Show MAC in arp-fingerprint
Bogdan107 opened this issue · comments
I monitor devices in local network by arp-scan --local
and register each MAC in database.
I want to register also fingerprints for each MAC.
I need to use 2 commands:
arp-scan --local
- to get list of MAC's;arp-fingerprint -l
- to get fingerprints.
The arp-fingerprint
command already use MAC addresses inside and can put MACs into output.
With MAC addresses in the output, I can use only 1 command.
May you add MAC addresses to result of arp-fingerprint
command?
Feature request:
Add --mac
or -m
command line argument to arp-fingerprint
command, which enable MAC addresses in to results.
Actual result:
# arp-fingerprint -l
192.168.0.1 11110101100 UNKNOWN
Expected result:
# arp-fingerprint -l -m
192.168.0.1 AA:BB:CC:DD:EE:FF 11110101100 UNKNOWN
or
# arp-fingerprint -l -m
AA:BB:CC:DD:EE:FF 192.168.0.1 11110101100 UNKNOWN
Thank you for your suggestion.
The arp-fingerprint command already use MAC addresses inside
Not quite: arp-scan
uses MAC addresses, but arp-fingerprint
doesn't currently use MAC addresses at all. But it should be able to obtain the appropriate MAC address by parsing the arp-scan
output.
arp-fingerprint
hasn't been updated since version 1.9.3, so it is due an update. I'll link a pull-request for changes to this ticket.
Initial changes on arp-fingerprint-changes
branch.
Test network:
192.168.14.1 VMware virtual host adapter
192.168.14.2 VMware NAT gateway
192.168.14.130 Windows 11
192.168.14.137 FreeBSD 13
192.168.14.159 Fedora 37
192.168.14.254 VMware DHCP
Results:
rsh@bookworm:~$ arp-fingerprint -l
192.168.14.1 00:50:56:c0:00:08 01010100000 Linux 2.2, 2.4, 2.6, 3.2, 3.8, 4.0, 4.6, Vista, 2008, Windows7, Windows8, Windows10
192.168.14.2 00:50:56:e4:9a:83 10010000000 UNKNOWN
192.168.14.130 00:0c:29:eb:47:f7 01010100000 Linux 2.2, 2.4, 2.6, 3.2, 3.8, 4.0, 4.6, Vista, 2008, Windows7, Windows8, Windows10
192.168.14.137 00:0c:29:b9:43:1b 11110000000 Linux 2.0, MacOS 10.4, IPSO 3.2.1, Minix 3, Cisco VPN Concentrator 4.7, Catalyst 1900, BeOS, WIZnet W5100
192.168.14.159 00:0c:29:a1:30:b0 01010100000 Linux 2.2, 2.4, 2.6, 3.2, 3.8, 4.0, 4.6, Vista, 2008, Windows7, Windows8, Windows10
192.168.14.254 00:50:56:eb:4e:ec 11110111111 PIX OS 6.0, 6.1, 6.2, ScreenOS 5.0 (transparent), Plan9, Blackberry OS
I think, that command arp-fingerprint
was used in the other systems for a very long time. For example, this command may be used in the monitoring tools, like Zabbix.
This function, activated in the program without an additional option, such as --mac
or -m
, can violate all software systems that use the arp-fingerprint tool.
May you turn on this function as an option that is activated by a separate argument?
May you turn on this function as an option that is activated by a separate argument?
Agreed that we shouldn't break other tools/scripts by changing the output format. I've added a -m
option to include the MAC address in the output:
rsh@bookworm:~$ arp-fingerprint 192.168.14.1
192.168.14.1 01010100000 Linux 2.2, 2.4, 2.6, 3.2, 3.8, 4.0, 4.6, Vista, 2008, Windows7, Windows8, Windows10
rsh@bookworm:~$ arp-fingerprint -m 192.168.14.1
192.168.14.1 00:50:56:c0:00:08 01010100000 Linux 2.2, 2.4, 2.6, 3.2, 3.8, 4.0, 4.6, Vista, 2008, Windows7, Windows8, Windows10
The changes have been pushed to master.
Closing ticket as resolved.