arp-scan

root@bt :~# arp-scan
Interface: eth0, datalink type: EN10MB (Ethernet)
Usage: arp-scan [options] [hosts...]

Target hosts must be specified on the command line unless the --file option is
given, in which case the targets are read from the specified file instead, or
the --localnet option is used, in which case the targets are generated from
the network interface IP address and netmask.

The target hosts can be specified as IP addresses or hostnames.  You can also
specify the target as IPnetwork/bits (e.g. 192.168.1.0/24) to specify all hosts
in the given network (network and broadcast addresses included), or
IPstart-IPend (e.g. 192.168.1.3-192.168.1.27) to specify all hosts in the
inclusive range.

These different options for specifying target hosts may be used both on the
command line, and also in the file specified with the --file option.

Options:

--help or -h  Display this usage message and exit.

--file=<fn> or -f <fn> Read hostnames or addresses from the specified file
   instead of from the command line. One name or IP
   address per line.  Use "-" for standard input.

--localnet or -l Generate addresses from network interface configuration
   Use the network interface IP address and network mask
   to generate the list of target host addresses.
   The list will include the network and broadcast
   addresses, so an interface address of 10.0.0.1 with
   netmask 255.255.255.0 would generate 256 target
   hosts from 10.0.0.0 to 10.0.0.255 inclusive.
   If you use this option, you cannot specify the --file
   option or specify any target hosts on the command line.
   The interface specifications are taken from the
   interface that arp-scan will use, which can be
   changed with the --interface option.

--retry=<n> or -r <n> Set total number of attempts per host to <n>,
   default=2.

--timeout=<n> or -t <n> Set initial per host timeout to <n> ms, default=100.
   This timeout is for the first packet sent to each host.
   subsequent timeouts are multiplied by the backoff
   factor which is set with --backoff.

--interval=<n> or -i <n> Set minimum packet interval to <n> ms.
   This controls the outgoing bandwidth usage by limiting
   the rate at which packets can be sent.  The packet
   interval will be no smaller than this number.
   If you want to use up to a given bandwidth, then it is
   easier to use the --bandwidth option instead.
   The interval specified is in milliseconds by default,
   or in microseconds if "u" is appended to the value.

--bandwidth=<n> or -B <n> Set desired outbound bandwidth to <n>, default=256000.
   The value is in bits per second by default.  If you
   append "K" to the value, then the units are kilobits
   per sec; and if you append "M" to the value, the
   units are megabits per second.
   The "K" and "M" suffixes represent the decimal, not
   binary, multiples.  So 64K is 64000, not 65536.
   You cannot specify both --interval and --bandwidth
   because they are just different ways to change the
   same parameter.

--backoff=<b> or -b <b> Set timeout backoff factor to <b>, default=1.50.
   The per-host timeout is multiplied by this factor
   after each timeout.  So, if the number of retrys
   is 3, the initial per-host timeout is 500ms and the
   backoff factor is 1.5, then the first timeout will be
   500ms, the second 750ms and the third 1125ms.

--verbose or -v  Display verbose progress messages.
   Use more than once for greater effect:
   1 - Show when hosts are removed from the list and
       other useful information.
   2 - Show each packet sent and received.
   3 - Display the host list before scanning starts.

--version or -V  Display program version and exit.

--random or -R  Randomise the host list.
   This option randomises the order of the hosts in the
   host list, so the ARP packets are sent to the hosts in
   a random order.  It uses the Knuth shuffle algorithm.

--numeric or -N  IP addresses only, no hostnames.
   With this option, all hosts must be specified as
   IP addresses.  Hostnames are not permitted.

--snap=<s> or -n <s> Set the pcap snap length to <s>. Default=64.
   This specifies the frame capture length.  This
   length includes the data-link header.
   The default is normally sufficient.

--interface=<i> or -I <i> Use network interface <i>.
   If this option is not specified, the default is the
   value of the RMIF environment variable.  If RMIF is
   not defined, then arp-scan will search the system
   interface list for the lowest numbered, configured
   up interface (excluding loopback).
   The interface specified must support ARP.

--quiet or -q  Only display minimal output.
   If this option is specified, then only the minimum
   information is displayed.  With this option, the
   OUI file is not used.

--ignoredups or -g Don't display duplicate packets.
   By default, duplicate packets are displayed and are
   flagged with "(DUP: n)".

--ouifile=<o> or -O <o> Use OUI file <o>, default=/usr/share/arp-scan/ieee-oui.txt
   This file provides the IEEE Ethernet OUI to vendor
   string mapping.

--iabfile=<i> or -F <i> Use IAB file <i>, default=/usr/share/arp-scan/ieee-iab.txt
   This file provides the IEEE Ethernet IAB to vendor
   string mapping.

--macfile=<m> or -m <m> Use MAC/Vendor file <m>, default=/usr/share/arp-scan/mac-vendor.txt
   This file provides the custom Ethernet MAC to vendor
   string mapping.

