Situatie
The Linux arping
command is like ping
, but for local networks only. Its advantage is it operates at a lower networking level, sometimes getting responses when ping
cannot.
Solutie
Pasi de urmat
The ARP Protocol
An IP address is a numerical label for a networked device. It’s used as an address so the appropriate network traffic arrives at the correct device. But most devices on local area networks have dynamic IP addresses. That is, their IP address might well change the next time they’re booted up.
To be able to correctly route network traffic to the appropriate device, a scheme has to be employed that maps IP addresses to Media Access Control (MAC) addresses. The MAC address is a unique identity established at the point of manufacture of a device. An IP address is a logical address. The MAC address is a physical address.
The arping Command
All of the clever ARP stuff goes on automatically in the background, building and maintaining the ARP table. The arping
command brings some of the functionality of the ARP query to the terminal window. It operates at OSI layer two and it can solicit a response from a device when ping
does not.
On Fedora 36, arping
was already installed, but we needed to install it on Manjaro 21 and Ubuntu 22.04.
On Ubuntu the command is:
sudo apt install arping On Manjaro you need to type:
sudo pacman -Sy arping
The simplest way to use arping
is with an IP address. This must be the address of a directly-addressable device, connected to the local network. Because arping
operates at layer two, no routing is possible. You’ll need to use sudo
with arping
.
sudo arping 192.168.1.17
Press Ctrl+C to stop. The information returned is the MAC address of the responding device, the index number of the arping
request, and the round-trip time for the arping
request to be completed.
Compare the output to that from the ping
command, below. The ping
command returns more information about the timing of the network packet round-trip. The arping
command gives you fewer timing stats, but it does include the device’s MAC Address.
ping 192.168.1.17
You can also use the network name of the device with arping
.
sudo arping fedora-36.local
You can use the-c
(count) option to tellarping
to stop after a set number of requests. This command tellsarping
to try twice and then stop.
sudo arping -c 2 192.168.1.18
If you have multiple network interfaces in your computer, you can use the -I
(interface) option to tell arping
which interface to use.
You can use the ip link
command to list your network interfaces.
ip link
This computer has three interfaces. The lo
virtual interface is used as a loopback for internal connections between software on the same computer. It isn’t of use to us here. We can use either the ethernet connection enp3s0
or the wireless interface wlan0
.
This command tells arping
to use the interface we choose, and not to make its own selection.
sudo arping -c 2 -I enp3s0 manjaro-21.local
Using arping In Scripts
By wrapping arping
in a loop in a script, we can get it to work over a range of IP addresses. Copy the text from this script and save it to a file called “scan-range.sh.”You’ll need to edit the script and replace all occurrences of 192.168.1 with the IP address of your network.
#!/bin/bash
for ((device=$1; device<=$2; device++))
do
arping -c 1 192.168.1.$device | grep -E "1 response|1 packets received" > /dev/null
if [ $? == 0 ]; then
echo "192.168.1.$device responded."
else
echo "192.168.1.$device didn't respond."
fi
done
The script accepts two command line parameters. These are used as the last octet of the IP addresses of the range you want to use arping
on. So, if you pass 20 and 30 to the script, the loop would begin at 192.168.1.20 and would terminate after using IP address 192.168.1.30.
The parameters are accessed inside the script as $1
and $2
. These are used in a C-style for
loop. At each spin of the for
loop, $device
is set to the next IP address in the range.
The script uses the same arping -c
format we’ve already seen, but this time we’re only asking for a single ARP request to be sent to each device in the range.
The output from the arping
command is piped through grep
.
The grep
syntax can be simplified in your script. grep
is looking for one of two strings, either “1 response” or “1 packets received.” This is because the test computers had different versions of arping
on them and they use different terminology. If grep
finds either of these phrases, its exit value will be zero.
When you know which of the phrases your version of arping
uses, you can simplify the grep
syntax by removing the other phrase.
The if
statement tests $?
—a variable that holds the exit code of the last process that ended—to see if it is zero. If it is, it uses echo
to print a message of success to the terminal window. If the test fails then grep
did not find either of the strings, meaning the ARP request failed.
Make your script executable by using the chmod
command and the +x
option.
chmod +x scan-range.sh
Leave A Comment?