Arp-scan is a commandline utility for linux that can be used to scan the network of a certain interface for alive hosts. It shows the ip address and mac addresses of all the hosts/nodes found.
$ sudo arp-scan --interface=eth0 --localnet
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1 00:21:2c:82:08:87 SemIndia System Private Limited
192.168.1.2 6c:f0:49:69:c1:25 GIGA-BYTE TECHNOLOGY CO.,LTD.
2 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.435 seconds (178.40 hosts/sec). 2 responded
So in the above example arp-scan was used to scan the network of the device eth0, and it discovered 2 alive nodes apart from localhost machine. The option localnet makes arp-scan scan the local network.
In place of the localnet option arp-scan can also take a range of ip addresses to scan. For example :
$ sudo arp-scan --interface=eth0 192.168.1.1/24
Interface: eth0, datalink type: EN10MB (Ethernet)
WARNING: host part of 192.168.1.1/24 is non-zero
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1 00:21:2c:82:08:87 SemIndia System Private Limited
192.168.1.2 6c:f0:49:69:c1:25 GIGA-BYTE TECHNOLOGY CO.,LTD.
2 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.421 seconds (180.15 hosts/sec). 2 responded
The ip range has been given in CIDR notation. The number after the forward slash indicates how many bits stay constant from the left. So 24 means that the first 24 left bits stays constant and rest can change, which implies that the last octet can change, so the range is effectively 192.168.1.1 to 192.168.1.256
Arp-scan
Arp-scan is a commandline utility for linux that can be used to scan the network of a certain interface for alive hosts. It shows the ip address and mac addresses of all the hosts/nodes found.
Project website http://www.nta-monitor.com/tools-resources/security-tools/arp-scan
Install on ubuntu
The documentation can be found at http://www.nta-monitor.com/wiki/index.php/Arp-scan_Documentation
Usage
Quick example
So in the above example arp-scan was used to scan the network of the device eth0, and it discovered 2 alive nodes apart from localhost machine. The option localnet makes arp-scan scan the local network.
In place of the localnet option arp-scan can also take a range of ip addresses to scan. For example :
The ip range has been given in CIDR notation. The number after the forward slash indicates how many bits stay constant from the left. So 24 means that the first 24 left bits stays constant and rest can change, which implies that the last octet can change, so the range is effectively 192.168.1.1 to 192.168.1.256