Difference between revisions of "Arp-scan Recent Changes"

From royhills
Jump to: navigation, search
(updated for arp-scan 1.9)
 
(No difference)

Latest revision as of 07:54, 25 July 2013

The page contains details of the recent changes in arp-scan. The data comes from the NEWS file, which is included in the arp-scan source code release.

For details of proposed features for future releases, see Desired New Features.

Changes in arp-scan 1.9, released July 2013

  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 18157 OUI entries and 4414 IAB entries.
  • Use autoconf 2.69 and automake 1.11 to add support for ARM 64-bit CPUs.
  • Use libpcap functions to obtain the interace IP address and send the ARP packet, instead of using our own link-layer specific functions. The only link-layer specific function that we still need is get_hardware_address() to obtain the interface MAC address. This means we now require libpcap 0.9.3 or later.
  • Added support for Dragonfly BSD.
  • The -u option to get-iab and get-oui scripts now works.
  • get-oui and get-iab scripts now get the OUI and IAB files from the new locations on the IEEE website, and allow whitespace at the beginning of the line.
  • If the MAC/Vendor file locations are not explicitly specified, look for them in the current directory and then in their default location.
  • Raised default timeout from 100ms to 500ms.
  • Added new --rtt (-D) option to display the packet round-trip time.
  • Include <net/bpf.h> header file early in link-bpf.c to avoid BPF symbol problems on some BSD based operating systems.
  • Added arp-fingerprint patterns for GNU/Hurd, Amazon Kindle (Linux 2.6), BeOS, Windows 8, Recent Linux, FreeBSD, NetBSD and OpenBSD versions, and RiscOS.
  • Added data file "pkt-custom-request-vlan-llc.dat" to the tarball to allow the ARP request packet generation self test to complete successfully.
  • Various minor bug fixes and improvements.

Changes in arp-scan 1.8, released March 2011

  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 14707 OUI entries and 3542 IAB entries.
  • Added support for trailer ARP replies, which were used in early versions of BSD Unix on VAX.
  • Added support for ARP packets with both 802.1Q VLAN tag and LLC/SNAP framing.
  • The full help output is only displayed if specifically requested with arp-scan --help. Usage errors now result in smaller help output.
  • Added support for Apple Mac OS X with Xcode 2.5 and later. This allows arp-scan to build on Tiger, Leopard and Snow Leopard.
  • Changed license from GPLv2 to GPLv3.
  • Added warning about possible DoS when setting ar$spa to the destination IP address to the help output and man page.
  • Added arp-fingerprint patterns for 2.11BSD, NetBSD 4.0, FreeBSD 7.0, Vista SP1, Windows 7 and Blackberry OS.
  • Enabled compiler security options -fstack-protect, -D_FORTIFY_SOURCE=2 and -Wformat-security if they are supported by the compiler. Also enabled extra warnings -Wwrite-strings and -Wextra.
  • Added new "make check" tests to check packet generation, and packet decoding and display.
  • Modified get-oui and get-iab perl scripts so they will work on systems where the perl interpreter is not in /usr/bin, e.g. NetBSD.
  • Various minor bug fixes and improvements.

Changes in arp-scan 1.7, released July 2008

  • new --pcapsavefile (-W) option to save the ARP response packets to a pcap savefile for later analysis with tcpdump, wireshark or another program that supports the pcap file format.
  • new --vlan (-Q) option to create outgoing ARP packets with an 802.1Q VLAN tag ARP responses with a VLAN tag are interpreted and displayed.
  • New --llc (-L) option to create outgoing ARP packets with RFC 1042 LLC/SNAP framing. Received ARP packets are decoded and displayed with either LLC/SNAP or the default Ethernet-II framing irrespective of this option.
  • Avoid double unmarshalling of packet data: once in callback, then again in display_packet().
  • New arp-fingerprint patterns for ARP fingerprinting: Cisco 79xx IP Phone SIP 5.x, 6.x and 7.x; Cisco 79xx IP Phone SIP 8.x.
  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 11,697 OUI entries and 2,386 IAB entries.

Changes in arp-scan 1.6, released April 2007

  • Added support for Sun Solaris. Tested on Solaris 9 (SPARC). arp-scan may also work on other systems that use DLPI, but only Solaris has been tested.
  • New arp-fingerprint patterns for ARP fingerprinting: IOS 11.2, 11.3 and 12.4; ScreenOS 5.1, 5.2, 5.3 and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3 and 7.0.
  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 10,214 OUI entries and 1,858 IAB entries.
  • Added HSRP MAC address to mac-vendor.txt.

Changes in arp-scan 1.5, released July 2006

  • Reduced memory usage from 44 bytes per target to 28 bytes. This reduces the memory usage for a Class-B network from 2.75MB to 1.75MB, and a Class-A network from 704MB to 448MB.
  • Reduced the startup time for large target ranges. This reduces the startup time for a Class-A network from 80 seconds to 15 seconds on a Compaq laptop with 1.4GHz CPU.
  • Added support for FreeBSD, OpenBSD, NetBSD and MacOS X (Darwin) using the BPF packet capture interface. arp-scan will probably also work on other operating systems that implement BPF, but only those listed have been tested.
  • Improved operation of the --srcaddr option. This now changes the source hardware address in the Ethernet header without changing the interface address.
  • Additional fingerprints for arp-fingerprint.
  • Improved manual pages.
  • Updated IEEE OUI and IAB files from IEEE website.

Changes in arp-scan 1.4, released June 2006

  • Added IEEE IAB listings and associated get-iab update script and --iabfile option.
  • Added manual MAC/Vendor mapping file: mac-vendor.txt and associated --macfile option.
  • New --localnet option to scan all IP addresses on the specified interface network and mask.

Changes in arp-scan 1.3, released June 2006

  • Initial public release. Source distribution only, which will compile and run on Linux.

Previous Versions

Versions 1.0, 1.1 and 1.2 were internal only releases that were never publicly released.