-
Notifications
You must be signed in to change notification settings - Fork 154
/
ChangeLog
1504 lines (1000 loc) · 54.6 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2024-08-26 Roy Hills <[email protected]>
* configure.ac: Unconditionally add -Wextra to GCC and Clang compiler
options instead of using the GCC_WEXTRA macro. -Wextra was added in
GCC 3.4.0, which is 20 years old now, and has always been supported
by Clang. There are no supported systems with earlier GCC versions.
https://github.com/royhills/arp-scan/pull/190
* configure.ac: Unconditionally add -Wformat-security to GCC/Clang
compiler options instead of using the GCC_FORMAT_SECURITY macro.
https://github.com/royhills/arp-scan/pull/191
* m4/gcc-wextra.m4: Removed.
* m4/gcc-format-security.m4: Removed.
2024-08-14 Roy Hills <[email protected]>
* get-iab: removed. This script is no longer needed and was depreciated
in arp-scan 1.10.
https://github.com/royhills/arp-scan/pull/184
* ieee-oui.txt: Updated from IEEE registry. Total of 52119 MAC/Vendor
mappings (4575 IAB + 5461 MAM + 35971 OUI + 6112 OUI36).
https://github.com/royhills/arp-scan/pull/185
* configure.ac, m4/*: Move local autoconf macros from acinclude.m4
to seperate files under m4/, which is specified with
AC_CONFIG_MACRO_DIRS in configure.ac. configure.ac now requires
at least autoconf 2.70 (was previously 2.69).
2024-03-29 Roy Hills <[email protected]>
* arp-fingerprint: Added recent Windows and FreeBSD patterns.
2024-01-10 Roy Hills <[email protected]>
* arp-scan.c: Use printf() instead of warn_msg() for the "Target list
from interface" message so the output is sent to stdout instead of
stderr.
2024-01-04 Roy Hills <[email protected]>
* configure.ac, README.md: Require C compiler with C99 language support.
configure will exit with the error message "C compiler does not
support C99 standard" if C99 support is not present.
arp-scan currently uses C89 but use of C99 features is planned for
the next release.
https://github.com/royhills/arp-scan/pull/171
* arp-scan.c: flush stdout output buffer after displaying each response.
This ensures that responding hosts are seen immediately when reading
from a pipeline rather than having to wait until the output buffer
is filled.
https://github.com/royhills/arp-scan/pull/172
* Update copyright date for applicable files.
https://github.com/royhills/arp-scan/pull/173
* ieee-oui.txt: Updated from IEEE registry. Total of 50366 MAC/Vendor
mappings (4575 IAB + 5121 MAM + 34879 OUI + 5791 OUI36).
https://github.com/royhills/arp-scan/pull/174
* configure.ac, arp-scan.h: include <stdint.h> unconditionally and
remove autoconf checks for fixed width integer types now we can
assume C99 support. Removed include <sys/types.h> because <unistd.h>
makes it unnecessary.
https://github.com/royhills/arp-scan/pull/175
2023-10-22 Roy Hills <[email protected]>
* TODO: Moved all valid items from TODO to github issue with the
"From TODO file" label. Obsolete items removed. Note added
to indicate that the file is no longer used.
https://github.com/royhills/arp-scan/pull/169
* ieee-oui.txt: Updated from IEEE registry. Total of 49762 MAC/Vendor
mappings.
https://github.com/royhills/arp-scan/pull/170
2023-03-09 Roy Hills <[email protected]>
* arp-scan.c: Don't display the localnet info ("Target list from
interface: network X netmask Y") if the --plain option is given.
https://github.com/royhills/arp-scan/issues/158
2023-03-09 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h, arp-scan.1.dist: Added the ${IPnum} output
field, which displays the host IPv4 address as a 32-bit integer.
This permits sorting by IP address using simple numeric comparison.
