Linux arping Command Tutorial

The arping command is a command-line tool used in the Linux operating system to discover and detect hosts on the network. The arping uses the ARP protocol in order to ping hosts with the Layer 2 ARP requests. The ARP protocol is used to resolve IP addresses to the MAC addresses in order to communicate inside a LAN. The arping will try to resolve all network addresses into the MAC addresses and the hosts will provide the ARP reply for the ARP request with their MAC addresses. The arping name consists of arp+ing where the arp refers to the ARP protocol and ing or ping refers to the ping command.

Install arping on Ubuntu, Debian, Kali, Mint

The arping command can be installed on deb based distributions like Ubuntu, Debian, Kali and Mint. The package name is the same with the command arping.

$ sudo apt install arping
Install arping on Ubuntu, Debian, Kali, Mint

Install arping on CentOS, Fedora, RHEL

The arping command also provided by the rpm based distributions like CentOS, Fedora, RHEL etc. The following command will install the arping for CentOS, Fedora, RHEL.

$ sudo yum install arping

Display arping Command Version

After installing the arping command we can check the installation and its version without providing any option. This will list the version of the arping command and supported options in short form.

$ arping

We can see from the output that the current arping command version is 2.20 . As a basic and MAC related tool the arping command do not updated regularly.

Display arping Help Information

Detailed help information and supported options can be listed with the –help option. This will list all provided options and their descriptions like below.

$ arping --help
Display arping Help Information

List Current ARP Table

Linux stores the IP address and MAC address records in a table named ARP table. ARP table is created with the ARP request responses and these table records are stored temporarily to get recent updates and prevent errors. The current ARP table and its records can be listed with the arp command like below. We will also provide the -a option to list all records.

$ arp -a

The output will be like below.

? (192.168.142.130) at 00:0c:29:dc:62:6a [ether] on ens33
? (192.168.142.254) at 00:50:56:eb:7a:b6 [ether] on ens33
_gateway (192.168.142.2) at 00:50:56:ec:77:85 [ether] on ens33

Discover/Scan Hosts with ARP Protocol

The arping command can ping an IP address via the ARP protocol with the MAC address. But the IP address scan is provided like below. This will ping the target IP address continuously. As the arping command uses the low-level network protocol stack like creating ARP packets etc. it requires root or administrative privileges. These root privileges can be provided with the sudo command or running the arping command in the root user session.

$ sudo arping 192.168.142.2

The output will be like below. From the output we can see that the ARP packet number is provided with the index=0. Also the RTT or round trip time for the current ping is provided with the time= information. Every arp ping provides the remote IP address MAC address.

ARPING 192.168.142.2
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=0 time=151.514 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=1 time=154.069 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=2 time=162.203 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=3 time=243.078 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=4 time=193.959 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=5 time=130.805 usec
^C
--- 192.168.142.2 statistics ---
6 packets transmitted, 6 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.131/0.173/0.243/0.037 ms

The ping will run continuously and can be stopped with the CTRL+c keys. After the ping stopped some basic statistics about the arping will be displayed.

  • 6 packets transmitted describes total transmitted ARP packets to the target.
  • 6 packets received describes total received packets against transmitted packets.
  • 0% unanswered describes unanswered packets.
  • min is the minimum transmission time.
  • avg is the average transmission time.
  • max is the maximum transmission time.
READ  List Upgradeable Packages with apt In Ubuntu

Set Ping Packet Count

By default the arping command ping the remote target continuously which will run forever unless we stop it or specify a ping packet count. The packet-count can be specified with the -c option by providing the number. In the following example, we will set the ARP ping packet count as 5.

$ sudo arping -c 5 192.168.143.2

The command will stop after 5 ping and provide the following output.

ARPING 192.168.142.2
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=0 time=1.366 msec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=1 time=178.268 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=2 time=128.945 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=3 time=210.814 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=4 time=10.452 usec
--- 192.168.142.2 statistics ---
5 packets transmitted, 5 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.010/0.379/1.366/0.498 ms

Specify Target with MAC Address

The arping command can be also used with the MAC address as a target. By default the IP address is used to specify target but as standard operation the IP address is resolved into MAC address and all ping packets sent to MAC address. So the target can be a MAC address.

$ sudo arping -c 00:50:56:ec:77:85

The output will be as below. Different from the IP address as target the source interface should be devices according to the MAC address and ARP table.

arping: lookup dev: No matching interface found using getifaddrs().
arping: Unable to automatically find interface to use. Is it on the local LAN?
arping: Use -i to manually specify interface. Guessing interface ens33.
ARPING 00:50:56:ec:77:85
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=0 time=173.855 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=1 time=76.216 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=2 time=375.998 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=3 time=176.120 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=4 time=324.211 usec
--- 00:50:56:ec:77:85 statistics ---
5 packets transmitted, 5 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.076/0.225/0.376/0.109 ms

Specify Network Interface

A system may have multiple network interfaces connected to different networks. These interfaces can be an Ethernet Card or Wireless NIC etc. By default, the arping command decides the source interfaces according to the target IP address, MAC address, and ARP table. After this investigation, if there is no reliable information the interface may be guessed. But we can also specify the source interface with the -I option by providing the interface name. So before specifying the source interface listing the current interfaces and their names is a great idea. We can list interfaces with the ip link command like below.

$ ip link

We can see that there are two interfaces named lo and ens33. the lo interface is the localhost interface and ens33 is an ethernet interface to the LAN. So we will provide the ens33 as the source interface.

$ sudo arping -I ens33 192.168.142.2

Specify Source MAC Address

By default the arping command uses the default network interface MAC address. The -s option is used to specify the source MAC address.

$ sudo arping -s 01:5e:56:ec:77:34 192.168.142.2

Leave a Comment