Arp-scan option summary

From royhills
Jump to: navigation, search

This page gives a brief overview of the various arp-scan options. It does not go into detail - for that, see the help output or read the man pages.

Target selection options

Long Option Short Option Description
--file -f Read the list of targets from the specified file
--localnet -l Generate the list of targets from the outgoing interface address and netmask
--random -R Randomise the target list so hosts are scanned in a random order
--numeric -N Only allow IP addresses, no hostnames. Never perform DNS lookup

If neither the --file or --localnet options are specified, then targets must be specified as arguments. The target argument can either be a list of addresses or names, an IP network in the form <network>/<bits> or <network>:<netmask>, or a range of IP addresses in <start>-<end> format.

Network interface options

Long Option Short Option Description Default
--interface -I Specify the network interface to use First up, configured, non-loopback interface
--snap -n Specify the frame capture length 64 Bytes

Outgoing Ethernet Frame Options

Long Option Short Option Header Field Default
--destaddr -T Destination Address FF:FF:FF:FF:FF:FF (Ethernet broadcast)
--srcaddr -S Source Address Outgoing interface address
--prototype -y Protocol Type 0x0806 (ARP)
--padding -A N/A No padding (added by network driver)
--llc -L N/A Ethernet-II Framing
--vlan -Q N/A No 802.1Q tag

Outgoing ARP Packet Options

Long Option Short Option ARP Field Default
--arphrd -H ar$hrd 1 (Ethernet)
--arppro -p ar$pro 0x0800 (IPv4)
--arphln -a ar$hln 6 (Ethernet address length)
--arppln -P ar$pln 4 (IPv4 address length)
--arpop -o ar$op 1 (ARP Request)
--arpsha -u ar$sha Outgoing interface h/w address
--arpspa -s ar$spa Outgoing interface IP address
--arptha -w ar$tha zero (00:00:00:00:00:00)

The ARP field ar$tpa is set to the target IP address.

Outgoing packet timing options

Long Option Short Option Description Default
--retry -r Total number of ARP request attempts for each target address 2
--timeout -t Timeout in milliseconds 500
--interval -i Inter-packet interval Calculated from bandwidth
--bandwidth -B Outbound Bandwidth 256,000 bits/sec
--backoff -b Timeout backoff factor 1.5

Received packet decoding and display options

Long Option Short Option Description
--quiet -q Don't decode Vendor string
--ignoredups -g Don't display duplicate ARP responses
--ouifile -O Specify location of IEEE OUI MAC/Vendor file
--iabfile -F Specify location of IEEE OUI MAC/Vendor file
--macfile -m Specify location of manual MAC/Vendor file
--pcapsavefile -W Write received packets to pcap savefile
--rtt -D Display the packet round-trip time

Miscellanous Options

Long Option Short Option Description
--help -h Display usage message and exit
--verbose -v Display extra debugging information
--version -V Display arp-scan program version and exit