Free Knowledge Resources


Linux Manual Pages


Free Software * Books

Source Code

Free Media

Linux

arp-fingerprint(1)

NAME

   arp-fingerprint - Fingerprint a system using ARP

SYNOPSIS

   arp-fingerprint [options] target

   The target should be specified as a single IP address or hostname.  You
   cannot specify multiple targets, IP networks or ranges.

   If you use an IP address for the target, you can use the -o  option  to
   pass  the  --numeric  option  to  arp-scan,  which will prevent it from
   attempting DNS lookups.  This can speed up the fingerprinting  process,
   especially on systems with a slow or faulty DNS configuration.

DESCRIPTION

   arp-fingerprint  fingerprints  the  specified target host using the ARP
   protocol.

   It sends various different types of ARP  request  to  the  target,  and
   records  which  types  it  responds  to.  From  this,  it  constructs a
   fingerprint string consisting of "1" where the target responded and "0"
   where  it  did not.  An example of a fingerprint string is 01000100000.
   This fingerprint string is  then  used  to  lookup  the  likely  target
   operating system.

   Many  of  the  fingerprint  strings  are  shared  by  several operating
   systems,  so  there  is  not  always  a  one-to-one   mapping   between
   fingerprint  strings  and  operating  systems.  Also  the  fact  that a
   system's fingerprint matches a certain operating  system  (or  list  of
   operating  systems)  does  not  necessarily  mean that the system being
   fingerprinted is that operating system, although it  is  quite  likely.
   This  is because the list of operating systems is not exhaustive; it is
   just what I have  discovered  to  date,  and  there  are  bound  to  be
   operating systems that are not listed.

   The  ARP  fingerprint  of  a  system  is  generally  a function of that
   system's kernel (although it is possible for the  ARP  function  to  be
   implemented in user space, it almost never is).

   Sometimes,   an   operating  system  can  give  different  fingerprints
   depending on the  configuration.   An  example  is  Linux,  which  will
   respond  to  a non-local source IP address if that IP is routed through
   the interface being tested.  This is both good and bad: on one hand  it
   makes  the  fingerprinting  task more complex; but on the other, it can
   allow some aspects of the system configuration to be determined.

   Sometimes the fact that two different operating systems share a  common
   ARP  fingerprint  string  points  to  a  re-use of networking code. One
   example of this is Windows NT and FreeBSD.

   arp-fingerprint uses arp-scan to send the ARP requests and receive  the
   replies.

   There  are other methods that can be used to fingerprint a system using
   arp-scan which can be  used  in  addition  to  arp-fingerprint.   These
   additional  methods  are not included in arp-fingerprint either because
   they are likely to cause disruption to the target  system,  or  because
   they  require  knowledge  of  the  target's  configuration that may not
   always be available.

   arp-fingerprint is still being developed, and the results should not be
   relied  on. As most of the ARP requests that it sends are non-standard,
   it is possible that it may disrupt some systems, so caution is advised.

   If you find a system that arp-fingerprint reports as UNKNOWN,  and  you
   know what operating system it is running, could you please send details
   of the operating system and fingerprint to [email protected]  so
   I  can  include it in future versions. Please include the exact version
   of the operating system if  you  know  it,  as  fingerprints  sometimes
   change between versions.

OPTIONS

   -h     Display a brief usage message and exit.

   -v     Display verbose progress messages.

   -o <option-string>
          Pass  specified  options  to  arp-scan.  You need to enclose the
          options string in quotes if it contains  spaces.  e.g.   -o  "-I
          eth1".   The  commonly  used  options  are  --interface (-I) and
          --numeric (-N).

EXAMPLES

   $ arp-fingerprint 192.168.0.1
   192.168.0.1   01000100000     Linux 2.2, 2.4, 2.6

   $ arp-fingerprint -o "-N -I eth1" 192.168.0.202
   192.168.0.202 11110100000     FreeBSD 5.3, Win98, WinME, NT4, 2000, XP, 2003

NOTES

   arp-fingerprint is implemented in Perl, so you need to  have  the  Perl
   interpreter installed on your system to use it.

AUTHOR

   Roy Hills <[email protected]>

SEE ALSO

   arp-scan(1)

   http://www.nta-monitor.com/wiki/ The arp-scan wiki page.

                             April 5, 2007              ARP-FINGERPRINT(1)



Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.


Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.


Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.


Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.


birds banner