EN, Search Security Resources and Information from TechTarget

How to use arp-scan to discover network hosts

<p>Identifying the devices on your network is a critical security task. After all, you can’t secure what you don’t know. While plenty of fancy configuration management tools list the nodes on a network, sometimes the simple and straightforward utilities are best.</p>
<div class=”ad-wrapper ad-embedded”>
<div id=”halfpage” class=”ad ad-hp”>
<script>GPT.display(‘halfpage’)</script>
</div>
<div id=”mu-1″ class=”ad ad-mu”>
<script>GPT.display(‘mu-1’)</script>
</div>
</div>
<p>Arp-scan is a tool that discovers and identifies IPv4 network nodes by using Address Resolution Protocol (<a href=”https://www.techtarget.com/searchnetworking/definition/Address-Resolution-Protocol-ARP”>ARP</a>) queries to generate a comprehensive list of devices. Its use of ARP sets arp-scan well apart from scanners that rely on ping (ICMP), TCP or User Datagram Protocol (UDP) scans. Many tools operate at <a href=”https://www.techtarget.com/searchnetworking/definition/OSI”>OSI</a> Layer 3, such as <a href=”https://www.techtarget.com/searchnetworking/tip/How-to-use-Nmap-to-scan-a-network-for-documentation”>Nmap</a>. Not all network devices respond to such higher-level scans. Because ARP is a fundamental component of networking, an arp-scan query at OSI Layer 2 will almost certainly succeed.</p>
<p>Arp-scan has a specific limitation. Because ARP is not routable, an arp-scan is limited to the local subnet. This is often exactly what you want: a focused, direct and easily controlled scan. For a broader network scan, consider Nmap, <a href=”https://www.techtarget.com/searchNetworking/tutorial/Use-Angry-IP-Scanner-to-audit-the-network”>Angry IP Scanner</a> or a similar tool.</p>
<p>Let’s look at how to install arp-scan, basic scan options and then evaluate use cases.</p>
<section class=”section main-article-chapter” data-menu-title=”How to install arp-scan”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>How to install arp-scan</h2>
<p>Installing arp-scan on your Linux penetration testing box is as simple as calling up your distribution’s preferred package manager.</p>
<p>For Ubuntu, Debian and similar distributions, type:</p>
<p><span style=”font-family: ‘courier new’, courier, monospace;”>apt install arp-scan</span></p>
<p&

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: