Using Arp On Your Network
June 24th, 2009 by Shawn Powers in
Download in .ogv format
__________________________
Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Delicious
Digg
StumbleUpon
Reddit
Facebook
Post to TwitterSubscribe now!
The Latest
Newsletter
Tech Tip Videos
Recently Popular
From the Magazine
December 2009, #188
If last month's Infrastrucuture issue was too "big" for you then try on this month's Embedded issue. Find out how to use Player for programming mobile robots, build a humidity controller for your root cellar, find out how to reduce the boot time of your embedded system, and if you're new to embedded systems find out the basics that go into one. You can also read about the Beagle Board, the Mesh Potato and a spate of other interestingly named items. And along with our regular columns don't miss our new monthly column: Economy Size Geek.
Quick and Dirty Range Scan
On July 2nd, 2009 xvalx (not verified) says:
I use these commands to perform a quick and dirty subnet scan (assuming it is a 255.255.255.0 subnet of course).
ARPINT=wlan0
ARPNET=192.168.1
for i in `seq 1 254`; do { arping -f -c 3 -I $ARPINT $ARPNET.$i & }; done | grep Unicast 2>/dev/null
I actually have this as a script where ARPINT and ARPNET are arguments.
How about when wireless AP has IP address in different subnet?
On July 1st, 2009 Terrell Prude' Jr. (not verified) says:
Hi Shawn,
I like the premise of your video, and it does help out in a lot of cases. But there's another too-common case in which I'm not sure this'll be quite enough. Say you get a used wireless access point (eBay, a friend, whatever). This wireless AP has, we'll say, an IP address of 172.16.0.3/24. But the network you're sticking it on is 192.168.0.0/24. Will "arp -a" help then, or will that workstation just ignore it (not on 'reachable' subnet)?
Assuming we knew the MAC address (not always guaranteed with rogue devices), what we had to do was manually make a static ARP entry in the workstation, which would let us get to the wireless AP / print server / whatever. Then we could get to it and change the IP address to something in our actual subnet, deleting the static ARP entry afterwards. If this sounds like an ugly hack, that's because it is! :-)
--TP
Addendum to above post
On July 1st, 2009 Terrell Prude' Jr. (not verified) says:
Forgot to mention one thing. You don't know what the IP address of that wireless AP is that you just got. Your buddy or the person you bought it from on eBay doesn't know, either ("umm, worked fine at *my* house, d00d").
Also, for completeness, I should specify that the static ARP entry in the second paragraph is for something on the subnet your network actually uses (in this example, 192.168.0.0/24).
--TP
In windows (please don't
On June 30th, 2009 Davil (not verified) says:
In windows (please don't flame me) you could just type ipconfig /all and check ur DNS server or default gateway IP (again only if actually using said access point as default gateway). am I missing something here? I thought there would be a quick command in Linux to find what DNS server / Gateway you're using ? no ? I really want to make the move to linux but little things like this bug me... Please let me know if I'm just being dopey here.
How to do this in GNU/Linux or any other UNIX
On July 1st, 2009 Terrell Prude' Jr. (not verified) says:
Two commands.
1.) "more /etc/resolv.conf"
2.) "netstat -rn"
The first tells you what your DNS servers are. The second tells you what your default next-hop ("gateway", in MS parlance) is.
As for trying out GNU/Linux, don't let "dopey" things like this stop you. You had to learn MS Windows and the ipconfig command, didn't you? :-) It's the same here, and it's not hard. It didn't take long before I was just doing stuff on Linux as instinctively as I did on DOS and Windows.
I would recommend Ubuntu for you. It's easy to use and popular, there's a large community of support for it, and there are plenty of folks who came from MS Windows. Finally, Ubuntu can run from the CD, so you can "try before you install."
--TP
Yes but
On July 1st, 2009 Shawn Powers says:
The access point wasn't the router -- it was a stand alone access point. :)
__________________________Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
Have not you got the
On June 27th, 2009 Anonymous (not verified) says:
Have not you got the memo?
arp is obsolete in favor of `ip neigh`.
I had not...
On June 29th, 2009 Shawn Powers says:
Cool command! No, in fact, I didn't know about that.
"arp" is more fun to say though. hehhehehe
__________________________Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
the problem I often
On June 26th, 2009 Geoff Campos (not verified) says:
the problem I often encounter is a network device on a different subnet. On devices like ADSL router/modems I get frustrated with instruction manuals referencing a Windows only installation disc while hiding the static IP! Grrr! If a product ships with a static default IP address, it should be printed on the unit!
cool intro
On June 24th, 2009 happy subscriber (not verified) says:
that is a neat traveling intro on the lawn there shawn! these tech tips are fun, keep them coming :).
What about using arping?
On June 24th, 2009 Anonymous (not verified) says:
What about using arping?
The way in the video is not
On June 24th, 2009 Ornotermes (not verified) says:
The way in the video is not completely reliable, the router and the DHCP-server don't have to be the same machine. Instead check the log from dhcp-client.
On Ubuntu the logs is stored in /var/lib/dhcp3/dhclient.leases and it looks like this(it stores most recent information at the beginning of the file and is user readable):
lease {
interface "eth0";
fixed-address 192.168.0.229;
option subnet-mask 255.255.255.0;
option routers 192.168.0.1;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option domain-name-servers 192.168.0.1;
option dhcp-server-identifier 192.168.0.1;
option dhcp-renewal-time 43200;
option broadcast-address 192.168.0.255;
option dhcp-rebinding-time 75600;
option host-name "workstation1";
renew 4 2009/06/25 07:15:59;
rebind 4 2009/06/25 17:31:10;
expire 4 2009/06/25 20:31:10;
}
If you want only the dhcp servers address you can use this command:
cat /var/lib/dhcp3/dhclient.leases|grep dhcp-server|head -n1
Misunderstand?
On June 24th, 2009 Shawn Powers says:
The router and dhcp server are both separate from the access point I was trying to find. If the access point has an IP address, generally you can find reference to it in the arp cache. There are ALWAYS exceptions to the rule -- but dhcp wasn't an issue here at all. The access point had a statically assigned IP address, but I didn't know what that address was. :)
__________________________Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
ARP
On June 24th, 2009 blak111 (not verified) says:
This only works if you are using the wireless access point as your default gateway.
The network I'm on has a little over 90 access points and the only thing the arp table will show is the MAC <> IP binding for the router that serves them.
My experience...
On June 24th, 2009 Shawn Powers says:
I actually experienced it differently. The access point in this slightly complex network was 192.168.1.254 (which is what I was trying to discover), but the gateway for the network is 192.168.1.2. In fact, it was when the gateway ended up not being the address I needed that I started joining different access points and looking at my arp table. Thankfully, whichever access point I was bonded to showed up in my arp table.
(It is possible if the access points are in some bridged mode setting that you couldn't get the right address -- but without bridging, this method should actually work)
__________________________Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter
Post new comment