Thanks to @gspannu for the feature request.
https://github.com/royhills/arp-scan/issues/156
2023-02-26 Roy Hills <[email protected]>
* arp-scan.c: Change the informational message about the interface
network and netmask used to generate the target list when
--localnet is used, and always display this message (previously
it was only displayed if --verbose was given).
2023-02-25 Roy Hills <[email protected]>
* arp-scan.c: Always warn if remove_host() is called on a non-live
host. This should never happen since the changes detailed in
github issue #67.
* wrappers.c, utils.c: Move my_lookupdev() function from wrappers.c
to utils.c where it belongs.
2023-02-18 Roy Hills <[email protected]>
* SECURITY.md: New file containing the security policy for reporting
potential security vulnerabilities.
* README.md, Makefile.am: Added references to SECURITY.md.
* README.md, NEWS.md, code-coverage.yml: Documentation updates.
2023-02-13 Roy Hills <[email protected]>
* README.md: Moved the Notes for Contributors section to new file
CONTRIBUTING.md.
* CONTRIBUTING.md: New file.
2023-02-12 Roy Hills <[email protected]>
* *.pcap, *.dat: Moved pcap data files and raw data files into
testdata subdirectory.
* Makefile.am, check-decode, check-error, check-host-list,
check-ieee-reg, check-options, check-packet: Modify paths of data
files to use new testdata subdirectory.
* testdata/README.md: new file describing the files in this directory.
* .github/workflows/code-coverage.yml: Increase --limit value from
1 to 10 to ensure consistent coverage.
2023-02-11 Roy Hills <[email protected]>
* Makefile.am, check-error, check-options, arp-scan.c: Add some
additional checks and stabilise the coverage percentage.
* pkt-too-short.pcap: New file.
* configure.ac: Use "#" instead of "dnl" for comments so they appear
in the generated "configure" file.
2023-02-10 Roy Hills <[email protected]>
* utils.c: Simplify the timeval_diff() function.
2023-02-09 Roy Hills <[email protected]>
* README.md, arp-fingerprint.1, arp-scan.1.dist, mac-vendor.txt:
Updated references to the arp-scan wiki URL to use the github
wiki at https://github.com/royhills/arp-scan/wiki.
2023-02-04 Roy Hills <[email protected]>
* arp-scan.h: Disable promiscuous mode on the network interface.
Promiscuous mode is not required to receive ARP response packets
because they are unicast packets directed to the scanning host.
Thanks to @annube for reporting this issue.
2023-02-03 Roy Hills <[email protected]>
* arp-scan.c: Call pcap_freecode() to free the BPF program after
calling pcap_setfilter(). Thanks to @icy17 for the issue report.
2023-01-28 Roy Hills <[email protected]>
* arp-scan.c, configure.ac: Call pledge(2) to force the process into
restricted-service mode once initial setup is complete if we have
the pledge() system call (currently only on OpenBSD). Thanks to
@sthen for the patch.
2023-01-27 Roy Hills <[email protected]>
* README.md: Updated.
2023-01-26 Roy Hills <[email protected]>
* mac-vendor.txt: Incorporate OpenBSD patch for version 1.10.0 to this
file to add CARP, IPv6 VRRPv3 and OpenBSD random MAC addresses.
Thanks to @sthen for the patch.
* link-bpf.c: Incorporate OpenBSD patch for version 1.10.0 to this
file to skip messages with incorrect version. This is applicable to
all BPF users (FreeBSD, OpenBSD, NetBSD, DragonflyBSD and macOS).
Thanks to @sthen for this patch.
* .github/workflows/c-cpp.yml, .github/workflows/code-coverage.yml:
Added "sudo make install" and "arp-scan -vv --localnet --limit=1"
to Ubuntu build and coveralls coverage run. This increases
code coverage by 7.4% on Linux.
* arp-scan.c, format.c, mt19937ar.c, utils.c, wrappers.c, check-error,
check-options, check-decode: Various checks and minor code changes
to increase code test coverage: Use assert() for things that should
never fail; added various tests; remove switch break statements that
obviously won't ever be reached (one left that's not obvious to
gcc 12.2). Removed unneeded code lines.
