Skip to content

Commit

Permalink
version 1.7 release.
Browse files Browse the repository at this point in the history
git-svn-id: svn+ssh://svn.nta-monitor.com/trunk/opensource/arp-scan@13738 062a1500-4a13-0410-a63b-ee65f32af78f
  • Loading branch information
royhills committed Jul 24, 2008
1 parent 4fa2903 commit 7a89adc
Show file tree
Hide file tree
Showing 7 changed files with 397 additions and 97 deletions.
7 changes: 7 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
$Id$

2008-07-24 Roy Hills <Roy.Hills@nta-monitor.com>

* ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from
IEEE website using get-oui and get-iab Perl scripts.

* configure.ac: Incremented version to 1.7.

2008-07-11 Roy Hills <Roy.Hills@nta-monitor.com>

* arp-scan.a: Removed reference to RMIF environment variable.
Expand Down
5 changes: 4 additions & 1 deletion NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ $Id$
This file gives a brief overview of the major changes between each arp-scan
release. For more details please read the ChangeLog file.

2008-07-17 arp-scan 1.7:
2008-07-24 arp-scan 1.7:

* new --pcapsavefile (-W) option to save the ARP response packets to a pcap
savefile for later analysis with tcpdump, wireshark or another program that
Expand All @@ -22,6 +22,9 @@ release. For more details please read the ChangeLog file.
* New arp-fingerprint patterns for ARP fingerprinting: Cisco 79xx IP Phone
SIP 5.x, 6.x and 7.x; Cisco 79xx IP Phone SIP 8.x.

* Updated IEEE OUI and IAB MAC/Vendor files. There are now 11,697 OUI entries
and 2,386 IAB entries.

2007-04-12 arp-scan 1.6:

* arp-scan wiki at http://www.nta-monitor.com/wiki/
Expand Down
82 changes: 11 additions & 71 deletions README
Original file line number Diff line number Diff line change
Expand Up @@ -28,24 +28,26 @@ installation process. See the file INSTALL for more details.

arp-scan is known to compile and run on the following platforms:

1. Linux (tested on Debian Sarge)
2. FreeBSD (tested on FreeBSD 6.1)
1. Linux (tested on Debian Sarge, Debian Etch and Fedora 9)
2. FreeBSD (tested on FreeBSD 6.1 and FreeBSD 7.0)
3. OpenBSD (tested on OpenBSD 3.9)
4. NetBSD (tested on NetBSD 3.0.1)
5. MacOS X (Darwin) (tested on MacOS 10.3.9)
6. Solaris (tested on Solaris 9/SPARC and Solaris 10/x86)

The ARP packets are sent using raw datalink access. The mechanism for this
varies between platforms, currently Packet Socket (Linux) and BPF (BSD) are
supported. It is planned to add support for Win32 and DLPI (Solaris) in
varies between platforms, currently Packet Socket (Linux), BPF (BSD) and
DLPI (Solaris) are supported. It is planned to add support for Win32 in
future releases.

All platforms use libpcap (http://www.tcpdump.org/) to receive the ARP
responses.

I decided to implement the sending functions directly rather than using libnet
or libdnet because these libraries are not normally installed by default, and
I want to minimise the need to install additional packages. By contrast,
libpcap is a standard package on most systems.
It was decided to implement the sending functions directly rather than using
libnet or libdnet because these libraries are not normally installed by
default, and it was considered desirable to minimise the need to install
additional packages. By contrast, libpcap is a standard package on most
modern systems.


Documentation
Expand Down Expand Up @@ -79,70 +81,8 @@ but it links and runs OK.
This appears to be due to MacOS 10.3 having libpcap 0.8 libraries, but only
0.7 headers.

3. OpenBSD 3.9 gives warning about use of strcat()
arp-scan.c:137: warning: strcat() is almost always misused, please use strlcat()
The offending line reads:

strncat(arg_str, " ", 1);

This is using strncat, not strcat, and I think it is safe.

4. The Perl scripts arp-fingerprint, get-oui and get-iab assume that Perl is
3. The Perl scripts arp-fingerprint, get-oui and get-iab assume that Perl is
installed as /usr/bin/perl. This fails for NetBSD 3.0.1, where it is installed
in /usr/pkg/bin/perl instead.

A workaround is to make /usr/bin/perl a symlink to /usr/pkg/bin/perl.


ARP Packet Format
-----------------

This belongs in the man page, and will probably be moved there in a future
release.