--srcaddr=<m> or -S <m> Set the source Ethernet MAC address to <m>.
   This sets the 48-bit hardware address in the Ethernet
   frame header for outgoing ARP packets.  It does not
   change the hardware address in the ARP packet, see
   --arpsha for details on how to change that address.
   The default is the Ethernet address of the outgoing
   interface.

--destaddr=<m> or -T <m> Send the packets to Ethernet MAC address <m>
   This sets the 48-bit destination address in the
   Ethernet frame header.
   The default is the broadcast address ff:ff:ff:ff:ff:ff.
   Most operating systems will also respond if the ARP
   request is sent to their MAC address, or to a
   multicast address that they are listening on.
   The address can be specified either in the format
   01:23:45:67:89:ab, or as 01-23-45-67-89-ab. The
   alphabetic hex characters may be upper or lower case.

--arpsha=<m> or -u <m> Use <m> as the ARP source Ethernet address
   This sets the 48-bit ar$sha field in the ARP packet
   It does not change the hardware address in the frame
   header, see --srcaddr for details on how to change
   that address.
   The default is the Ethernet address of the outgoing
   interface.

--arptha=<m> or -w <m> Use <m> as the ARP target Ethernet address
   This sets the 48-bit ar$tha field in the ARP packet
   The default is zero, because this field is not used
   for ARP request packets.

--prototype=<p> or -y <p> Set the Ethernet protocol type to <p>, default=0x0806.
   This sets the 16-bit protocol type field in the
   Ethernet frame header.
   Setting this to a non-default value will result in the
   packet being ignored by the target, or send to the
   wrong protocol stack.
   This option is probably not useful, and is only
   present for completeness.

--arphrd=<o> or -H <o> Use <o> for the ARP hardware type, default=1.
   This sets the 16-bit ar$hrd field in the ARP packet.
   The normal value is 1 (ARPHRD_ETHER).  Most, but not
   all, operating systems will also respond to 6
   (ARPHRD_IEEE802). A few systems respond to any value.

--arppro=<o> or -p <o> Use <o> for the ARP protocol type, default=0x0800.
   This sets the 16-bit ar$pro field in the ARP packet.
   Most operating systems only respond to 0x0800 (IPv4)
   but some will respond to other values as well.

--arphln=<l> or -a <l> Set the hardware address length to <l>, default=6.
   This sets the 8-bit ar$hln field in the ARP packet.
   It sets the claimed length of the hardware address
   in the ARP packet.  Setting it to any value other than
   the default will make the packet non RFC compliant.
   Some operating systems may still respond to it though.
   Note that the actual lengths of the ar$sha and ar$tha
   fields in the ARP packet are not changed by this
   option; it only changes the ar$hln field.

--arppln=<l> or -P <l> Set the protocol address length to <l>, default=4.
   This sets the 8-bit ar$pln field in the ARP packet.
   It sets the claimed length of the protocol address
   in the ARP packet.  Setting it to any value other than
   the default will make the packet non RFC compliant.
   Some operating systems may still respond to it though.
   Note that the actual lengths of the ar$spa and ar$tpa
   fields in the ARP packet are not changed by this
   option; it only changes the ar$pln field.

--arpop=<o> or -o <o> Use <o> for the ARP operation, default=1.
   This sets the 16-bit ar$op field in the ARP packet.
   Most operating systems will only respond to the value 1
   (ARPOP_REQUEST). However, some systems will respond
   to other values as well.

--arpspa=<s> or -s <s> Use <s> as the source IP address.
   The address should be specified in dotted quad format;
   or the string "dest", which sets the source address
   to be the same as the target host address.
   This sets the 32-bit ar$spa field in the ARP packet.
   Some operating systems check this, and will only
   respond if the source address is within the network
   of the receiving interface.  Others don't care, and
   will respond to any source address.
   By default, the outgoing interface address is used.

--padding=<p> or -A <p> Specify padding after packet data.
   Set the padding data to hex value <p>.  This data is
   appended to the end of the ARP packet, after the data.
   Most, if not all, operating systems will ignore any
   Padding.  The default is no padding, although the
   Ethernet driver on the sending system may pad the
   packet to the minimum Ethernet frame length.

Report bugs or send suggestions to [email protected]
See the arp-scan homepage at http://www.nta-monitor.com/tools/arp-scan/
root@bt :~# arp-scan 59.69.117.1/24
Interface: eth0, datalink type: EN10MB (Ethernet)
WARNING: host part of xx.xx.117.1/24 is non-zero
Starting arp-scan 1.6 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
xx.xx.117.1 00:1a:a9:15:2a:5a FUJIAN STAR-NET COMMUNICATION CO.,LTD
xx.xx.117.4 f0:de:f1:bf:b0:04 (Unknown)
……………………

是个利用 arp 协议扫描 lan 里机器的工具。

你可能感兴趣的:(arp-scan)