2023-01-14 Roy Hills <[email protected]>
* configure.ac: Change version number from 10.0.1 to 10.0.1-git.
From now on development versions will have "-git" appended to the
version number. So 10.0.0 is a release version, 10.0.1-git is the
development version, and 10.0.1 will be the next release version.
2023-01-14 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.1: Do not attempt to open ieee-oui.txt or
mac-vendor.txt in the current directory if stat() fails with EACCES
(permission denied). This can happen if the user does not have
execute (search) permission in the current directory due to running
a capabilities aware arp-scan build as root. Thanks to jaskij for
reporting this bug.
2023-01-07 Roy Hills <[email protected]>
* arp-fingerprint, arp-fingerprint.1: Added arp-fingerprint -m option
to include the target's MAC address in the output. Thanks to
Bogdan107 for the suggestion.
2022-12-18 Roy Hills <[email protected]>
* configure.ac: Increment version to 1.10.1 in preparation for
post-1.10.0 changes.
* get-oui: Display the underlying error message instead of giving a
generic error if the web download fails.
* ieee-oui.txt: Updated with latest IEEE registry data using modified
get-oui script. Total of 47430 MAC/Vendor mappings.
2022-12-10 Roy Hills <[email protected]>
* configure.ac: Set version to 1.10.0.
* Git: Tagged as 1.10.0
* ieee-oui.txt: Updated from IEEE website. Total of 47345 MAC/Vendor
mappings.
2022-12-01 Roy Hills <[email protected]>
* arp-scan.h: Make cap_status enum values explicit.
* configure.ac: Set version to 1.10-rc1.
2022-11-25 Roy Hills <[email protected]>
* Makefile.am: Add $(PACKAGE) to the PKGSYSCONFDIR macro definition
so arp-scan looks in the correct directory for the mac-vendor.txt
file. Thanks to Richard Hoyle for reporting this bug.
* error.c, format.c, link-bpf.c, link-dlpi.c, link-packet-socket.c,
wrappers.c, utils.c, arp-scan.c: Standardise code formatting.
2022-11-11 Roy Hills <[email protected]>
* Makefile.am: Added install-exec-hook to set the CAP_NET_RAW
capability on the arp-scan executable if "setcap" exists and
works. Otherwise falls back to setting the SUID bit.
2022-11-09 Roy Hills <[email protected]>
* check-error, check-options, Makefile.am: Added new tests to check
various options and error conditions.
* arp-scan.c, arp-scan.1.dist: Updated manpage and help text.
* pre-release-testing.txt: Removed unneeded and outdated file.
2022-11-07 Roy Hills <[email protected]>
* arp-scan.c: Changed C99 "for (int i=0..." syntax to C89
"for (i=0..." format. This caused errors with old toolchain e.g.
autoconf 2.69/gcc 4.9.2 on Debian Jessie.
* check-run1: Moved error checks to check-error.
* check-error: New file to check error conditions.
* Makefile.am: Updated list of test scripts.
* check-decode: Check for any hostname, not just "localhost"
because not all distros use that name.
* arp-scan.c, arp-scan.1.dist: Correct the short option letter
for the --macfile option. It was incorectly shown as "O"
when it should be "m".
2022-11-06 Roy Hills <[email protected]>
* Makefile.am: Install mac-vendor.txt to $(sysconfdir)/$(PACKAGE)
instead of $(pkgdatadir). With a default ./configure this will be
/usr/local/etc/arp-scan. For a binary package it will typically be
/etc/arp-scan. This change is because users may add local entries to
mac-vendor.txt that they want to preserve between package upgrades.
* arp-scan.c, arp-scan.1.dist: Update file paths for mac-vendor.txt.
* NEWS renamed to NEWS.md with NEWS symlink pointing to it.
* configure.ac, Makefile.am: use $(SED) variable, remove
AC_REVISION($Revision$) because git doesn't expand keywords.
Add AC_CONFIG_AUX_DIR([build-aux]) to declutter top level directory.