The ARP packet format is defined in RFC 826 "An Ethernet Address Resolution
Protocol". The diagram below shows the entire ARP packet, including the
Ethernet frame header.

In this diagram, each dash (-) represents one bit, with plus (+) marks every
eight bits. The names for the ARP packet fields like "ar$hrd" are taken
from RFC 826.

Ethernet Frame Header:

+--------+--------+--------+--------+--------+--------+
| Dest Address |
+--------+--------+--------+--------+--------+--------+
| Source Address |
+--------+--------+--------+--------+--------+--------+
| Protocol Type |
+--------+--------+

ARP Packet data:

+--------+--------+
| ar$hrd |
+--------+--------+
| ar$pro |
+--------+--------+
|ar$hln |
+--------+
|ar$pln |
+--------+--------+
| ar$op |
+--------+--------+--------+--------+--------+--------+
| ar$sha |
+--------+--------+--------+--------+--------+--------+
| ar$spa |
+--------+--------+--------+--------+--------+--------+
| ar$tha |
+--------+--------+--------+--------+--------+--------+
| ar$tpa |
+--------+--------+--------+--------+

Optional Padding:

+--------+--------+...
| Padding ...
+--------+--------+...

2 changes: 0 additions & 2 deletions TODO
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,3 @@ Investigate response packets >60 bytes long, e.g:
10:27:40.802358 00:06:d7:55:0f:40 > 00:c0:9f:09:b8:db, ethertype ARP (0x0806), length 64: arp reply maple.nta-monitor.com is-at 00:06:d7:55:0f:40

Review verbose levels, and what gets displayed.

Add details of --llc and --vlan options to man page.
2 changes: 1 addition & 1 deletion configure.ac
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
dnl $Id$
dnl Process this file with autoconf to produce a configure script.

