Arp-scan Recent Changes
The page contains details of the recent changes in arp-scan. The data comes from the NEWS file, which is included in the arp-scan source code release.
For details of proposed features for future releases, see Desired New Features.
Changes in arp-scan 1.9, released July 2013
- Updated IEEE OUI and IAB MAC/Vendor files. There are now 18157 OUI entries and 4414 IAB entries.
- Use autoconf 2.69 and automake 1.11 to add support for ARM 64-bit CPUs.
- Use libpcap functions to obtain the interace IP address and send the ARP packet, instead of using our own link-layer specific functions. The only link-layer specific function that we still need is get_hardware_address() to obtain the interface MAC address. This means we now require libpcap 0.9.3 or later.
- Added support for Dragonfly BSD.
- The -u option to get-iab and get-oui scripts now works.
- get-oui and get-iab scripts now get the OUI and IAB files from the new locations on the IEEE website, and allow whitespace at the beginning of the line.
- If the MAC/Vendor file locations are not explicitly specified, look for them in the current directory and then in their default location.
- Raised default timeout from 100ms to 500ms.
- Added new --rtt (-D) option to display the packet round-trip time.
- Include <net/bpf.h> header file early in link-bpf.c to avoid BPF symbol problems on some BSD based operating systems.
- Added arp-fingerprint patterns for GNU/Hurd, Amazon Kindle (Linux 2.6), BeOS, Windows 8, Recent Linux, FreeBSD, NetBSD and OpenBSD versions, and RiscOS.
- Added data file "pkt-custom-request-vlan-llc.dat" to the tarball to allow the ARP request packet generation self test to complete successfully.
- Various minor bug fixes and improvements.
Changes in arp-scan 1.8, released March 2011
- Updated IEEE OUI and IAB MAC/Vendor files. There are now 14707 OUI entries and 3542 IAB entries.
- Added support for trailer ARP replies, which were used in early versions of BSD Unix on VAX.
- Added support for ARP packets with both 802.1Q VLAN tag and LLC/SNAP framing.
- The full help output is only displayed if specifically requested with arp-scan --help. Usage errors now result in smaller help output.
- Added support for Apple Mac OS X with Xcode 2.5 and later. This allows arp-scan to build on Tiger, Leopard and Snow Leopard.
- Changed license from GPLv2 to GPLv3.
- Added warning about possible DoS when setting ar$spa to the destination IP address to the help output and man page.
- Added arp-fingerprint patterns for 2.11BSD, NetBSD 4.0, FreeBSD 7.0, Vista SP1, Windows 7 and Blackberry OS.
- Enabled compiler security options -fstack-protect, -D_FORTIFY_SOURCE=2 and -Wformat-security if they are supported by the compiler. Also enabled extra warnings -Wwrite-strings and -Wextra.
- Added new "make check" tests to check packet generation, and packet decoding and display.
- Modified get-oui and get-iab perl scripts so they will work on systems where the perl interpreter is not in /usr/bin, e.g. NetBSD.
- Various minor bug fixes and improvements.
Changes in arp-scan 1.7, released July 2008
- new --pcapsavefile (-W) option to save the ARP response packets to a pcap savefile for later analysis with tcpdump, wireshark or another program that supports the pcap file format.
- new --vlan (-Q) option to create outgoing ARP packets with an 802.1Q VLAN tag ARP responses with a VLAN tag are interpreted and displayed.
- New --llc (-L) option to create outgoing ARP packets with RFC 1042 LLC/SNAP framing. Received ARP packets are decoded and displayed with either LLC/SNAP or the default Ethernet-II framing irrespective of this option.
- Avoid double unmarshalling of packet data: once in callback, then again in display_packet().
- New arp-fingerprint patterns for ARP fingerprinting: Cisco 79xx IP Phone SIP 5.x, 6.x and 7.x; Cisco 79xx IP Phone SIP 8.x.
- Updated IEEE OUI and IAB MAC/Vendor files. There are now 11,697 OUI entries and 2,386 IAB entries.
Changes in arp-scan 1.6, released April 2007
- arp-scan wiki at http://www.nta-monitor.com/wiki/ This contains detailed documentation on arp-scan, and is intended to be the primary documentation resource.
- Added support for Sun Solaris. Tested on Solaris 9 (SPARC). arp-scan may also work on other systems that use DLPI, but only Solaris has been tested.
- New arp-fingerprint patterns for ARP fingerprinting: IOS 11.2, 11.3 and 12.4; ScreenOS 5.1, 5.2, 5.3 and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3 and 7.0.
- Updated IEEE OUI and IAB MAC/Vendor files. There are now 10,214 OUI entries and 1,858 IAB entries.
- Added HSRP MAC address to mac-vendor.txt.
Changes in arp-scan 1.5, released July 2006
- Reduced memory usage from 44 bytes per target to 28 bytes. This reduces the memory usage for a Class-B network from 2.75MB to 1.75MB, and a Class-A network from 704MB to 448MB.
- Reduced the startup time for large target ranges. This reduces the startup time for a Class-A network from 80 seconds to 15 seconds on a Compaq laptop with 1.4GHz CPU.
- Added support for FreeBSD, OpenBSD, NetBSD and MacOS X (Darwin) using the BPF packet capture interface. arp-scan will probably also work on other operating systems that implement BPF, but only those listed have been tested.
- Improved operation of the --srcaddr option. This now changes the source hardware address in the Ethernet header without changing the interface address.
- Additional fingerprints for arp-fingerprint.
- Improved manual pages.
- Updated IEEE OUI and IAB files from IEEE website.
Changes in arp-scan 1.4, released June 2006
- Added IEEE IAB listings and associated get-iab update script and --iabfile option.
- Added manual MAC/Vendor mapping file: mac-vendor.txt and associated --macfile option.
- New --localnet option to scan all IP addresses on the specified interface network and mask.
Changes in arp-scan 1.3, released June 2006
- Initial public release. Source distribution only, which will compile and run on Linux.
Versions 1.0, 1.1 and 1.2 were internal only releases that were never publicly released.