Skip to content

1.10.0

Latest
Latest
Compare
Choose a tag to compare
@royhills royhills released this 13 Dec 23:07
· 46 commits to master since this release
1.10.0
0e6fd36
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

arp-scan 1.10.0 release notes

Introduction

arp-scan 1.10.0 is a major release that should be fully backwards compatible with arp-scan release 1.9 and 1.9.* git tags.

Thanks to everyone who reported bugs, suggested new features, and sent pull requests over the years. The github community has been the source of the new features and bugfixes in the 1.9.* tagged versions and this 1.10.0 release. So thanks to everyone who created issues and opened pull requests.

This release has been well tested, but some bugs will inevitably remain. If manage to find a bug, please open a github issue.

If you don't have the autotools (autoconf and automake) installed, please download the arp-scan-1.10.0.tar.gz tarball. This contains a ./configure file and the auxilliary files that would normally need autoreconf --install to generate.

Supported Systems

arp-scan version 1.10.0 has been tested on:

  • Linux: Tested on debian, ubuntu, alpine. Should work on any Linux distro with any architecture.
  • BSD: Tested on FreeBSD, NetBSD, OpenBSD, DragonflyBSD, macOS. Should work on any BSD based system.
  • Solaris: Solaris 10. Should work on any DLPI system in theory, but these are rare beasts now.

Please open a github issue if you would like arp-scan to support an operating system that is not listed.

Things to Note for version 1.10.0

  • MAC/Vendor mapping file changes
    • ieee-oui.txt now holds data for all IEEE registries: MA-L (OUI), MA-M, MA-S (OUI36) and IAB.
    • The get-oui script now obtains data from all the IEEE registries and concatenates them to form ieee-oui.txt. It can easily be edited to use data from the Debian ieee-data package if you are on a Debian based system. This script now requires the Perl module Text::CSV. Sorry for adding another dependency.
    • The get-iab script has been removed (replaced with a stub script that prints a message saying it's depreciated, which maintainers may want to omit from their packages) and the --iabfile option has been removed from arp-scan.
    • mac-vendor.txt file now allows regular MAC addresses e.g. 00:0c:29:b9:43:1b, and is installed to $(sysconfdir)/$(PACKAGE) e.g. /usr/local/etc/arp-scan. Package maintainers should allow user changes to this file to be preserved on upgrade if that's possible with the distro - upstream changes should be very infrequent in the future.
  • arp-scan is POSIX.1e capabilities aware on Linux with libcap
    • arp-scan will build with capabilities support if libcap header and library are installed (e.g. libcap-dev on Debian). configure option --with-libcap, defaults to auto.
    • If built with capabilities support the executable will depend on the libcap shared library (e.g. libcap.so.2). arp-scan --version will report Built with libcap POSIX.1e capability support if support is included.
    • make install will install setcap cap_net_raw+p if the setcap command is available (e.g. libcap2-bin on Debian) and works, otherwise it will fallback to SUID. If you want to change this behaviour, comment out or edit the install-exec-hook in Makefile.am.
    • See NEWS.md file for more details of POSIX.1e capabilities support.
  • Lots of new features, bugs squashed and corner cases fixed - See NEWS.md for details

Main Changes since arp-scan 1.9

This section lists the main changes between arp-scan version 1.9 and 1.10.0. More details are available in the NEWS.md and ChangeLog files.

2022-12-10 arp-scan 1.10.0 (git tag 1.10.0)

  • New Features

    • POSIX.1e capabilities support for Linux systems with libcap
    • New --format option allows flexible output format
    • ieee-oui.txt now holds data for all IEEE registries: MA-L (OUI), MA-M, MA-S (OUI36) and IAB.

  • General improvements

    • Reformatted and updated man pages and --help output.

2022-10-08 arp-scan 1.9.8 (git tag 1.9.8)

  • New Features:

    • Allow the use of Linux IP aliases such as eth0:0 for the interface name.
    • Permit regular MAC addresses e.g. 00:0c:29:b9:43:1b in mac-vendor.txt.
    • --limit=n option exits after n of hosts have responded, exit 1 for <n
    • --resolve option to resolve responding IP addresses to hostnames

  • Fixed bugs:

    • Potential buffer overrun in unmarshal_arp_pkt().
    • arp-scan aborts with EAGAIN on busy network or using high bandwidth
    • late ARP responses could sometimes be incorrectly flagged as duplicate

  • General improvements:

    • Updated IEEE URLs in download perl scripts.
    • Updated source for Mersenne RNG and replacement strlcat/strlcpy & getopt.
    • Updated for compatability with autoconf 2.71
    • make distcheck works now
    • Number of responding hosts reported no longer counts duplicate packets.
    • Several edge cases fixed.

  • Misc Changes:

    • CI framework migrated from travis-ci to github actions.
    • Several new tests for make check

2019-11-10 arp-scan 1.9.7

  • Improved error messages from libpcap functions.
  • Remove obsolescent and unused autoconf macros. Assume the C compiler is ANSI C (C89) compliant.

2019-10-13 arp-scan 1.9.6

  • Use libpcap function pcap_set_immediate_mode() instead of ioctl calls to ensure packets are delivered immediately.
  • Fix compiler warnings caused by the depreciated function pcap_lookupdev() in libpcap 1.9.0 and later.

2016-09-03 arp-scan 1.9.5

  • Use posix hash table functions hcreate(), hsearch() and hdestroy() instead of the gas hash table code. Thanks to nihilus for the suggestion.

  • Remove function replacement for inet_aton(), as this was only required for Solaris 8, which is now considered obsolete.

  • Added -l option to arp-fingerprint to support fingerprinting all hosts on the local network. Thanks to Rhig for the pull request.

  • Use the source_mac rather than interface_mac in the pcap filter, to permit reception of packets with spoofed MAC source address. Thanks to tissieres for the pull request.

  • Use the libpcap 1.0 API functions pcap_create() instead of pcap_open_live().

2013-11-24 arp-scan 1.9.2

  • Added new --plain (-x) option to suppress printing of header and footer text, and only display one output line for each responding host. Idea from Stefan Tomanek's arp-scan fork on github at https://github.com/wertarbyte/arp-scan.

  • Use LWP::UserAgent instead of LWP::Simple in get-oui and get-iab to enable the raw content to be obtained, which avoids Unicode/UTF-8 issues.

  • Moved arp-scan development from internal SVN repository to github at https://github.com/royhills/arp-scan.

Assets 3