Changed AC_PREREQ() from 2.61 to 2.69.
2022-11-03 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h: Don't display long usage message for
unrecognised options and other simple issues, but display brief
message and exit instead. A brief error message is clearer than
half a page of usage text.
* check-run1: Added tests for unrecognised option and no target hosts.
2022-11-02 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.1.dist: Change --format short option character
from -k to -F. The -F character became free when the --iabfile
option was removed, and is a more logical choice.
*** This means anyone who has been using the old -k short option ***
*** for --format will need to change to the new -F option. ***
* arp-scan.c, check-decode: Print warning message for unavailable
--format fields in addition to unknown fields. Updated test.
* arp-scan.c, check-decode: Only print vendor field if present for
the default output format. Previously it printed NULL if --quiet
was specified. Added test to check-decode to check --quiet output.
2022-11-01 Roy Hills <[email protected]>
* arp-scan.h: Increase HASH_TABLE_SIZE from 50,000 to 70,000 due to
addition of IEEE MA-M and MA-S registries. ieee-oui.txt currently
contains 47028 entries of 70000 (67.2%).
* get-oui.1: renamed to get-oui.1.dist with PKGDATADIR substitution.
* check-ieee-reg: New file to test IEEE registry lookup.
* Makefile.am: Build man page "get-oui.1" from "get-oui.dist", added
check-ieee-reg test.
* get-oui: Changed IEEE URLs from http to https. This avoids an HTTP
redirect from the http to https site.
* ieee-oui.txt: Updated from IEEE website.
* strlcat.c: removed. arp-scan only uses strlcpy(), so we don't need
to ship replacement source code for strcat() as well.
* configure.ac, strlcpy.h: Removed references to strlcat.
2022-10-31 Roy Hills <[email protected]>
* get-oui: Changed to fetch registry data from all four IEEE registries
(MA-L, MA-M, MA-S and IAB), format appropriately for arp-scan, and
concatenate into ieee-oui.
* get-iab: No longer needed. Replaced with stub script that calls die.
* Makefile.am, check-decode, check-host-list: Removed get-iab / iabfile
references.
* arp-scan.c, arp-scan.h: Removed --iabfile option.
* README.md, arp-scan.1.dist, get-oui.1, mac-vendor.5, mac-vendor.txt:
Update text to reflect changes.
* get-iab.1: Removed. No longer needed.
* ieee-iab.txt: Removed. No longer needed.
* ieee-oui.txt: Updated to new combined registry format.
2022-10-30 Roy Hills <[email protected]>
* Makefile.am: Build man page "arp-scan.1" from "arp-scan.dist"
replacing all occurances of @pkgdatadir@ with the $pkgdatadir
variable that is set by configure. This ensures that the file
paths in the manpage arp-scan.1 reflect the paths on the system
where ./configure was run.
* arp-scan.1: renamed to arp-scan.1.dist with PKGDATADIR substitution.
2022-10-27 Roy Hills <[email protected]>
* arp-fingerprint.1, arp-scan.1, get-iab.1, get-oui.1, mac-vendor.5:
Standardised man page fonts, corrected some inaccuracies and removed
author section.
* Updated ieee-oui.txt and ieee-iab.txt files.
2022-10-25 Roy Hills <[email protected]>
* format.c: New file containing output format functions.
* Makefile.am: Added format.c source file to arp_scan_SOURCES
* utils.c: Added name_to_id() and str_ccmp() functions.
* arp-scan.c, arp-scan.h, arp-scan.1: Add --format option and output
fields processing code.
2022-10-24 Roy Hills <[email protected]>
* Makefile.am, check-decode: Added checks to test output format with
--rtt, --resolve, different ARP/header address, and locally
administered MAC address.
* pkt-diff-frame-addr.pcap, pkt-local-admin.pcap: New files for
above tests.
2022-10-23 Roy Hills <[email protected]>
* arp-scan.c, error.c arp-scan.c, error.c: Changed most fixed-length
strings to use dynamic length strings.
