MAN-J
Man PagesPricing
LoginGet Started
arp-fingerprint(1)
Original
English • 97 lines
ARP-FINGERPRINT(1)	    General Commands Manual	    ARP-FINGERPRINT(1)

NAME
       arp-fingerprint - Fingerprint a system using ARP

SYNOPSIS
       arp-fingerprint [options] target

       The target should be specified as a single IP address or hostname.  You
       cannot specify multiple targets, IP networks or ranges.

       If you use an IP address for the target, you can use the -o option to
       pass the --numeric option to arp-scan, which will prevent it from
       attempting DNS lookups.	This can speed up the fingerprinting process,
       especially on systems with a slow or faulty DNS configuration.

DESCRIPTION
       arp-fingerprint fingerprints the specified target host using the ARP
       protocol.

       It sends various different types of ARP request to the target, and
       records which types it responds to. From this, it constructs a
       fingerprint string consisting of "1" where the target responded and "0"
       where it did not.  An example of a fingerprint string is 01000100000.
       This fingerprint string is then used to lookup the likely target
       operating system.

       Many of the fingerprint strings are shared by several operating
       systems, so there is not always a one-to-one mapping between
       fingerprint strings and operating systems. Also the fact that a
       system's fingerprint matches a certain operating system (or list of
       operating systems) does not necessarily mean that the system being
       fingerprinted is that operating system, although it is quite likely.
       This is because the list of operating systems is not exhaustive; it is
       just what I have discovered to date, and there are bound to be
       operating systems that are not listed.

       The ARP fingerprint of a system is generally a function of that
       system's kernel (although it is possible for the ARP function to be
       implemented in user space, it almost never is).

       Sometimes, an operating system can give different fingerprints
       depending on the configuration.	An example is Linux, which will
       respond to a non-local source IP address if that IP is routed through
       the interface being tested.  This is both good and bad: on one hand it
       makes the fingerprinting task more complex; but on the other, it can
       allow some aspects of the system configuration to be determined.

       Sometimes the fact that two different operating systems share a common
       ARP fingerprint string points to a re-use of networking code. One
       example of this is Windows NT and FreeBSD.

       arp-fingerprint uses arp-scan to send the ARP requests and receive the
       replies.

       There are other methods that can be used to fingerprint a system using
       arp-scan which can be used in addition to arp-fingerprint.  These
       additional methods are not included in arp-fingerprint either because
       they are likely to cause disruption to the target system, or because
       they require knowledge of the target's configuration that may not
       always be available.

       Most of the ARP requests that arp-fingerprint sends are non-standard,
       so it could disrupt systems that don't have a robust TCP/IP stack.

OPTIONS
       -h     Display a brief usage message and exit.

       -v     Display verbose progress messages.

       -o <option-string>
	      Pass specified options to arp-scan. You need to enclose the
	      options string in quotes if it contains spaces. e.g.  -o "-I
	      eth1".  The commonly used options are --interface (-I) and
	      --numeric (-N).

       -l     Fingerprint all hosts on the local network. You do not need to
	      specify any target hosts if this option is given.

EXAMPLES
       $ arp-fingerprint 192.168.0.1
       192.168.0.1   01000100000     Linux 2.2, 2.4, 2.6

       $ arp-fingerprint -o "-N -I eth1" 192.168.0.202
       192.168.0.202 11110100000     FreeBSD 5.3, Win98, WinME, NT4, 2000, XP, 2003

NOTES
       arp-fingerprint is implemented in Perl, so you need to have the Perl
       interpreter installed on your system to use it.

SEE ALSO
       arp-scan(1)

       http://www.royhills.co.uk/wiki/ The arp-scan wiki page.

			       October 27, 2022		    ARP-FINGERPRINT(1)

arp-fingerprint(1)

arpfingerprint \- Fingerprint a system using ARP

0popularity

System Information

linux 1.0.0
Updated October 27, 2022
Maintained by Unknown

Actions