Projects / arp-scan


arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.

Operating Systems

Recent releases

  •  24 Jul 2013 13:51

    Release Notes: This release adds support for ARM 64-bit CPUs and Dragonfly BSD, adds a --rtt (-D) option to display the packet round-trip time, uses libpcap functions to obtain the interface IP address and send the packet (to increase portability), requires libpcap 0.9.3 or later, raises the default timeout from 100ms to 500ms to avoid missed responses from slow-responding hosts, modifies the get-iab and get-oui scripts to the support new IEEE website URL and new file format (also fixes the -u option in these scripts), updates MAC/Vendor mapping files from the IEEE website, and adds additional arp-fingerprint patterns.

    •  20 Jul 2011 09:18

      Release Notes: The data file "pkt-custom-request-vlan-llc.dat" was added to the tarball to allow the ARP request packet generation self test to complete successfully.

      •  07 Mar 2011 09:40

        Release Notes: The IEEE OUI and IAB files were updated. Support was added for trailer ARP replies. Support for LLC/SNAP packets with the 802.1Q tag was added. Full help output is no longer displayed for usage errors. Apple Mac OS X Tiger, Leopard, and Snow Leopard are now supported. The license was changed from GPL v2 to v3. A DoS warning was added to the manpage and help output. New arp fingerprints were added. gcc compiler security options were enabled. "make check" tests were added. The Perl scripts were modified to work on systems where the perl executable is not in /usr/bin. Various minor bugfixes and improvements were made.

        •  01 Aug 2008 19:55

          Release Notes: A new --pcapsavefile (-W) option to save the ARP response packets to a pcap save file for later analysis. A new --vlan (-Q) option to create outgoing ARP packets with an 802.1Q VLAN tag. A new --llc (-L) option to create outgoing ARP packets with RFC 1042 LLC/SNAP framing. New ARP fingerprints. IEEE OUI and IAB files have been updated.

          •  13 Apr 2007 08:44

            Release Notes: Support for Sun Solaris was added. This was tested on Solaris 9 (SPARC). The following new arp-fingerprint patterns were added for ARP fingerprinting: IOS 11.2, 11.3, and 12.4; ScreenOS 5.1, 5.2, 5.3, and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3, and 7.0. IEEE OUI and IAB MAC/Vendor files were updated. HSRP MAC address was added to mac-vendor.txt.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.