How to use the arping command in Linux

0
353

[ad_1]

fatmawati achmad zaenuri / Shutterstock.com

the linux arping the command is like ping, but only for local networks. Its advantage is that it operates at a lower network level, sometimes getting answers when ping can not. Here’s how to use it.

The ARP-protocol

An IP address is a numerical label for a network device. It is used as an address so that the appropriate network traffic reaches the correct device. But most devices on local area networks have dynamic IP addresses. That is, their IP address could very well change the next time they are started.

In order to properly route network traffic to the appropriate device, a scheme must be employed that maps IP addresses to Media Access Control (MAC) addresses. The MAC address is a unique identity established at the point of manufacture of a device. An IP address is a logical Address. The MAC address is a physical Address.

Address Resolution Protocol is the intermediary that maps IP addresses to MAC addresses. The device responsible for sorting and directing network packets on your network (usually the router) creates and maintains an ARP table that links IP addresses to MAC addresses.

If the router needs to route data to a device it doesn’t know about, it makes an ARP request to get the MAC address of the new device.

When a new device connects to your network, it is assigned an IP address, but that’s not enough to route traffic to it. The router needs to get the MAC address, which is the missing piece of the puzzle. But because the IP address alone is not enough information to route packets to the device, Catch-22 cannot use the IP address to query the hardware for the MAC address.

The open systems interconnection model groups the technologies that make up a network as a series of layers. The upper layers cannot operate without the lower layers. There are seven layers in the OSI model.

  • Layer 7 is the top layer, the request layer. It provides information to the computer user and receives information from them.
  • Layer 6 is the presentation layer. This ensures that the data is in the correct format or state as it moves to and from the network format. Encryption and decryption take place at this layer.
  • Layer 5 is the session layer. A session is a network connection between two or more devices. This layer deals with issues such as starting a connection, shaking hands, timeouts, and breaking connections that are no longer needed.
  • Layer 4 is the transportation layer. This is the layer that moves data across the network in a coordinated way. This layer deals with things like transfer rates and data volumes. The Transmission Control Protocol, the TCP in TCP/IP, operates at this layer.
  • Layer 3 is the the net layer. This is where the routing and forwarding of packets takes place. It is the layer in which the Internet Protocol operates, the IP in TCP/IP.
  • Layer 2 is the data link layer. It is used to send packets between directly addressable devices using broadcasts to each device or unicast to specific MAC addresses.
  • Layer 1 is the physical layer. This refers to the physical infrastructure, including cabling, routers, and network switches. Radio waves used in Wi-Fi would also fall into this category.

When the router receives a packet for an IP address that is not in its table, it sends a broadcast packet out to the entire network. It effectively asks “Who has this IP address?” This is a layer two message, so it doesn’t depend on IP routing.

The device with the matching address responds by returning its MAC address. The IP address and MAC address of that device can be added to the mapping table. Normal IP traffic can now be routed to the device because the relationship between its IP address and its MAC address has been established and recorded.

RELATED: The Foundation of the Internet: TCP/IP turns 40

The harpist command

All the smart ARP stuff automatically kicks in in the background, building and maintaining the ARP table. the arping The command brings some of the ARP query functionality to the terminal window. It operates at OSI layer two and can request a response from a device when ping It is not.

In Fedora 36, arping it was already installed, but we needed to install it on Manjaro 21 and Ubuntu 22.04.

In Ubuntu the command is:

sudo apt install arping

Installing arp on Ubuntu

In Manjaro you need to write:

sudo pacman -Sy arping

Arping facility in Manjaro

The easiest way to use arping is with an IP address. This must be the address of a directly addressable device connected to the local network. Because arping operates at layer two, routing is not possible. you will have to use sudo with arping.

sudo arping 192.168.1.17

Using arping with an IP address

Press Ctrl + C to stop. The information returned is the MAC address of the responding device, the index number of the arping request, and the round trip time for the arping application to be completed.

Compare the output with that of ping command, down. the ping The command returns more information about the round trip timing of the network packet. the arping The command gives you less time stats, but does include the MAC address of the device.

ping 192.168.1.17

Use ping with an IP address

You can also use the network name of the device with arping.

sudo arping fedora-36.local

Using arping with an IP address

you can use the -c (count) count option arping stop after a certain number of requests. This command says arping try twice and then stop.

sudo arping -c 2 192.168.1.18

Using the -c option to tell arping to stop after making two requests

If you have multiple network interfaces on your computer, you can use the -I (interface) option to count arping which interface to use.

you can use the ip link Command to list your network interfaces.

ip link

Using ip link to list network interfaces

This computer has three interfaces. the lo The virtual interface is used as a loopback for internal connections between software on the same computer. Here it is of no use to us. We can use the ethernet connection enp3s0 or wireless interface wlan0.

This command says arping to use the interface we choose, and not to make its own selection.

sudo arping -c 2 -I enp3s0 manjaro-21.local

Use the -I option to tell arping to use a specific network interface

Using arping in scripts

wrapping arping in a loop in a script, we can make it work on a range of IP addresses. Copy the text of this script and save it to a file called “scan-range.sh”.

You will need to edit the script and replace all occurrences of 192.168.1 with the IP address of your network.

#!/bin/bash

for ((device=$1; device<=$2; device++))
do

  arping -c 1 192.168.1.$device | grep -E "1 response|1 packets received" > /dev/null

    if [ $? == 0 ]; then
      echo "192.168.1.$device responded."      
    else
      echo "192.168.1.$device didn't respond."
  fi
  
done

The script accepts two command line parameters. These are used as the last octet of the IP addresses in the range you want to use arping in. So if you pass 20 and 30 to the script, the loop will start at 192.168.1.twenty and it would terminate after using the IP address 192.168.1.30.

Parameters are accessed within the script as $1 Y $2. These are used in a C style for circle. At every turn of the for circle, $device it is set to the next IP address in the range.

The script uses the same arping -c format that we have already seen, but this time we only request that a single ARP request be sent to each device in range.

The output of arping the command is piped through grep.

the grep the syntax can be simplified in your script. grep is looking for one of two strings, either “1 reply” or “1 packet received”. This is because the test computers had different versions of arping about them and use different terminology. Yes grep finds any of these phrases, its output value will be zero.

When you know which of the sentences is your version of arping uses, you can simplify the grep syntax by removing the other phrase.

the if test statements $?: a variable that contains the exit code of the last process that terminated, to see if it is zero. If it is, use echo to print a success message to the terminal window. If the test fails then grep did not find any of the strings, which means the ARP request failed.

Make your script executable using the chmod command and the +x option.

chmod +x scan-range.sh

Using the chmod + x option to make the script executable

We’ll run it and scan the IP range from 15 to 20. Some of these addresses don’t have devices attached, so we should see some failures. remember to use sudo . We will also try ping the device at 192.168.1.15.

sudo ./scan-range.sh 15 20
ping 192.168.1.15

Running the script and running ping

We get a mix of hits and misses, just like you would on any network. But note that although the device at 192.168.1.15 responds to the ARP request from layer two, it does not respond to layer three. ping request.

If you had pinged the device and noticed the failure, you would probably be inclined to check that it was plugged in, online, and if you could ping outside of device 192.168.1.15.

But with arping you can verify that you are connected, online and accessible through the network. That would guide your troubleshooting to start looking for routing and ARP table issues.

a deeper insight

There are many layers to onion netting. Yes ping it gets you nowhere, pull down a layer and see what arping I can say you

RELATED: How to manage Linux Wi-Fi networks with Nmtui

[ad_2]