arping command is like
ping, but for local networks only. Its advantage is it operates at a lower networking level, sometimes getting responses when
Pasi de urmat
The ARP Protocol
An IP address is a numerical label for a networked device. It’s used as an address so the appropriate network traffic arrives at the correct device. But most devices on local area networks have dynamic IP addresses. That is, their IP address might well change the next time they’re booted up.
To be able to correctly route network traffic to the appropriate device, a scheme has to be employed that maps IP addresses to Media Access Control (MAC) addresses. The MAC address is a unique identity established at the point of manufacture of a device. An IP address is a logical address. The MAC address is a physical address.
The arping Command
All of the clever ARP stuff goes on automatically in the background, building and maintaining the ARP table. The
arping command brings some of the functionality of the ARP query to the terminal window. It operates at OSI layer two and it can solicit a response from a device when
ping does not.
On Fedora 36,
arping was already installed, but we needed to install it on Manjaro 21 and Ubuntu 22.04.
On Ubuntu the command is:
sudo apt install arping On Manjaro you need to type:
sudo pacman -Sy arping
The simplest way to use
arping is with an IP address. This must be the address of a directly-addressable device, connected to the local network. Because
arping operates at layer two, no routing is possible. You’ll need to use
sudo arping 192.168.1.17
Press Ctrl+C to stop. The information returned is the MAC address of the responding device, the index number of the
arping request, and the round-trip time for the
arping request to be completed.
Compare the output to that from the
ping command, below. The
ping command returns more information about the timing of the network packet round-trip. The
arping command gives you fewer timing stats, but it does include the device’s MAC Address.
ping 192.168.1.17 You can also use the network name of the device with
sudo arping fedora-36.local
You can use the
-c(count) option to tell
arpingto stop after a set number of requests. This command tells
arpingto try twice and then stop.
sudo arping -c 2 192.168.1.18
If you have multiple network interfaces in your computer, you can use the
-I (interface) option to tell
arping which interface to use.
You can use the
ip link command to list your network interfaces.
This computer has three interfaces. The
lo virtual interface is used as a loopback for internal connections between software on the same computer. It isn’t of use to us here. We can use either the ethernet connection
enp3s0 or the wireless interface
This command tells
arping to use the interface we choose, and not to make its own selection.
sudo arping -c 2 -I enp3s0 manjaro-21.local
Using arping In Scripts
arping in a loop in a script, we can get it to work over a range of IP addresses. Copy the text from this script and save it to a file called “scan-range.sh.”You’ll need to edit the script and replace all occurrences of 192.168.1 with the IP address of your network.
#!/bin/bash for ((device=$1; device<=$2; device++)) do arping -c 1 192.168.1.$device | grep -E "1 response|1 packets received" > /dev/null if [ $? == 0 ]; then echo "192.168.1.$device responded." else echo "192.168.1.$device didn't respond." fi done
The script accepts two command line parameters. These are used as the last octet of the IP addresses of the range you want to use
arping on. So, if you pass 20 and 30 to the script, the loop would begin at 192.168.1.20 and would terminate after using IP address 192.168.1.30.
The parameters are accessed inside the script as
$2. These are used in a C-style
for loop. At each spin of the
$device is set to the next IP address in the range.
The script uses the same
arping -c format we’ve already seen, but this time we’re only asking for a single ARP request to be sent to each device in the range.
The output from the
arping command is piped through
grep syntax can be simplified in your script.
grep is looking for one of two strings, either “1 response” or “1 packets received.” This is because the test computers had different versions of
arping on them and they use different terminology. If
grep finds either of these phrases, its exit value will be zero.
When you know which of the phrases your version of
arping uses, you can simplify the
grep syntax by removing the other phrase.
if statement tests
$?—a variable that holds the exit code of the last process that ended—to see if it is zero. If it is, it uses
echo to print a message of success to the terminal window. If the test fails then
grep did not find either of the strings, meaning the ARP request failed.
Make your script executable by using the
chmod command and the
chmod +x scan-range.sh