From owner-freebsd-questions@FreeBSD.ORG Wed Jun 29 23:33:04 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F5AE16A41C for ; Wed, 29 Jun 2005 23:33:04 +0000 (GMT) (envelope-from glenn@antimatter.net) Received: from cobalt.antimatter.net (cobalt.antimatter.net [69.55.224.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8304443D49 for ; Wed, 29 Jun 2005 23:33:04 +0000 (GMT) (envelope-from glenn@antimatter.net) Received: from glenn-mobile.antimatter.net (cpe-66-27-86-22.san.res.rr.com [66.27.86.22]) (authenticated bits=0) by cobalt.antimatter.net (8.13.4/8.13.4) with ESMTP id j5TNX2ID003991 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Wed, 29 Jun 2005 16:33:02 -0700 Message-Id: <6.1.0.6.2.20050629162738.0b118eb0@cobalt.antimatter.net> X-Sender: lists@cobalt.antimatter.net X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6 Date: Wed, 29 Jun 2005 16:30:30 -0700 To: Vince Hoffman , Fabian Anklam From: Glenn Dawson In-Reply-To: <20050629232054.J8551@unsane.co.uk> References: <467b1e7a050629141856d72f91@mail.gmail.com> <6.1.0.6.2.20050629143657.083d5050@cobalt.antimatter.net> <467b1e7a05062914585928de07@mail.gmail.com> <20050629232054.J8551@unsane.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Looking for arp scanner X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 23:33:04 -0000 At 03:45 PM 6/29/2005, Vince Hoffman wrote: >On Wed, 29 Jun 2005, Fabian Anklam wrote: > >>On 6/29/05, Glenn Dawson wrote: >>>At 02:18 PM 6/29/2005, Fabian Anklam wrote: >>>>Hi there, >>>> >>>>I've browsing freshports.org for an arp scanner and found only >>>>arpscan, which is marked broken and knowlan, which hasn't been updated >>>>in years. What's the tool of choice to map out IP-Adresses on a subnet >>>>when you know that quite a few hosts are firewalled from ping? >>> >>>Try nmap. It has a variety of different ways to "look" for systems on a >>>given subnet. >>Thanks. Tried nmap. As I said, some systems that i want to have in my >>output are locally firewalled and I doubt the -sP switch catches >>them. Port scans are out of the question. > >Thinking about it even if the host blocks ping then it will have to reply >to an arp request. so make a short script to clear the arp cache ('arp -a >-d' as root) then do your nmap -sP xxx.xxx.xxx.xxx/yyy and do an arp -a >which will list all the arp entries in your arp cache (should be every >host that responded to an arp request when you did the ping scan but maybe >pipe it through grep to only get the arps for ips in that range) > >also arping may be of use. I suppose if you need to be totally passive, you could do: tcpdump -i fxp0 arp (assuming of course that your network interface is on fxp0) and let it run for a bit. Eventually you'll catch all the active hosts on the network. -Glenn >Vince > >> >>>-Glenn >>> >>> >>>>Thanks, Fabian >>>>_______________________________________________ >>>>freebsd-questions@freebsd.org mailing list >>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>>To unsubscribe, send any mail to >>>>"freebsd-questions-unsubscribe@freebsd.org" >>> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"