web and LCD/button UI for scanning from a USB scanner directly into Google Driveudportknock
UDP portknock scriptpgsql
Postgresql useful commands, to be run with psql [databasename] -f <filename>brain
My brainychares
Yubikey challenge-response scriptnetcat
netcat-openbsd with fixed TCP_MD5SIG for Linuxyoracle
Yubikey oracle3ggraph
Graph live information from a 3G dongleirssi
irssi with TPM supportkybertest
CLI to encrypt files using quantum-resistant cryptographylivecount
A widget for a web page (e.g. a blog post) that shows how many people (browsers) currently have the page openairthingy
Tools for airthings API and bluetoothroodit
My reddit scriptssparslog
My implementation of an IKEA sparsnรคs SDR receiverdrive-du
Cmdline and cloud tool for listing folder sizes in Google Drivetlshake
mdsort
Maildir sortersmoog
My smugmug scriptsopenvpn-debian
OpenVPN, with SSL Engine (TPM) supportndping
Like ARPing, but for IPv6closite
Redirect user to the closest site using javascriptlibdropprivs
Example code (will be library) for dropping privilegesprofy
Always-on VPN client scripts intended for Raspberry Pi or other small computersgr-habets38
My gnuradio components for gnuradio 3.8+doublecross-cpp
Experiments in making C++11 versions of things that exist in other languages. Such as the Maybe Monad from Haskell.tleservice
TLEService is a microservice for calculating satellite orbits.flight-radiation
Radiation data from a recent flight between LHR and SFOkeffos
Silly OS I wrote as a teenagerLove Open Source and this site? Check out how you can help us