使用arp-scan扫描局域网IP地址的方法

发布时间:2021-01-07编辑:脚本学堂
本文为大家介绍 使用arp-scan扫描局域网IP地址的方法,供大家学习参考。

本文为大家介绍 使用arp-scan扫描局域网IP地址的方法,供大家学习参考。

1,在安装之前需要安装
yum install -y libpcap libpcap-devel
如果没有安装yum工具
需要用rpm安装如下软件包
[root@oradba arp-scan-1.8]# yum list|grep libpcap
libpcap.i386                               14:0.9.4-15.el5             installed
libpcap.x86_64                             14:0.9.4-15.el5             installed
libpcap-devel.i386                         14:0.9.4-15.el5             installed
libpcap-devel.x86_64                       14:0.9.4-15.el5             installed

2,下载软件包
wget http://www.nta-monitor.com/tools/arp-scan/download/arp-scan-1.8.tar.gz

3,编译软件包
tar xvf arp-scan-1.8.tar.gz
cd arp-scan-1.8
./configure
make && make install

查看网段所有的主机
[root@oradba arp-scan-1.8]# arp-scan -l
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.100.1   00:24:1d:17:d6:e3       GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.4   00:26:b9:51:68:ef       Dell Inc   //网卡
192.168.100.5   20:cf:30:6f:6f:c6       ASUSTek COMPUTER INC.
192.168.100.6   48:5b:39:86:1c:62       ASUSTek COMPUTER INC.
192.168.100.7   48:5b:39:86:1c:3a       ASUSTek COMPUTER INC.

有多个网卡可以指定选择哪个网卡
[root@gateway ~]# arp-scan --interface=eth1 -l
Interface: eth1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.100.1   00:24:1d:17:d6:e3       GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.4   00:26:b9:51:68:ef       Dell Inc
192.168.100.5   20:cf:30:6f:6f:c6       ASUSTek COMPUTER INC.
192.168.100.6   48:5b:39:86:1c:62       ASUSTek COMPUTER INC.
192.168.100.7   48:5b:39:86:1c:3a       ASUSTek COMPUTER INC.
192.168.100.8   bc:30:5b:ad:74:22       Dell Inc.
192.168.100.9   00:26:b9:8e:16:17       Dell Inc
192.168.100.15  00:26:b9:35:cf:63       Dell Inc
192.168.100.17  00:0c:29:08:6a:06       VMware, Inc.
192.168.100.18  00:0c:29:08:6a:06       VMware, Inc.
192.168.100.19  00:0c:29:08:6a:06       VMware, Inc.
192.168.100.20  00:0c:29:08:6a:06       VMware, Inc.
192.168.100.22  00:24:1d:17:d6:e3       GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.23  84:2b:2b:59:31:4f       Dell Inc.
192.168.100.24  00:26:b9:8e:16:17       Dell Inc

指定某一段IP地址
[root@gateway ~]# arp-scan --interface=eth1 192.168.100.0/29
Interface: eth1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 8 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.100.1   00:24:1d:17:d6:e3       GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.4   00:26:b9:51:68:ef       Dell Inc
192.168.100.5   20:cf:30:6f:6f:c6       ASUSTek COMPUTER INC.
192.168.100.6   48:5b:39:86:1c:62       ASUSTek COMPUTER INC.
192.168.100.7   48:5b:39:86:1c:3a       ASUSTek COMPUTER INC.

用于更新mac地址,便于在扫描时知道使用的是那个厂商的网卡
[root@gateway ~]# get-oui -v
Fetching OUI data from http://standards.ieee.org/regauth/oui/oui.txt
Fetched 2642079 bytes
Opening output file ieee-oui.txt
16445 OUI entries written to file ieee-oui.txt
[root@gateway ~]# get-iab -v
Fetching IAB data from http://standards.ieee.org/regauth/oui/iab.txt
Fetched 608631 bytes
Opening output file ieee-iab.txt
3995 IAB entries written to file ieee-iab.txt

其它用法参照: arp-scan --help 。