* utils.c: Changed make_message() to assume vsnprintf() behaves
according to POSIX. No need to accomodate bugs in ancient glibc
versions.
2022-10-09 Roy Hills <[email protected]>
* arp-scan.c: Added POSIX.1e capabilities support.
* configure.ac, acinclude.m4: Add autoconf tests for Linux libcap
POSIX.1e capabilities support. Incremented version to 1.9.9 to
reflect addition of POSIX.1e capabilities support.
* utils.c, arp-scan.h: New functions limit_capabilities() to limit the
permitted capabilities, set_capability() to enable and disable
capabilities, and drop_capabilities() to permanently drop all
capabilities. These functions use libcap if POSIX.1e capabilities
are supported otherwise they fall back to setuid() and seteuid().
2022-10-08 Roy Hills <[email protected]>
* Tagged as 1.9.8
* arp-scan.c: fix bug reported by mrquincle where ARP responses for
a host that had timed out was being incorrectly flagged as a
duplicate with the warning message "remove_host called on non-live
host: SHOULDN'T HAPPEN".
2022-10-07 Roy Hills <[email protected]>
* arp-scan.c, arp.scan.h: New option --resolve (-d) to resolve IP
addresses to hostnames. When this option is specified, responding
hosts will be displayed as hostnames instead of IP addresses if they
can be resolved.
* my_getopt.c, my_getopt.h: New getopt implementation using bsittler's
version from http://xent.com/~bsittler/geocities/.
* configure.ac: Modified to use new getopt implementation.
2022-10-05 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.1: Documented the exit status when --limit
is specified and fewer than the specified number of hosts respond.
2022-10-02 Roy Hills <[email protected]>
* acinclude.m4: fix typo in 'if test "X$CC" != "X"' checks.
2022-09-28 Roy Hills <[email protected]>
* arp-scan.c: Added --limit (-M) option. When this option is
given, arp-scan will exit after the specified number of target
hosts have responded. Thanks to mirfatif for suggesting this
enhancement.
* arp-scan.c: Don't increment number of responders for duplicate
response packets. The number of responders now represents the
number of responding hosts rather than the number of response
packets.
* pkt-dup-response.pcap: new file
* check-decode: Added duplicate response packet checks
* arp-scan.1: Updated manpage to reflect new --limit option.
2022-09-18 Roy Hills <[email protected]>
* check-decode, check-host-list, check-packet, check-run1: Changed
"$srcdir/arp-scan" to "./arp-scan" in test scripts so
"make distcheck" succeeds.
* .github/workflows/c-cpp.yml: Enable "make distcheck" step.
2022-09-14 Roy Hills <[email protected]>
* README.md, .github/workflows/*: Migrated from travis-ci to github
actions for CI/CD build check and code coverage report.
* .travis.yml: removed as no longer needed.
2022-09-11 Roy Hills <[email protected]>
* arp-scan.h, configure.ac, getopt.c, getopt1.c: only include
the local replacement getopt header file if the system doesn't
support getopt_long_only. Previously it was being included even
if it wasn't required.
* getopt.h: rename to my_getopt.h.
2022-09-10 Roy Hills <[email protected]>
* acinclude.m4: Replaced obsolete autoconf macros AC_TRY_COMPILE with
AC_COMPILE_IFELSE and AC_TRY_LINK with AC_LINK_IFELSE. These macros
were obsoleted in autoconf 2.70.
* strlcat.h: included this new file that was missed out of the previous
commit.
2022-09-09 Roy Hills <[email protected]>
* arp-scan.c: Die with error message if hsearch() fails when adding a
new entry to the hash table. Previous behaviour was to issue a
warning and continue.
* mt19937ar.c, mt19937ar.h, Makefile.am, arp-scan.h: Update Mersenne Twister
random number generator source code to latest version from
https://github.com/clibs/mt19937ar
* strlcat.c, strlcpy.c: Updated from latest OpenBSD source.
