The arping application is a simple command that will allow you to ping devices by hostname, IP address, or MAC address. The unfortunate part is that most device will not respond to the arp requests, which are directed broadcast ICMP echo requests, though there are some out there that do. I go into more detail below regarding pinging via MAC address by providing an example of the typical output, example output when a MAC address responds to the ICMP echo requests, and details about how to configure hosts to respond to these ICMP echo requests. I also show a couple of the switches available with arping and provide examples of using arping to ping devices by IP and host.

arping – Backtrack Linux > Information Gathering > Network Analysis > Identify Live Hosts

[AC_PRO id=10442]

arping Functionality – Ping Host By IP

The arping command sends arp who-has queries instead of ping which sends ICMP echo requests. Notice how the responses are in usec’s or microseconds which provides a more granular view into the response time from a device. So because of the method used to contact hosts and because its layer 2 arping is for communications on LAN’s not over WAN’s. Also notice the -c switch that is used and tells arping to send a count of three packets.

arping Functionality – Ping Host By Hostname

As you can see above the responses from arping when pinging a hostname are the same as when pinging an IP address. Again the -c switch was used to send only three packets.

arping Functionality – Ping Host By MAC Address

The above output is what you would typically see when pinging a MAC address using arping. Most devices block the ICMP echo requests that are sent via arping though I have found some devices that do response such as Apple TV’s and other Apple devices. It is also easy to modify a couple settings on Linux servers to allow them to respond to the ICMP echo requests as well. The author of arping discusses potentially obtaining results when modifying the OS task scheduler using the “nice” command however I have yet to have any different results using this command so I left it out of the examples until I can understand more about it. Below we demonstrate both a Apple TV responding to arping’s ICMP echo requests as well as describe the Linux server settings modification and display the before/after output of arping sending ICMP echo requests to a Backtrack Linux server.

arping Functionality – Ping Apple TV By MAC Address

Pretty slick! I have seen various feedback provided to the author of arping calling the tool useless however I would strongly disagree. It would appear to me that these people attempted to use the tool once against a default Windows host or similar and then started complaining. With a little exploring I could see this tool coming in handy when on large flat networks and when layer two connectivity is not locked down as an entry point for info gathering.

arping – Modify Linux Host To Respond To ICMP Echo Requests

After the above changes are made to that specific Backtrack Linux server it will now respond to ICMP echo requests however once it is rebooted it will go back to denying those same requests as before. If you wanted to make the changes permanent then you would just need to make the modifications to sysctl.conf. Below are results of arping from the same Backtrack Linux server that was used above when there were 0 responses received.

arping Functionality – Ping Host By MAC Address After Modifications

To round out this post I wanted to provide a couple more examples using different switches so you get an idea of other arping capabilities. Keep in mind that by reading the man page provided you can obtain most of this information and you should always read a commands man page in detail before using the command or asking any questions!

arping – Verbose Output Switch Addition

Notice there is more informational output about the command before the ICMP echo requests are sent. This assists in troubleshooting and/or understanding how arping functions.

There are a bunch of other switches that can be used including the -a switch to provide a sound for every success, -i to set the from interface, -b to se the source broadcast address and many more. Overall while arping is a fairly basic application it does provide a good amount of functionality and I read the author is looking to provide DoS functionality in the future potentially. If anyone else has devices that respond to ICMP echo requests without modifications I would be interested in hearing those in the comments!

See larger image Hacking Exposed 7: Network Security Secrets and Solutions (Paperback) List Price: $50.00 USD New From: $23.70 USD In Stock Used from: $9.46 USD In Stock

See larger image Network Defense: Securing and Troubleshooting Network Operating Systems (EC-Council Press) (Paperback) List Price: $179.95 New From: $189.00 USD In Stock Used from: $7.63 USD In Stock