Feb 16

ARP Tools: arpdiscover buscant la IP dels dispositius de la xarxa

Reading time: 1 – 2 minutes

Sovint a les xarxes de les empreses hi tenim més connectades de les que recordem. O fins hi tot coses pitjors, hi ha algún dispositiu (p.exemple printserver) i no tenim ni idea de quina IP té per poder-hi connectar. Doncs amb les ARP Tools (paquet gentoo: net-analyzer/arptools) hi ha una eina que es diu arpdiscover que fa un enviament massiu de paquets ARP a la xarxa local per veure quines IPs ens contesten.

Per exemple:

$ sudo ./arpdiscover 10.19.83.1 5
using inteface eth0
our hw address is 00:11:D8:A9:D6:3B
our ip address is 10.19.83.5
bpf filter is 'ether dst 00:11:D8:A9:D6:3B && arp'
sniffer fork()ed into background with pid = 2535
request for hw address of ip address 10.19.83.1, 42 bytes to send, 42 bytes sent
received arp packet 60 bytes, hw address is 00:13:10:92:C2:E3, ip address is 10.19.83.1
request for hw address of ip address 10.19.83.2, 42 bytes to send, 42 bytes sent
request for hw address of ip address 10.19.83.3, 42 bytes to send, 42 bytes sent
request for hw address of ip address 10.19.83.4, 42 bytes to send, 42 bytes sent
request for hw address of ip address 10.19.83.5, 42 bytes to send, 42 bytes sent
waiting for sniffer terminate
sniffer terminated, exiting
scanner terminated