How to Use the arping Command on Linux

Configurare noua (How To)

Situatie

The Linux arping command is like ping, but for local networks only. Its advantage is it operates at a lower networking level, sometimes getting responses when ping cannot.

Solutie

Pasi de urmat
The ARP Protocol

An IP address is a numerical label for a networked device. It’s used as an address so the appropriate network traffic arrives at the correct device. But most devices on local area networks have dynamic IP addresses. That is, their IP address might well change the next time they’re booted up.

To be able to correctly route network traffic to the appropriate device, a scheme has to be employed that maps IP addresses to Media Access Control (MAC) addresses. The MAC address is a unique identity established at the point of manufacture of a device. An IP address is a logical address. The MAC address is a physical address.

The arping Command

All of the clever ARP stuff goes on automatically in the background, building and maintaining the ARP table. The arping command brings some of the functionality of the ARP query to the terminal window. It operates at OSI layer two and it can solicit a response from a device when ping does not.

On Fedora 36, arping was already installed, but we needed to install it on Manjaro 21 and Ubuntu 22.04.

On Ubuntu the command is:

sudo apt install arping
Installing arping on Ubuntu

On Manjaro you need to type:
sudo pacman -Sy arping
Installing arping on Manjaro

The simplest way to use arping is with an IP address. This must be the address of a directly-addressable device, connected to the local network. Because arping operates at layer two, no routing is possible. You’ll need to use sudo with arping.

sudo arping 192.168.1.17
Using arping with an IP address

Press Ctrl+C to stop. The information returned is the MAC address of the responding device, the index number of the arping request, and the round-trip time for the arping request to be completed.

Compare the output to that from the ping command, below. The ping command returns more information about the timing of the network packet round-trip. The arping command gives you fewer timing stats, but it does include the device’s MAC Address.

ping 192.168.1.17
Using ping with an IP address

You can also use the network name of the device with arping.
sudo arping fedora-36.local
Using arping with an IP address
You can use the -c (count) option to tell arping to stop after a set number of requests. This command tells arping to try twice and then stop.
sudo arping -c 2 192.168.1.18
Using the -c option to tell arping to stop after making two requests

If you have multiple network interfaces in your computer, you can use the -I (interface) option to tell arping which interface to use.

You can use the ip link command to list your network interfaces.

ip link
Using ip link to list the network interfaces

This computer has three interfaces. The lo virtual interface is used as a loopback for internal connections between software on the same computer. It isn’t of use to us here. We can use either the ethernet connection enp3s0 or the wireless interface wlan0.

This command tells arping to use the interface we choose, and not to make its own selection.

sudo arping -c 2 -I enp3s0 manjaro-21.local
Using the -I option to tell arping to use a specific network interface
Using arping In Scripts

By wrapping arping in a loop in a script, we can get it to work over a range of IP addresses. Copy the text from this script and save it to a file called “scan-range.sh.”You’ll need to edit the script and replace all occurrences of 192.168.1 with the IP address of your network.

#!/bin/bash

for ((device=$1; device<=$2; device++))
do

  arping -c 1 192.168.1.$device | grep -E "1 response|1 packets received" > /dev/null

    if [ $? == 0 ]; then
      echo "192.168.1.$device responded."      
    else
      echo "192.168.1.$device didn't respond."
  fi
  
done

The script accepts two command line parameters. These are used as the last octet of the IP addresses of the range you want to use arping on. So, if you pass 20 and 30 to the script, the loop would begin at 192.168.1.20 and would terminate after using IP address 192.168.1.30.

The parameters are accessed inside the script as $1 and $2. These are used in a C-style for loop. At each spin of the for loop, $device is set to the next IP address in the range.

The script uses the same arping -c format we’ve already seen, but this time we’re only asking for a single ARP request to be sent to each device in the range.

The output from the arping command is piped through grep.

The grep syntax can be simplified in your script. grep is looking for one of two strings, either “1 response” or “1 packets received.” This is because the test computers had different versions of arping on them and they use different terminology. If grep finds either of these phrases, its exit value will be zero.

When you know which of the phrases your version of arping uses, you can simplify the grep syntax by removing the other phrase.

The if statement tests $?—a variable that holds the exit code of the last process that ended—to see if it is zero. If it is, it uses echo to print a message of success to the terminal window. If the test fails then grep did not find either of the strings, meaning the ARP request failed.

Make your script executable by using the chmod command and the +x option.

chmod +x scan-range.sh
Using the chmod +x option to to make the script executable

Tip solutie

Permanent

Voteaza

(0 din 1 persoane apreciaza acest articol)

Despre Autor

Leave A Comment?