Arp-scan Recent Changes

From NTA-Wiki

Jump to: navigation, search

The page contains details of the recent changes in arp-scan. The data comes from the NEWS file, which is included in the arp-scan source code release.

For details of proposed features for future releases, see Desired New Features.

Contents

Changes in arp-scan 1.9, released July 2013

  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 18157 OUI entries and 4414 IAB entries.
  • Use autoconf 2.69 and automake 1.11 to add support for ARM 64-bit CPUs.
  • Use libpcap functions to obtain the interace IP address and send the ARP packet, instead of using our own link-layer specific functions. The only link-layer specific function that we still need is get_hardware_address() to obtain the interface MAC address. This means we now require libpcap 0.9.3 or later.
  • Added support for Dragonfly BSD.
  • The -u option to get-iab and get-oui scripts now works.
  • get-oui and get-iab scripts now get the OUI and IAB files from the new locations on the IEEE website, and allow whitespace at the beginning of the line.
  • If the MAC/Vendor file locations are not explicitly specified, look for them in the current directory and then in their default location.
  • Raised default timeout from 100ms to 500ms.
  • Added new --rtt (-D) option to display the packet round-trip time.
  • Include <net/bpf.h> header file early in link-bpf.c to avoid BPF symbol problems on some BSD based operating systems.
  • Added arp-fingerprint patterns for GNU/Hurd, Amazon Kindle (Linux 2.6), BeOS, Windows 8, Recent Linux, FreeBSD, NetBSD and OpenBSD versions, and RiscOS.
  • Added data file "pkt-custom-request-vlan-llc.dat" to the tarball to allow the ARP request packet generation self test to complete successfully.
  • Various minor bug fixes and improvements.

Changes in arp-scan 1.8, released March 2011

  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 14707 OUI entries and 3542 IAB entries.
  • Added support for trailer ARP replies, which were used in early versions of BSD Unix on VAX.
  • Added support for ARP packets with both 802.1Q VLAN tag and LLC/SNAP framing.
  • The full help output is only displayed if specifically requested with arp-scan --help. Usage errors now result in smaller help output.
  • Added support for Apple Mac OS X with Xcode 2.5 and later. This allows arp-scan to build on Tiger, Leopard and Snow Leopard.
  • Changed license from GPLv2 to GPLv3.
  • Added warning about possible DoS when setting ar$spa to the destination IP address to the help output and man page.
  • Added arp-fingerprint patterns for 2.11BSD, NetBSD 4.0, FreeBSD 7.0, Vista SP1, Windows 7 and Blackberry OS.
  • Enabled compiler security options -fstack-protect, -D_FORTIFY_SOURCE=2 and -Wformat-security if they are supported by the compiler. Also enabled extra warnings -Wwrite-strings and -Wextra.
  • Added new "make check" tests to check packet generation, and packet decoding and display.
  • Modified get-oui and get-iab perl scripts so they will work on systems where the perl interpreter is not in /usr/bin, e.g. NetBSD.
  • Various minor bug fixes and improvements.

Changes in arp-scan 1.7, released July 2008

  • new --pcapsavefile (-W) option to save the ARP response packets to a pcap savefile for later analysis with tcpdump, wireshark or another program that supports the pcap file format.
  • new --vlan (-Q) option to create outgoing ARP packets with an 802.1Q VLAN tag ARP responses with a VLAN tag are interpreted and displayed.
  • New --llc (-L) option to create outgoing ARP packets with RFC 1042 LLC/SNAP framing. Received ARP packets are decoded and displayed with either LLC/SNAP or the default Ethernet-II framing irrespective of this option.
  • Avoid double unmarshalling of packet data: once in callback, then again in display_packet().
  • New arp-fingerprint patterns for ARP fingerprinting: Cisco 79xx IP Phone SIP 5.x, 6.x and 7.x; Cisco 79xx IP Phone SIP 8.x.
  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 11,697 OUI entries and 2,386 IAB entries.

Changes in arp-scan 1.6, released April 2007

  • Added support for Sun Solaris. Tested on Solaris 9 (SPARC). arp-scan may also work on other systems that use DLPI, but only Solaris has been tested.
  • New arp-fingerprint patterns for ARP fingerprinting: IOS 11.2, 11.3 and 12.4; ScreenOS 5.1, 5.2, 5.3 and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3 and 7.0.
  • Updated IEEE OUI and IAB MAC/Vendor files. There are now 10,214 OUI entries and 1,858 IAB entries.
  • Added HSRP MAC address to mac-vendor.txt.

Changes in arp-scan 1.5, released July 2006

  • Reduced memory usage from 44 bytes per target to 28 bytes. This reduces the memory usage for a Class-B network from 2.75MB to 1.75MB, and a Class-A network from 704MB to 448MB.
  • Reduced the startup time for large target ranges. This reduces the startup time for a Class-A network from 80 seconds to 15 seconds on a Compaq laptop with 1.4GHz CPU.
  • Added support for FreeBSD, OpenBSD, NetBSD and MacOS X (Darwin) using the BPF packet capture interface. arp-scan will probably also work on other operating systems that implement BPF, but only those listed have been tested.
  • Improved operation of the --srcaddr option. This now changes the source hardware address in the Ethernet header without changing the interface address.
  • Additional fingerprints for arp-fingerprint.
  • Improved manual pages.
  • Updated IEEE OUI and IAB files from IEEE website.

Changes in arp-scan 1.4, released June 2006

  • Added IEEE IAB listings and associated get-iab update script and --iabfile option.
  • Added manual MAC/Vendor mapping file: mac-vendor.txt and associated --macfile option.
  • New --localnet option to scan all IP addresses on the specified interface network and mask.

Changes in arp-scan 1.3, released June 2006

  • Initial public release. Source distribution only, which will compile and run on Linux.

Previous Versions

Versions 1.0, 1.1 and 1.2 were internal only releases that were never publicly released.

Personal tools