One of my friends pinged me last week and asked me how I would go about locating all hosts on a layer-2 network. Typically I would use fping with the “-g’ option, but he wanted to find all hosts including ones that were running host-based firewalls. For this specific case, I would use the Linux arping utility. This nifty utility allows you to locate hosts using ARP requests and responses, which hosts running host-based firewalls would still respond to:
$ arping 192.168.1.1
ARPING 192.168.1.1 from 192.168.1.10 eth0
Unicast reply from 192.168.1.1 [00:23:69:25:A2:4E] 0.942ms
Unicast reply from 192.168.1.1 [00:23:69:25:A2:4E] 0.725ms
Unicast reply from 192.168.1.1 [00:23:69:25:A2:4E] 0.727ms
Unicast reply from 192.168.1.1 [00:23:69:25:A2:4E] 0.722ms
Unicast reply from 192.168.1.1 [00:23:69:25:A2:4E] 0.739ms
In the sample session above, I was able to locate a host that was running iptables with a drop all incoming traffic policy. There are a ton of super useful networking utilities in the Debian package repository, and I will have to document some of the less well known utilities in future posts.