Using Arp On Your Network

FAIL (the browser should render some flash content, not this).

Download in .ogv format

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Quick and Dirty Range Scan

xvalx's picture

I use these commands to perform a quick and dirty subnet scan (assuming it is a 255.255.255.0 subnet of course).

ARPINT=wlan0
ARPNET=192.168.1
for i in `seq 1 254`; do { arping -f -c 3 -I $ARPINT $ARPNET.$i & }; done | grep Unicast 2>/dev/null

I actually have this as a script where ARPINT and ARPNET are arguments.

How about when wireless AP has IP address in different subnet?

Terrell Prude' Jr.'s picture

Hi Shawn,

I like the premise of your video, and it does help out in a lot of cases. But there's another too-common case in which I'm not sure this'll be quite enough. Say you get a used wireless access point (eBay, a friend, whatever). This wireless AP has, we'll say, an IP address of 172.16.0.3/24. But the network you're sticking it on is 192.168.0.0/24. Will "arp -a" help then, or will that workstation just ignore it (not on 'reachable' subnet)?

Assuming we knew the MAC address (not always guaranteed with rogue devices), what we had to do was manually make a static ARP entry in the workstation, which would let us get to the wireless AP / print server / whatever. Then we could get to it and change the IP address to something in our actual subnet, deleting the static ARP entry afterwards. If this sounds like an ugly hack, that's because it is! :-)

--TP

Addendum to above post

Terrell Prude' Jr.'s picture

Forgot to mention one thing. You don't know what the IP address of that wireless AP is that you just got. Your buddy or the person you bought it from on eBay doesn't know, either ("umm, worked fine at *my* house, d00d").

Also, for completeness, I should specify that the static ARP entry in the second paragraph is for something on the subnet your network actually uses (in this example, 192.168.0.0/24).

--TP

In windows (please don't

Davil's picture

In windows (please don't flame me) you could just type ipconfig /all and check ur DNS server or default gateway IP (again only if actually using said access point as default gateway). am I missing something here? I thought there would be a quick command in Linux to find what DNS server / Gateway you're using ? no ? I really want to make the move to linux but little things like this bug me... Please let me know if I'm just being dopey here.

How to do this in GNU/Linux or any other UNIX

Terrell Prude' Jr.'s picture

Two commands.

1.) "more /etc/resolv.conf"
2.) "netstat -rn"

The first tells you what your DNS servers are. The second tells you what your default next-hop ("gateway", in MS parlance) is.

As for trying out GNU/Linux, don't let "dopey" things like this stop you. You had to learn MS Windows and the ipconfig command, didn't you? :-) It's the same here, and it's not hard. It didn't take long before I was just doing stuff on Linux as instinctively as I did on DOS and Windows.

I would recommend Ubuntu for you. It's easy to use and popular, there's a large community of support for it, and there are plenty of folks who came from MS Windows. Finally, Ubuntu can run from the CD, so you can "try before you install."

--TP

Yes but

Shawn Powers's picture

The access point wasn't the router -- it was a stand alone access point. :)

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Have not you got the

Anonymous's picture

Have not you got the memo?

arp is obsolete in favor of `ip neigh`.

I had not...

Shawn Powers's picture

Cool command! No, in fact, I didn't know about that.

"arp" is more fun to say though. hehhehehe

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

the problem I often

Geoff Campos's picture

the problem I often encounter is a network device on a different subnet. On devices like ADSL router/modems I get frustrated with instruction manuals referencing a Windows only installation disc while hiding the static IP! Grrr! If a product ships with a static default IP address, it should be printed on the unit!

cool intro

happy subscriber's picture

that is a neat traveling intro on the lawn there shawn! these tech tips are fun, keep them coming :).

What about using arping?

Anonymous's picture

What about using arping?

The way in the video is not

Ornotermes's picture

The way in the video is not completely reliable, the router and the DHCP-server don't have to be the same machine. Instead check the log from dhcp-client.
On Ubuntu the logs is stored in /var/lib/dhcp3/dhclient.leases and it looks like this(it stores most recent information at the beginning of the file and is user readable):

lease {
interface "eth0";
fixed-address 192.168.0.229;
option subnet-mask 255.255.255.0;
option routers 192.168.0.1;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option domain-name-servers 192.168.0.1;
option dhcp-server-identifier 192.168.0.1;
option dhcp-renewal-time 43200;
option broadcast-address 192.168.0.255;
option dhcp-rebinding-time 75600;
option host-name "workstation1";
renew 4 2009/06/25 07:15:59;
rebind 4 2009/06/25 17:31:10;
expire 4 2009/06/25 20:31:10;
}

If you want only the dhcp servers address you can use this command:
cat /var/lib/dhcp3/dhclient.leases|grep dhcp-server|head -n1

Misunderstand?

Shawn Powers's picture

The router and dhcp server are both separate from the access point I was trying to find. If the access point has an IP address, generally you can find reference to it in the arp cache. There are ALWAYS exceptions to the rule -- but dhcp wasn't an issue here at all. The access point had a statically assigned IP address, but I didn't know what that address was. :)

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

ARP

blak111's picture

This only works if you are using the wireless access point as your default gateway.
The network I'm on has a little over 90 access points and the only thing the arp table will show is the MAC <> IP binding for the router that serves them.

My experience...

Shawn Powers's picture

I actually experienced it differently. The access point in this slightly complex network was 192.168.1.254 (which is what I was trying to discover), but the gateway for the network is 192.168.1.2. In fact, it was when the gateway ended up not being the address I needed that I started joining different access points and looking at my arp table. Thankfully, whichever access point I was bonded to showed up in my arp table.

(It is possible if the access points are in some bridged mode setting that you couldn't get the right address -- but without bridging, this method should actually work)

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix