The arping command is a command-line tool used in the Linux operating system to discover and detect hosts on the network. The arping uses the ARP protocol in order to ping hosts with the Layer 2 ARP requests. The ARP protocol is used to resolve IP addresses to the MAC addresses in order to communicate inside a LAN. The arping will try to resolve all network addresses into the MAC addresses and the hosts will provide the ARP reply for the ARP request with their MAC addresses. The arping name consists of arp+ing where the arp refers to the ARP protocol and ing or ping refers to the ping command.
Install arping on Ubuntu, Debian, Kali, Mint
The arping command can be installed on deb-based distributions like Ubuntu, Debian, Kali, and Mint. The package name is the same as the command arping.
$ sudo apt install arping
Install arping on CentOS, Fedora, RHEL
The arping command also provided by the rpm based distributions like CentOS, Fedora, RHEL etc. The following command will install the arping for CentOS, Fedora, RHEL.
$ sudo yum install arpingDisplay arping Command Version
After installing the arping command we can check the installation and its version without providing any option. This will list the version of the arping command and supported options in short form.
$ arping
We can see from the output that the current arping command version is 2.20. As a basic and Mac-related tool, the arping command does not update regularly.
Display arping Help Information
Detailed help information and support options can be listed with the –help option. This will list all provided options and their descriptions like below.
$ arping --help
List Current ARP Table
Linux stores the IP address and MAC address records in a table named ARP table. ARP table is created with the ARP request responses and these table records are stored temporarily to get recent updates and prevent errors. The current ARP table and its records can be listed with the arp command like below. We will also provide the -a option to list all records.
$ arp -aThe output will be like below.
? (192.168.142.130) at 00:0c:29:dc:62:6a [ether] on ens33
? (192.168.142.254) at 00:50:56:eb:7a:b6 [ether] on ens33
_gateway (192.168.142.2) at 00:50:56:ec:77:85 [ether] on ens33
Discover/Scan Hosts with ARP Protocol
The arping command can ping an IP address via the ARP protocol with the MAC address. But the IP address scan is provided like below. This will ping the target IP address continuously. As the arping command uses the low-level network protocol stack like creating ARP packets etc. it requires root or administrative privileges. These root privileges can be provided with the sudo command or running the arping command in the root user session.
$ sudo arping 192.168.142.2The output will be like below. From the output, we can see that the ARP packet number is provided with the index=0. Also, the RTT or round trip time for the current ping is provided with the time= information. Every arp ping provides the remote IP address MAC address.
ARPING 192.168.142.2 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=0 time=151.514 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=1 time=154.069 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=2 time=162.203 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=3 time=243.078 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=4 time=193.959 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=5 time=130.805 usec ^C --- 192.168.142.2 statistics --- 6 packets transmitted, 6 packets received, 0% unanswered (0 extra) rtt min/avg/max/std-dev = 0.131/0.173/0.243/0.037 ms
The ping will run continuously and can be stopped with the CTRL+c keys. After the ping stopped some basic statistics about the arping will be displayed.
- 6 packets transmitted describes total transmitted ARP packets to the target.
- 6 packets received describes total received packets against transmitted packets.
- 0% unanswered describes unanswered packets.
- min is the minimum transmission time.
- avg is the average transmission time.
- max is the maximum transmission time.
Set Ping Packet Count
By default the arping command ping the remote target continuously which will run forever unless we stop it or specify a ping packet count. The packet count can be specified with the -c option by providing the number. In the following example, we will set the ARP ping packet count as 5.
$ sudo arping -c 5 192.168.143.2The command will stop after 5 ping and provide the following output.
ARPING 192.168.142.2 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=0 time=1.366 msec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=1 time=178.268 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=2 time=128.945 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=3 time=210.814 usec 60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=4 time=10.452 usec --- 192.168.142.2 statistics --- 5 packets transmitted, 5 packets received, 0% unanswered (0 extra) rtt min/avg/max/std-dev = 0.010/0.379/1.366/0.498 ms
Specify Target with MAC Address
The arping command can be also used with the MAC address as a target. By default, the IP address is used to specify the target but as standard operation, the IP address is resolved into a MAC address, and all ping packets are sent to the MAC address. So the target can be a MAC address.
$ sudo arping -c 00:50:56:ec:77:85The output will be as below. Different from the IP address as target the source interface should be devices according to the MAC address and ARP table.
arping: lookup dev: No matching interface found using getifaddrs(). arping: Unable to automatically find interface to use. Is it on the local LAN? arping: Use -i to manually specify interface. Guessing interface ens33. ARPING 00:50:56:ec:77:85 60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=0 time=173.855 usec 60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=1 time=76.216 usec 60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=2 time=375.998 usec 60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=3 time=176.120 usec 60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=4 time=324.211 usec --- 00:50:56:ec:77:85 statistics --- 5 packets transmitted, 5 packets received, 0% unanswered (0 extra) rtt min/avg/max/std-dev = 0.076/0.225/0.376/0.109 ms
Specify Network Interface
A system may have multiple network interfaces connected to different networks. These interfaces can be an Ethernet Card or Wireless NIC etc. By default, the arping command decides the source interfaces according to the target IP address, MAC address, and ARP table. After this investigation, if there is no reliable information the interface may be guessed. But we can also specify the source interface with the -I option by providing the interface name. So before specifying the source interface listing the current interfaces and their names is a great idea. We can list interfaces with the ip link command like below.
$ ip link
We can see that there are two interfaces named lo and ens33. the lo interface is the localhost interface and ens33 is an ethernet interface to the LAN. So we will provide the ens33 as the source interface.
$ sudo arping -I ens33 192.168.142.2Specify Source MAC Address
By default, the arping command uses the default network interface MAC address. The -s option is used to specify the source MAC address.
$ sudo arping -s 01:5e:56:ec:77:34 192.168.142.2Arping Network Range with Bash Script
As a bash command arping can be used with other bash-related commands and features. The arping can only ping a single IP address at a time but we can create a bash for loop in order to ping multiple IP addresses. The following bash script can be used to ping MAC addresses with the arping command. Every ping result for the IP address will be printed to the terminal.
#!/bin/bash
for num in {1..255}; do
echo -n “192.168.1.$num “
arping -c 1 192.168.1.$num | grep “Received Response”
if [ $? != 0 ]; then
echo “”
fi
doneThe result is like below.
192.168.1.1 Received Response
192.168.1.2
192.168.1.3
192.168.1.4 Received Response
192.168.1.5
192.168.1.6 Received Response
192.168.1.7 Received Response
192.168.1.8
192.168.1.9 Received Response
192.168.1.10
192.168.1.11
...