LinuxCommandLibrary

arping

Discover hosts on a local network

TLDR

Ping a host by ARP request packets

$ arping [host_ip]
copy

Ping a host on a specific [I]nterface
$ arping -I [interface] [host_ip]
copy

Ping a host and [f]inish after the first reply
$ arping -f [host_ip]
copy

Ping a host a specific number ([c]ount) of times
$ arping -c [count] [host_ip]
copy

Broadcast ARP request packets to update neighbours' ARP caches ([U]nsolicited ARP mode)
$ arping -U [ip_to_broadcast]
copy

[D]etect duplicated IP addresses in the network by sending ARP requests with a 3 second timeout
$ arping -D -w [3] [ip_to_check]
copy

SYNOPSIS

arping [-FfqvDAB] [-c count] [-w timeout] [-I device] [-s sender_ip] [-S sender_hw] [-d dup_hw] [-u] [-p proto] [-t target_ip] [-T target_hw] [hostname]

PARAMETERS

-F, --hw-filter
    Use hardware address filtering (default).

-f, --quit
    Quit after first ARP reply.

-q, --quiet
    Suppress output except errors.

-v, --verbose
    Increase verbosity.

-D, --duh-mode
    Display results like classic arp(1).

-A, --awake
    Send ARP wake-on-LAN packets.

-B, --broadcast
    Send ARP broadcast packets.

-c, --count=N
    Send N packets (default 1).

-w, --wait=timeout
    Timeout in seconds (default 3).

-I, --device=ifname
    Bind to network interface.

-s, --source=IP
    Source IP address.

-S, --source-hw=HW
    Source hardware (MAC) address.

-d, --dup-hw=HW
    Detect duplicate hardware addresses.

-u, --unsolicited
    Send unsolicited ARP replies.

-p, --proto=proto
    Protocol: IPv4 or IPv6.

-t, --target=IP
    Target IP address.

-T, --target-hw=HW
    Target hardware (MAC) address.

DESCRIPTION

arping is a Linux utility for sending ARP (Address Resolution Protocol) Request packets to a specified IP address on the local network and listening for ARP Reply packets. It helps discover active hosts, their MAC addresses, and detect issues like duplicate IPs on the same layer 2 network segment.

Unlike ping, which relies on ICMP over routed IP networks, arping operates purely at the Ethernet/ARP layer, limiting its scope to the local broadcast domain or VLAN. It's invaluable for troubleshooting connectivity, mapping MAC-to-IP mappings, generating wake-on-LAN packets, or probing for ARP cache poisoning.

Key features include customizable source/target IPs and MACs, packet counts, timeouts, duplicate detection, and modes like unsolicited ARP or hardware filtering. Replies display the responding host's IP, MAC, and device info. Requires raw socket privileges (CAP_NET_RAW), typically necessitating root or sudo. Output is concise: success shows sender/receiver details; no reply indicates inactive host or firewall blocks.

Common use: arping -c 3 -I eth0 192.168.1.1 sends 3 probes via eth0.

CAVEATS

Requires raw socket privileges (sudo typically needed). Limited to local L2 network; does not cross routers. Firewalls or ARP spoofing can interfere. IPv6 support experimental.

EXAMPLES

arping -I eth0 -c 5 192.168.1.1: Probe host 5 times via eth0.
arping -D -u -c 3 192.168.1.255: Detect duplicates on subnet broadcast.

EXIT CODES

0: OK, reply received.
1: Unspecified error.
2: No reply.

HISTORY

Developed by Alexey Kuznetsov as part of the iputils package (~2000, Linux 2.4 era). Maintained in iputils/iputils-sctp; evolved for IPv6 and enhanced probing modes.

SEE ALSO

ping(8), arp(8), ip(8)

Copied to clipboard