Linux arping Command Tutorial

The arping command is a command-line tool used in the Linux operating system to discover and detect hosts on the network. The arping uses the ARP protocol in order to ping hosts with the Layer 2 ARP requests. The ARP protocol is used to resolve IP addresses to the MAC addresses in order to communicate inside a LAN. The arping will try to resolve all network addresses into the MAC addresses and the hosts will provide the ARP reply for the ARP request with their MAC addresses. The arping name consists of arp+ing where the arp refers to the ARP protocol and ing or ping refers to the ping command.

Install arping on Ubuntu, Debian, Kali, Mint

The arping command can be installed on deb-based distributions like Ubuntu, Debian, Kali, and Mint. The package name is the same as the command arping.

$ sudo apt install arping
Install arping on Ubuntu, Debian, Kali, Mint

Install arping on CentOS, Fedora, RHEL

The arping command also provided by the rpm based distributions like CentOS, Fedora, RHEL etc. The following command will install the arping for CentOS, Fedora, RHEL.

$ sudo yum install arping

Display arping Command Version

After installing the arping command we can check the installation and its version without providing any option. This will list the version of the arping command and supported options in short form.

$ arping
Display arping Options and Version

We can see from the output that the current arping command version is 2.20. As a basic and Mac-related tool, the arping command does not update regularly.

Display arping Help Information

Detailed help information and support options can be listed with the –help option. This will list all provided options and their descriptions like below.

$ arping --help
Display arping Help Information

List Current ARP Table

Linux stores the IP address and MAC address records in a table named ARP table. ARP table is created with the ARP request responses and these table records are stored temporarily to get recent updates and prevent errors. The current ARP table and its records can be listed with the arp command like below. We will also provide the -a option to list all records.

$ arp -a

The output will be like below.

? (192.168.142.130) at 00:0c:29:dc:62:6a [ether] on ens33
? (192.168.142.254) at 00:50:56:eb:7a:b6 [ether] on ens33
_gateway (192.168.142.2) at 00:50:56:ec:77:85 [ether] on ens33

Discover/Scan Hosts with ARP Protocol

The arping command can ping an IP address via the ARP protocol with the MAC address. But the IP address scan is provided like below. This will ping the target IP address continuously. As the arping command uses the low-level network protocol stack like creating ARP packets etc. it requires root or administrative privileges. These root privileges can be provided with the sudo command or running the arping command in the root user session.

$ sudo arping 192.168.142.2

The output will be like below. From the output, we can see that the ARP packet number is provided with the index=0. Also, the RTT or round trip time for the current ping is provided with the time= information. Every arp ping provides the remote IP address MAC address.

ARPING 192.168.142.2
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=0 time=151.514 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=1 time=154.069 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=2 time=162.203 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=3 time=243.078 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=4 time=193.959 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=5 time=130.805 usec
^C
--- 192.168.142.2 statistics ---
6 packets transmitted, 6 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.131/0.173/0.243/0.037 ms

The ping will run continuously and can be stopped with the CTRL+c keys. After the ping stopped some basic statistics about the arping will be displayed.

  • 6 packets transmitted describes total transmitted ARP packets to the target.
  • 6 packets received describes total received packets against transmitted packets.
  • 0% unanswered describes unanswered packets.
  • min is the minimum transmission time.
  • avg is the average transmission time.
  • max is the maximum transmission time.
See also  Shebang #! Tutorial In Linux Bash

Set Ping Packet Count

By default the arping command ping the remote target continuously which will run forever unless we stop it or specify a ping packet count. The packet count can be specified with the -c option by providing the number. In the following example, we will set the ARP ping packet count as 5.

$ sudo arping -c 5 192.168.143.2

The command will stop after 5 ping and provide the following output.

ARPING 192.168.142.2
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=0 time=1.366 msec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=1 time=178.268 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=2 time=128.945 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=3 time=210.814 usec
60 bytes from 00:50:56:ec:77:85 (192.168.142.2): index=4 time=10.452 usec
--- 192.168.142.2 statistics ---
5 packets transmitted, 5 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.010/0.379/1.366/0.498 ms

Specify Target with MAC Address

The arping command can be also used with the MAC address as a target. By default, the IP address is used to specify the target but as standard operation, the IP address is resolved into a MAC address, and all ping packets are sent to the MAC address. So the target can be a MAC address.

$ sudo arping -c 00:50:56:ec:77:85

The output will be as below. Different from the IP address as target the source interface should be devices according to the MAC address and ARP table.

arping: lookup dev: No matching interface found using getifaddrs().
arping: Unable to automatically find interface to use. Is it on the local LAN?
arping: Use -i to manually specify interface. Guessing interface ens33.
ARPING 00:50:56:ec:77:85
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=0 time=173.855 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=1 time=76.216 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=2 time=375.998 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=3 time=176.120 usec
60 bytes from 192.168.142.2 (00:50:56:ec:77:85): icmp_seq=4 time=324.211 usec
--- 00:50:56:ec:77:85 statistics ---
5 packets transmitted, 5 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.076/0.225/0.376/0.109 ms

Specify Network Interface

A system may have multiple network interfaces connected to different networks. These interfaces can be an Ethernet Card or Wireless NIC etc. By default, the arping command decides the source interfaces according to the target IP address, MAC address, and ARP table. After this investigation, if there is no reliable information the interface may be guessed. But we can also specify the source interface with the -I option by providing the interface name. So before specifying the source interface listing the current interfaces and their names is a great idea. We can list interfaces with the ip link command like below.

$ ip link
List Network Interface for arping

We can see that there are two interfaces named lo and ens33. the lo interface is the localhost interface and ens33 is an ethernet interface to the LAN. So we will provide the ens33 as the source interface.

$ sudo arping -I ens33 192.168.142.2

Specify Source MAC Address

By default, the arping command uses the default network interface MAC address. The -s option is used to specify the source MAC address.

$ sudo arping -s 01:5e:56:ec:77:34 192.168.142.2

Arping Network Range with Bash Script

As a bash command arping can be used with other bash-related commands and features. The arping can only ping a single IP address at a time but we can create a bash for loop in order to ping multiple IP addresses. The following bash script can be used to ping MAC addresses with the arping command. Every ping result for the IP address will be printed to the terminal.

#!/bin/bash

for num in {1..255}; do
    echo -n “192.168.1.$num “
    arping -c 1 192.168.1.$num | grep “Received Response”
    if [ $? != 0 ]; then
        echo “”
    fi
done

The result is like below.

192.168.1.1 Received Response
192.168.1.2 
192.168.1.3 
192.168.1.4 Received Response
192.168.1.5
192.168.1.6 Received Response
192.168.1.7 Received Response
192.168.1.8
192.168.1.9 Received Response
192.168.1.10
192.168.1.11
...

Leave a Comment