Linux command
arp-scan 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Scan
sudo arp-scan -l
Example
sudo arp-scan [192.168.1.0/24]
Example
sudo arp-scan -I [eth0] -l
Example
sudo arp-scan [192.168.1.1-192.168.1.50]
Quiet
sudo arp-scan -l -q
Example
sudo arp-scan -l --srcaddr=[00:11:22:33:44:55]
说明
arp-scan discovers hosts on a local network by sending ARP requests. It's faster than ping-based scanning because ARP works at layer 2 and hosts cannot easily hide from it. The tool shows IP addresses, MAC addresses, and optionally vendor names from the IEEE OUI database.
参数
- -l, --localnet
- Scan all addresses on local network
- -I _interface_
- Network interface to use
- -q, --quiet
- Quiet mode (only show responding hosts)
- -r _n_, --retry=_n_
- Number of retries per host (default 2).
- -t _ms_, --timeout=_ms_
- Timeout in milliseconds per host (default 500).
- -B, --bandwidth=_bps_
- Limit outbound bandwidth (e.g., 256000).
- -x, --ignoredups
- Ignore duplicate ARP responses.
- --srcaddr=_mac_
- Set the source MAC address in outgoing packets.
- -D, --destaddr=_mac_
- Set the destination MAC address (default ff:ff:ff:ff:ff:ff).
FAQ
What is the arp-scan command used for?
arp-scan discovers hosts on a local network by sending ARP requests. It's faster than ping-based scanning because ARP works at layer 2 and hosts cannot easily hide from it. The tool shows IP addresses, MAC addresses, and optionally vendor names from the IEEE OUI database.
How do I run a basic arp-scan example?
Run `sudo arp-scan -l` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -l, --localnet do in arp-scan?
Scan all addresses on local network