swisskyrepo
/
InternalAllTheThings
mirror of https://github.com/swisskyrepo/InternalAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17 from denandz/main 

Add nmap ARP scan and listing current entries in the linux ARP table
main
Swissky 2024-11-01 13:26:38 +01:00 committed by GitHub
parent 35e5d426b0 cc02896bd8
commit 630e2be43c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/cheatsheets/network-discovery.md
View File

@ -54,12 +54,27 @@ MDNS works by using multicast addresses to send DNS queries and responses. When
mdns-scan mdns-scan
``` ```
## ARP ## ARP
ARP (Address Resolution Protocol) is a networking protocol used to map IP addresses to MAC (Media Access Control) addresses on a local area network (LAN). ARP (Address Resolution Protocol) is a networking protocol used to map IP addresses to MAC (Media Access Control) addresses on a local area network (LAN).
* ARP scan * ARP neighbors
```ps1
:~$ ip neigh
192.168.122.1 dev enp1s0 lladdr 52:54:00:ff:0a:2c STALE
192.168.122.98 dev enp1s0 lladdr 52:54:00:ff:aa:bb STALE
```
* ARP scan with `nmap` - note, needs root privileges. Check what packets nmap is sending with `--packet-trace`
```ps1
:~# nmap -sn -n 192.168.122.0/24
Starting Nmap 7.93 ( https://nmap.org )
Nmap scan report for 192.168.122.1
Host is up (0.00032s latency).
MAC Address: 52:54:00:FF:0A:2C (QEMU virtual NIC)
```
* ARP scan with `arp-scan`
```ps1 ```ps1
root@kali:~# arp-scan -l root@kali:~# arp-scan -l
Interface: eth0, datalink type: EN10MB (Ethernet) Interface: eth0, datalink type: EN10MB (Ethernet)