Some systems choose to block the ICMP traffic, which can result in them not appearing in a ping scan. Any system on your local network, however, must respond to ARP requests if they are going to communicate with additional machines on the network. This gives you an additional option for system enumeration when you are on the local network segment.
First, you install a tool, which will allow you to issue arbitrary arp
requests. There are many tools like this, but we are going to use arp-scan
, since it allows you to specify entire netblocks rather than just individual IP addresses:
$ sudo apt-get install arp-scan
Now you can actually use the tool to scan your local network segment:
$ sudo arp-scan 192.168.1.0/24 Interface: eth0, datalink type: EN10MB (Ethernet) Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) 192.168.1.1 44:d9:e7:9b:a2:9d (Unknown) 192.168.1.2 40:8d:5c:4b:85:d9 (Unknown) 192.168.1...