Using the Linux arping command to ping local systems

The arping command is one of the lesser known commands that works much like the ping command.

The name stands for “arp ping” and it’s a tool that allows you to perform limited ping requests in that it collects information on local systems only. The reason for this is that it uses a Layer 2 network protocol and is, therefore, non-routable. The arping command is used for discovering and probing hosts on your local network.

If arping isn’t installed on your system, you should be able take care of that with one of these commands:

$ sudo apt install arping -y
$ sudo yum install arping -y

You can use it much like ping and, as with ping, you can set a count for the packets to be sent using -c (e.g., arping -c 2 hostname) or allow it to keep sending requests until you type ^c. In this first example, we send two requests to a system:

$ arping -c 2 192.168.0.7
ARPING 192.168.0.7 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.7 [20:EA:16:01:55:EB]  64.895ms
Unicast reply from 192.168.0.7 [20:EA:16:01:55:EB]  5.423ms
Sent 2 probes (1 broadcast(s))
Received 2 response(s)

Note that the response shows the time it takes to receive replies and the MAC address of the system being probed.

If you use the -f option, your arping will stop as soon as it has confirmed that the system is responding. That might sound efficient, but it will never get to the stopping point if the system—possibly some non-existent or shut down system—fails to respond. Using a small value is generally a better approach. In this next example, the command tried 83 times to reach the remote system before I killed it with a ^c, and it then provided the count.

$ arping -f 192.168.0.77
ARPING 192.168.0.77 from 192.168.0.11 enp0s25
^CSent 83 probes (83 broadcast(s))
Received 0 response(s)

For a system that is up and ready to respond, the response is quick.

$ arping -f 192.168.0.7
ARPING 192.168.0.7 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.7 [20:EA:16:01:55:EB]  82.963ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
Broadcast – send out for all to receive

The ping command can reach remote systems easily where arping tries but doesn’t get any responses. Compare the responses below.

$ arping -c 2 world.std.com
ARPING 192.74.137.5 from 192.168.0.11 enp0s25
Sent 2 probes (2 broadcast(s))
Received 0 response(s)

$ ping -c 2 world.std.com
PING world.std.com (192.74.137.5) 56(84) bytes of data.
64 bytes from world.std.com (192.74.137.5): icmp_seq=1 ttl=48 time=321 ms
64 bytes from world.std.com (192.74.137.5): icmp_seq=2 ttl=48 time=331 ms

—- world.std.com ping statistics —-
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 321.451/326.068/330.685/4.617 ms

Clearly, arping cannot collect information on the remote server.

If you want to use arping for a range of systems, you can use a command like the following, which would be fairly quick because it only tries once to reach each host in the range provided.

$ for num in {1..100}; do arping -c 1 192.168.0.$num; done
ARPING 192.168.0.1 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.1 [F8:8E:85:35:7F:B9]  5.530ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
ARPING 192.168.0.2 from 192.168.0.11 enp0s25
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
ARPING 192.168.0.3 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.3 [02:0F:B5:22:E5:90]  76.856ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
ARPING 192.168.0.4 from 192.168.0.11 enp0s25
Unicast reply from 192.168.0.4 [02:0F:B5:5B:D9:66]  83.000ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
…

Notice that we see some responses that show one response was received and others for which there were no responses.

Here’s a simple script that will provide a list of which systems in a network range respond and which do not:

#!/bin/bash

for num in {1..255}; do
    echo -n “192.168.0.$num “
    arping -c 1 192.168.0.$num | grep “1 response”
    if [ $? != 0 ]; then
        echo “”
    fi
done

Change the IP address range in the script to match your local network. The output should look something like this:

$ ./detectIPs
192.168.0.1 Received 1 response(s)
192.168.0.2 Received 1 response(s)
192.168.0.3 Received 1 response(s)
192.168.0.4 Received 1 response(s)
192.168.0.5
192.168.0.6 Received 1 response(s)
192.168.0.7 Received 1 response(s)
192.168.0.8
192.168.0.9 Received 1 response(s)
192.168.0.10
192.168.0.11 Received 1 response(s)

If you only want to see the responding systems, simplify the script like this:

#!/bin/bash

for num in {1..30}; do
    arping -c 1 192.168.0.$num | grep “1 response” > /dev/null
    if [ $? == 0 ]; then
        echo “192.168.0.$num “
    fi
done

Below is what the output will look like with the second script. It lists only responding systems.

$ ./detectIPs
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.6
192.168.0.7

The arping command makes checking a range of systems on a network quick and easy, and can be helpful when you want to create a map of your network.