Provided by: arp-scan_1.10.0-2_amd64 bug

NAME

       arp-fingerprint - Fingerprint a system using ARP

SYNOPSIS

       arp-fingerprint [options] target

       The  target  should  be  specified as a single IP address or hostname.  You cannot specify
       multiple targets, IP networks or ranges.

       If you use an IP address for the target, you can use the -o option to pass  the  --numeric
       option  to arp-scan, which will prevent it from attempting DNS lookups.  This can speed up
       the fingerprinting process, especially on systems with a slow or faulty DNS configuration.

DESCRIPTION

       arp-fingerprint fingerprints the specified target host using the ARP protocol.

       It sends various different types of ARP request to the target, and records which types  it
       responds  to.  From  this,  it constructs a fingerprint string consisting of "1" where the
       target responded and "0" where it  did  not.   An  example  of  a  fingerprint  string  is
       01000100000.   This  fingerprint string is then used to lookup the likely target operating
       system.

       Many of the fingerprint strings are shared by several operating systems, so there  is  not
       always  a  one-to-one  mapping between fingerprint strings and operating systems. Also the
       fact that a system's fingerprint matches a certain operating system (or list of  operating
       systems)  does  not necessarily mean that the system being fingerprinted is that operating
       system, although it is quite likely. This is because the list of operating systems is  not
       exhaustive; it is just what I have discovered to date, and there are bound to be operating
       systems that are not listed.

       The ARP fingerprint of a system is generally a function of that system's kernel  (although
       it is possible for the ARP function to be implemented in user space, it almost never is).

       Sometimes,   an  operating  system  can  give  different  fingerprints  depending  on  the
       configuration.  An example is Linux, which will respond to a non-local source  IP  address
       if  that  IP  is routed through the interface being tested.  This is both good and bad: on
       one hand it makes the fingerprinting task more complex; but on the  other,  it  can  allow
       some aspects of the system configuration to be determined.

       Sometimes  the  fact  that  two different operating systems share a common ARP fingerprint
       string points to a re-use of networking code. One  example  of  this  is  Windows  NT  and
       FreeBSD.

       arp-fingerprint uses arp-scan to send the ARP requests and receive the replies.

       There  are other methods that can be used to fingerprint a system using arp-scan which can
       be used in addition to arp-fingerprint.  These additional methods are not included in arp-
       fingerprint  either  because  they are likely to cause disruption to the target system, or
       because they require knowledge of the  target's  configuration  that  may  not  always  be
       available.

       Most  of the ARP requests that arp-fingerprint sends are non-standard, so it could disrupt
       systems that don't have a robust TCP/IP stack.

OPTIONS

       -h     Display a brief usage message and exit.

       -v     Display verbose progress messages.

       -o <option-string>
              Pass specified options to arp-scan. You need  to  enclose  the  options  string  in
              quotes  if  it  contains spaces. e.g.  -o "-I eth1".  The commonly used options are
              --interface (-I) and --numeric (-N).

       -l     Fingerprint all hosts on the local network. You do not need to specify  any  target
              hosts if this option is given.

EXAMPLES

       $ arp-fingerprint 192.168.0.1
       192.168.0.1   01000100000     Linux 2.2, 2.4, 2.6

       $ arp-fingerprint -o "-N -I eth1" 192.168.0.202
       192.168.0.202 11110100000     FreeBSD 5.3, Win98, WinME, NT4, 2000, XP, 2003

NOTES

       arp-fingerprint is implemented in Perl, so you need to have the Perl interpreter installed
       on your system to use it.

SEE ALSO

       arp-scan(1)

       http://www.royhills.co.uk/wiki/ The arp-scan wiki page.

                                         October 27, 2022                      ARP-FINGERPRINT(1)