* strlcat.h: New file containing function prototypes for strlcat() and strlcpy().
2022-09-03 Roy Hills <[email protected]>
* arp-scan.c: Allow MAC addresses in mac-vendor.txt to use either lower
or uppercase hex digits and ignore any seperator characters e.g. ":"
or "-". This allows normal format MAC addresses such as those output
by arp-scan to be used directly in the mac-vendor.txt file.
* mac-vendor.txt: Update comments to reflect code changes.
2022-06-16 Roy Hills <[email protected]>
* get-iab: change IEEE IAB URL to
http://standards-oui.ieee.org/iab/iab.txt. Thanks to silex for the
pull request.
* Updated ieee-oui.txt and ieee-iab.txt files.
2021-12-12 Roy Hills <[email protected]>
* arp-scan.c: Limit packet length in callback() to prevent potential
buffer overrun in unmarshal_arp_pkt() if network frames larger
than expected are received by libpcap. Thanks to @mrquincle for
reporting this issue.
2021-11-17 Roy Hills <[email protected]>
* Use getifaddrs() to obtain the interface IP address if it is available
and pcap_findalldevs() fails to find the address.
This is typically needed for device aliases such as "eth0:0" on Linux
which are not supported by pcap_findalldevs() and would previously
cause an error.
* Increment version number to 1.9.8 to reflect code and autoconf
changes.
2021-09-09 Roy Hills <[email protected]>
* Retry sending an ARP packet if the packet send function fails with
EAGAIN instead of aborting with an error message. High packet send
rates can cause sendto() to fail occasionally with EAGAIN due to
temporary resource starvation. Thanks to gessel for reporting this
problem.
--retry-send (default 3) specifies the number of retries.
--retry-send-interval (default 10ms) sets the delay between retries.
* Minor code cleanup to fix spelling, remove trailing whitespace,
fix shellcode warnings and update license file. Thanks to a1346054
for the pull request.
* Updated ieee-oui.txt and ieee-iab.txt files.
2020-07-05 Roy Hills <[email protected]>
* README.md, arp-fingerprint.1, arp-scan.1, get-iab.1, get-oui.1,
mac-vendor.5, mac-vendor.txt: Update wiki references to use
new URL http://www.royhills.co.uk/wiki/
2019-10-24 Roy Hills <[email protected]>
* configure.ac: Increment version number to 1.9.7 in preparation for
new release.
* configure.ac, acinclude.m4: Tidy up: remove obsolescent and unused
autoconf macros.
* Modified copyright statement in files to include up to 2019.
2019-10-20 Roy Hills <[email protected]>
* arp-scan.c: Call the pcap functions before get_hardware_address() to
ensure lack of permissions is reported by pcap_activate() rather
than by the link specific get_hardware_address(). This will give
consistent error messages across different platforms.
Improve diagnostic message for pcap_activate() errors and warnings.
* arp-scan.h: Changed pcap_set_timeout() value from 0 to 1000ms.
Removed ARRAY_SIZE macro which is no longer used.
* .gitignore: Added config.h.in~ to .gitignore.
2019-10-13 Roy Hills <[email protected]>
* arp-scan.c: Call pcap_set_immediate_mode() on the pcap handle so
captured packets are processed immediately. This pcap function was
added in libpcap 1.5.0, so this and future versions of arp-scan
require libpcap 1.5.0 or later. Thanks for @cleoo for reporting the
bug in arp-scan 1.9.5 on Arch Linux 2019.10.01 x64, and to
@guyharris for providing the solution.
* arp-scan.c: Remove ioctl workarounds for BSD with BPF and Solaris
with DLPI that were used to ensure immediate packet delivery. These
workarounds are superseded by pcap_set_immediate_mode().
* wrappers.c: New function my_lookupdev() to replace pcap_lookupdev()
which is depreciated in libpcap 1.9.0 and later.
* configure.ac: Remove ARP_PCAP_BPF and ARP_PCAP_DLPI defines, as these
are no longer used after the removal of the ioctl workarounds.