AC_INIT([arp-scan], [1.6.4], [arp-scan@nta-monitor.com])
AC_INIT([arp-scan], [1.7], [arp-scan@nta-monitor.com])
AC_PREREQ(2.59)
AC_REVISION($Revision$)
AC_CONFIG_SRCDIR([arp-scan.c])
Expand Down
97 changes: 91 additions & 6 deletions ieee-iab.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
#
# Blank lines and lines beginning with "#" are ignored.
#
# This file was automatically generated by get-iab at 2008-05-04 19:07:02
# This file was automatically generated by get-iab at 2008-07-24 19:46:03
# using data from http://standards.ieee.org/regauth/oui/iab.txt
#
# Do not edit this file. If you want to add additional MAC-Vendor mappings,
Expand Down Expand Up @@ -178,7 +178,7 @@
0050C209F MetaWave Vedeo Systems
0050C20A0 CYNAPS
0050C20A1 Visable Genetics, Inc.
0050C20A2 Jager Messtechnik GmbH
0050C20A2 J�ger Computergesteuerte Messtechnik GmbH
0050C20A3 BaSyTec GmbH
0050C20A4 Bounty Systems Pty Ltd.
0050C20A5 Mobiltex Data Ltd.
Expand Down Expand Up @@ -1199,7 +1199,7 @@
0050C249C Envisacor Technologies Inc.
0050C249D Critical Link
0050C249E Armorlink CO .Ltd
0050C249F PRIVATE
0050C249F GCS, Inc
0050C24A0 Advanced technologies & Engineering (pty) Ltd
0050C24A1 Pigeon Point Systems
0050C24A2 SPECS GmbH
Expand Down Expand Up @@ -1467,7 +1467,7 @@
0050C25A8 ETAP NV
0050C25A9 AYC Telecom Ltd
0050C25AA Transenna AB
0050C25AB Pulizzi Engineering, Inc.
0050C25AB Eaton Corporation Electrical Group Data Center Solutions - Pulizzi
0050C25AC Kinemetrics, Inc.
0050C25AD Emcom Systems
0050C25AE CPS EUROPE B.V.
Expand Down Expand Up @@ -2052,7 +2052,7 @@
0050C27F1 STUHL Regelsysteme GmbH
0050C27F2 Logotherm Regelsysteme GmbH
0050C27F3 SOREC
0050C27F4 beyerdynamic GmbH & Co. KG
0050C27F4 Wireless Cables Inc
0050C27F5 ACE Carwash Systems
0050C27F6 Saia-Burgess Controls AG
0050C27F7 MangoDSP
Expand Down Expand Up @@ -2311,11 +2311,96 @@
0050C28F4 Critical Link
0050C28F5 tec5 AG
0050C28F6 K-MAC Corp.
0050C28F7 Certicom Corp.
0050C28F7 TGE Co., Ltd.
0050C28F8 RMSD LTD
0050C28F9 Honeywell International
0050C28FA TELIUM s.c.
0050C28FB Alfred Kuhse GmbH
0050C28FC Symetrics Industries
0050C28FD Sindoma M�h Mim �n� Elk San Tic Ltd.
0050C28FE Cross Country Systems AB
0050C28FF Luceat Spa
0050C2900 Magor Communications Corp
0050C2901 Research Applications Incorp
0050C2902 China Railway Signal & Communication Corp.
0050C2903 EcoAxis Systems Pvt. Ltd.
0050C2904 R2Sonic, LLC
0050C2905 Link Communications, Inc
0050C2906 Gidel
0050C2907 Cristal Controles Ltee
0050C2908 Codex Digital Ltd
0050C2909 Elisra Electronic Systems
0050C290A Board Level Limited
0050C290B E.ON ES Sverige AB
0050C290C LSS GmbH
0050C290D EVK DI Kerschhaggl GmbH
0050C290E Phytec Messtechnik GmbH
0050C290F INTEGRA Biosciences AG
0050C2910 Autotank AB
0050C2911 Vapor Rail
0050C2912 ASSET InterTech, Inc.
0050C2913 Selex Sensors & Airborne Systems
0050C2914 IO-Connect
0050C2915 Verint Systems Ltd.
0050C2916 CHK GridSense P/L
0050C2917 CIRTEM
0050C2918 Design Lightning Corp
0050C2919 AHV Systems, Inc.
0050C291A Xtone Networks
0050C291B Embedded Data Systems, LLC
0050C291C MangoDSP
0050C291D Rosendahl Studiotechnik GmbH
0050C291E Automation Tec
0050C291F 2NCOMM DESIGN SRL
0050C2920 Rogue Engineering Inc.
0050C2921 iQue RFID Technologies BV
0050C2922 Metrum Sweden AB
0050C2923 Amicus Wireless
0050C2924 Link Electric & Safety Control Co.
0050C2925 PHB Eletronica Ltda.
0050C2926 DITEST FAHRZEUGDIAGNOSE GMBH
0050C2927 ATIS group s.r.o.
0050C2928 Cinetix GmbH
0050C2929 Flight Deck Resources
0050C292A TOPEX SA
0050C292B DSP DESIGN
0050C292C Exatrol Corporation
0050C292D APProSoftware.com
0050C292E Goanna Technologies Pty Ltd
0050C292F Phytec Messtechnik GmbH
0050C2930 NETA Elektronik AS
0050C2931 Korea Telecom Internet Solutions (KTIS)
0050C2932 SMAVIS Inc.
0050C2933 Saia-Burgess Controls AG
0050C2934 Xilar Corp.
0050C2935 Image Video
0050C2936 Margaritis Engineering
0050C2937 BigBear
0050C2938 Postec Data Systems Ltd
0050C2939 Mosaic Dynamic Solutions
0050C293A ALPHATRONICS nv
0050C293B Reliatronics Inc.
0050C293C FractureCode Corporation
0050C293D Lighting Science Group Corporation
0050C293E RCS Communication Test Systems Ltd.
0050C293F TSB Solutions Inc.
0050C2940 Phitek Systems Ltd.
0050C2941 Rolbit
0050C2942 Keith & Koep GmbH
0050C2943 QuanZhou TDX Electronics Co., Ltd.
0050C2944 Wireonair A/S
0050C2945 Ex-i Flow Measurement Ltd.
0050C2946 MEGWARE Computer GmbH
0050C2947 IMEXHIGHWAY cvba
0050C2948 ELECTRONIA
0050C2949 taskit GmbH
0050C294A TRUMEDIA TECHNOLOGIES
0050C294B Piller engineering Ltd.
0050C294C TEMIX
0050C294D C&H technology ltd.
0050C294E Zynix Original Sdn. Bhd.
0050C294F IT-Designers GmbH
0050C2950 Tele and Radio Research Institute
0050C2951 EL.C.A. soc. coop.
0050C2952 Tech Fass s.r.o.
0050C2953 EPEL Industrial
Loading

0 comments on commit 7a89adc

Please sign in to comment.