Date: Wed, 29 Jun 2005 16:30:30 -0700 From: Glenn Dawson <glenn@antimatter.net> To: Vince Hoffman <jhary@unsane.co.uk>, Fabian Anklam <greatnorthern@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Looking for arp scanner Message-ID: <6.1.0.6.2.20050629162738.0b118eb0@cobalt.antimatter.net> In-Reply-To: <20050629232054.J8551@unsane.co.uk> References: <467b1e7a050629141856d72f91@mail.gmail.com> <6.1.0.6.2.20050629143657.083d5050@cobalt.antimatter.net> <467b1e7a05062914585928de07@mail.gmail.com> <20050629232054.J8551@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:45 PM 6/29/2005, Vince Hoffman wrote:
>On Wed, 29 Jun 2005, Fabian Anklam wrote:
>
>>On 6/29/05, Glenn Dawson <glenn@antimatter.net> wrote:
>>>At 02:18 PM 6/29/2005, Fabian Anklam wrote:
>>>>Hi there,
>>>>
>>>>I've browsing freshports.org for an arp scanner and found only
>>>>arpscan, which is marked broken and knowlan, which hasn't been updated
>>>>in years. What's the tool of choice to map out IP-Adresses on a subnet
>>>>when you know that quite a few hosts are firewalled from ping?
>>>
>>>Try nmap. It has a variety of different ways to "look" for systems on a
>>>given subnet.
>>Thanks. Tried nmap. As I said, some systems that i want to have in my
>>output are locally firewalled and I doubt the -sP switch catches
>>them. Port scans are out of the question.
>
>Thinking about it even if the host blocks ping then it will have to reply
>to an arp request. so make a short script to clear the arp cache ('arp -a
>-d' as root) then do your nmap -sP xxx.xxx.xxx.xxx/yyy and do an arp -a
>which will list all the arp entries in your arp cache (should be every
>host that responded to an arp request when you did the ping scan but maybe
>pipe it through grep to only get the arps for ips in that range)
>
>also arping may be of use.
I suppose if you need to be totally passive, you could do:
tcpdump -i fxp0 arp
(assuming of course that your network interface is on fxp0)
and let it run for a bit. Eventually you'll catch all the active hosts on
the network.
-Glenn
>Vince
>
>>
>>>-Glenn
>>>
>>>
>>>>Thanks, Fabian
>>>>_______________________________________________
>>>>freebsd-questions@freebsd.org mailing list
>>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>>To unsubscribe, send any mail to
>>>>"freebsd-questions-unsubscribe@freebsd.org"
>>>
>>_______________________________________________
>>freebsd-questions@freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.0.6.2.20050629162738.0b118eb0>