arp-scan is a fast and flexible ARP scanning tool for discovering hosts on a local network. Unlike ping-based scanners, arp-scan uses ARP requests which cannot be blocked by firewalls on the local segment, making it extremely reliable for host discovery. It also reveals MAC addresses and can identify device manufacturers.
📑 Table of Contents
Network administrators use arp-scan for inventory management, finding rogue devices, detecting IP conflicts, and identifying all hosts on a network segment. Its speed and accuracy make it a preferred choice over slower ICMP-based discovery methods.
Key Features
- Fast Discovery – Scans entire subnets in seconds
- MAC Identification – Reveals hardware addresses
- Vendor Lookup – Identifies device manufacturers
- Firewall Bypass – ARP cannot be filtered locally
- Duplicate Detection – Find IP address conflicts
- Custom Packets – Craft specific ARP requests
Installation
sudo apt install arp-scan # Debian/Ubuntu
sudo dnf install arp-scan # Fedora/RHELBasic Usage Examples
# Scan local network
sudo arp-scan --localnet
sudo arp-scan -l
# Scan specific subnet
sudo arp-scan 192.168.1.0/24
# Scan specific interface
sudo arp-scan -I eth0 --localnet
# Show only IP and MAC
sudo arp-scan -l -x
# Specify source IP
sudo arp-scan -S 192.168.1.100 192.168.1.0/24
# Update OUI database
sudo arp-scan --update-ouiUse Cases
- Network Inventory – Discover all connected devices
- Rogue Detection – Find unauthorized devices
- IP Conflict Resolution – Identify duplicate IPs
- Device Identification – Identify device types by vendor
- Network Mapping – Document network topology
Was this article helpful?