Arp-scan Recent Changes

From NTA-Wiki

The page contains details of the recent changes in arp-scan. The data comes from the NEWS file, which is included in the arp-scan source code release.

For details of proposed features for future releases, see Desired New Features.

Contents 1 Changes in arp-scan 1.7, released July 2008 2 Changes in arp-scan 1.6, released April 2007 3 Changes in arp-scan 1.5, released July 2006 4 Changes in arp-scan 1.4, released June 2006 5 Changes in arp-scan 1.3, released June 2006 6 Previous Versions

Changes in arp-scan 1.7, released July 2008

• new --pcapsavefile (-W) option to save the ARP response packets to a pcap savefile for later analysis with tcpdump, wireshark or another program that supports the pcap file format.

• new --vlan (-Q) option to create outgoing ARP packets with an 802.1Q VLAN tag ARP responses with a VLAN tag are interpreted and displayed.

• New --llc (-L) option to create outgoing ARP packets with RFC 1042 LLC/SNAP framing. Received ARP packets are decoded and displayed with either LLC/SNAP or the default Ethernet-II framing irrespective of this option.

• Avoid double unmarshalling of packet data: once in callback, then again in display_packet().

• New arp-fingerprint patterns for ARP fingerprinting: Cisco 79xx IP Phone SIP 5.x, 6.x and 7.x; Cisco 79xx IP Phone SIP 8.x.

• Updated IEEE OUI and IAB MAC/Vendor files. There are now 11,697 OUI entries and 2,386 IAB entries.

Changes in arp-scan 1.6, released April 2007

• arp-scan wiki at http://www.nta-monitor.com/wiki/ This contains detailed documentation on arp-scan, and is intended to be the primary documentation resource.

• Added support for Sun Solaris. Tested on Solaris 9 (SPARC). arp-scan may also work on other systems that use DLPI, but only Solaris has been tested.

• New arp-fingerprint patterns for ARP fingerprinting: IOS 11.2, 11.3 and 12.4; ScreenOS 5.1, 5.2, 5.3 and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3 and 7.0.

• Updated IEEE OUI and IAB MAC/Vendor files. There are now 10,214 OUI entries and 1,858 IAB entries.

• Added HSRP MAC address to mac-vendor.txt.

Changes in arp-scan 1.5, released July 2006

• Reduced memory usage from 44 bytes per target to 28 bytes. This reduces the memory usage for a Class-B network from 2.75MB to 1.75MB, and a Class-A network from 704MB to 448MB.

• Reduced the startup time for large target ranges. This reduces the startup time for a Class-A network from 80 seconds to 15 seconds on a Compaq laptop with 1.4GHz CPU.

• Added support for FreeBSD, OpenBSD, NetBSD and MacOS X (Darwin) using the BPF packet capture interface. arp-scan will probably also work on other operating systems that implement BPF, but only those listed have been tested.

• Improved operation of the --srcaddr option. This now changes the source hardware address in the Ethernet header without changing the interface address.

• Additional fingerprints for arp-fingerprint.

• Improved manual pages.

• Updated IEEE OUI and IAB files from IEEE website.

Changes in arp-scan 1.4, released June 2006

• Added IEEE IAB listings and associated get-iab update script and --iabfile option.
• Added manual MAC/Vendor mapping file: mac-vendor.txt and associated --macfile option.
• New --localnet option to scan all IP addresses on the specified interface network and mask.

Changes in arp-scan 1.3, released June 2006

• Initial public release. Source distribution only, which will compile and run on Linux.

Previous Versions

Versions 1.0, 1.1 and 1.2 were internal only releases that were never publicly released.