本文为大家介绍 使用arp-scan扫描局域网IP地址的方法,供大家学习参考。
1,在安装之前需要安装
yum install -y libpcap libpcap-devel
如果没有安装yum工具
需要用rpm安装如下软件包
[root@oradba arp-scan-1.8]# yum list|grep libpcap
libpcap.i386 14:0.9.4-15.el5 installed
libpcap.x86_64 14:0.9.4-15.el5 installed
libpcap-devel.i386 14:0.9.4-15.el5 installed
libpcap-devel.x86_64 14:0.9.4-15.el5 installed
2,下载软件包
wget http://www.nta-monitor.com/tools/arp-scan/download/arp-scan-1.8.tar.gz
3,编译软件包
tar xvf arp-scan-1.8.tar.gz
cd arp-scan-1.8
./configure
make && make install
查看网段所有的主机
[root@oradba arp-scan-1.8]# arp-scan -l
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.100.1 00:24:1d:17:d6:e3 GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.4 00:26:b9:51:68:ef Dell Inc //网卡
192.168.100.5 20:cf:30:6f:6f:c6 ASUSTek COMPUTER INC.
192.168.100.6 48:5b:39:86:1c:62 ASUSTek COMPUTER INC.
192.168.100.7 48:5b:39:86:1c:3a ASUSTek COMPUTER INC.
有多个网卡可以指定选择哪个网卡
[root@gateway ~]# arp-scan --interface=eth1 -l
Interface: eth1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.100.1 00:24:1d:17:d6:e3 GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.4 00:26:b9:51:68:ef Dell Inc
192.168.100.5 20:cf:30:6f:6f:c6 ASUSTek COMPUTER INC.
192.168.100.6 48:5b:39:86:1c:62 ASUSTek COMPUTER INC.
192.168.100.7 48:5b:39:86:1c:3a ASUSTek COMPUTER INC.
192.168.100.8 bc:30:5b:ad:74:22 Dell Inc.
192.168.100.9 00:26:b9:8e:16:17 Dell Inc
192.168.100.15 00:26:b9:35:cf:63 Dell Inc
192.168.100.17 00:0c:29:08:6a:06 VMware, Inc.
192.168.100.18 00:0c:29:08:6a:06 VMware, Inc.
192.168.100.19 00:0c:29:08:6a:06 VMware, Inc.
192.168.100.20 00:0c:29:08:6a:06 VMware, Inc.
192.168.100.22 00:24:1d:17:d6:e3 GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.23 84:2b:2b:59:31:4f Dell Inc.
192.168.100.24 00:26:b9:8e:16:17 Dell Inc
指定某一段IP地址
[root@gateway ~]# arp-scan --interface=eth1 192.168.100.0/29
Interface: eth1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8 with 8 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.100.1 00:24:1d:17:d6:e3 GIGA-BYTE TECHNOLOGY CO.,LTD.
192.168.100.4 00:26:b9:51:68:ef Dell Inc
192.168.100.5 20:cf:30:6f:6f:c6 ASUSTek COMPUTER INC.
192.168.100.6 48:5b:39:86:1c:62 ASUSTek COMPUTER INC.
192.168.100.7 48:5b:39:86:1c:3a ASUSTek COMPUTER INC.
用于更新mac地址,便于在扫描时知道使用的是那个厂商的网卡
[root@gateway ~]# get-oui -v
Fetching OUI data from http://standards.ieee.org/regauth/oui/oui.txt
Fetched 2642079 bytes
Opening output file ieee-oui.txt
16445 OUI entries written to file ieee-oui.txt
[root@gateway ~]# get-iab -v
Fetching IAB data from http://standards.ieee.org/regauth/oui/iab.txt
Fetched 608631 bytes
Opening output file ieee-iab.txt
3995 IAB entries written to file ieee-iab.txt
其它用法参照: arp-scan --help 。