* configure.ac: Change pcap compatibility test to check for
pcap_set_immediate_mode instead of pcap_create to test for libpcap
1.5.0 or later.
* configure.ac: Increment version number to 1.9.6 to reflect the
libpcap API change.
* Updated ieee-oui.txt and ieee-iab.txt files.
2019-08-29 Roy Hills <[email protected]>
* arp-scan.c: include the interface MAC address in the interface
summary output. E.g.
Interface: ens33, datalink type: EN10MB (Ethernet), MAC Addr: 00:0c:29:01:0d:21
* Updated ieee-oui.txt and ieee-iab.txt files.
2019-03-16 Roy Hills <[email protected]>
* acinclude.m4: Use AC_TRY_LINK instead of AC_TRY_COMPILE when
determining if tack protector support is supported, as some
operating system may lack the libssp library. Thanks to
ffontaine for this pull request.
* Updated ieee-oui.txt and ieee-iab.txt files.
2017-07-19 Roy Hills <[email protected]>
* Print "locally administered" for qualifing OUIs. Thanks to sanderjo
for this pull request.
2017-05-29 Roy Hills <[email protected]>
* Updated ieee-oui.txt and ieee-iab.txt files.
2016-09-03 Roy Hills <[email protected]>
* arp-scan.c: Use the new libpcap 1.0 API functions pcap_create(),
pcap_set_XXX(), pcap_activate() instead of the old pcap_open_live().
This requires libpcap 1.0 or later, so this and future versions of
arp-scan will not work with libpcap 0.9 or earlier.
* configure.ac: Change pcap compatibility test to check for pcap_create
instead of pcap_sendpacket to test for libpcap 1.0 or later.
* configure.ac: Increment version number to 1.9.5 to reflect the
libpcap API change.
* Modified copyright statement in files to include up to 2016.
2016-08-31 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h: Merge changes by tissieres to use
source_mac rather than interface_mac in the pcap filter. This
requires us to enable promiscuous mode to ensure that the
ARP replies are received.
* configure.ac: Increment version number to 1.9.4 to reflect the
changes made since 2016-08-13.
2016-08-30 Roy Hills <[email protected]>
* arp-fingerprint: Merge changes by Rhig to add "-l" option.
* arp-fingerprint: Added patterns for FreeBSD 10.3, DragonflyBSD 4.6,
Windows10, Linux 4.0, Linux 4.6, OpenBSD 5.9, NetBSD 7.0.
2016-08-22 Roy Hills <[email protected]>
* configure.ac: Remove function replacement for inet_aton, as all
systems I'm aware of have this function now. This replacement
was needed for Solaris 8, but Solaris 10 does not need it and I
doubt that anyone is still using versions of Solaris prior to 10.
* inet_aton.c: Removed.
2016-08-20 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h: Use posix hash table functions hcreate(),
hsearch() and hdestroy() instead of the gas hash table code.
* hash.c, hash.h, obstack.c, obstack.h: Removed.
2016-08-13 Roy Hills <[email protected]>
* get-oui, get-oui.1, arp-scan.1: Update IEEE OUI download location.
* ieee-oui.txt: Updated from IEEE website using modified script.
* check-decode: Updated manufacturer names to match updated OUI file.
* configure.ac: Increased version number from 1.9.2 to 1.9.3 to
reflect the various changes made on github between Aug 2013 and
Aug 2016.
* acinclude.m4: Assume long long int format is %lld if cross compiling.
* arp-scan.c: Correct warning message for invalid IP addresses to avoid
segmentation violation.
2015-11-13 Roy Hills <[email protected]>
* get-iab: Read the OUI from the data in the file instead of using
the constant 24-bit number 0050C2. This is required because the
0050C2 IEEE OUI has been fully used, and allocations have started
from the 40D855 IEEE OUI.
* *.c: Removed unneeded trailing whitespace in source code. Thanks
to "jubalh" for this pull request.
* arp-scan.c, check-run1: Change --help and --version options to output
to stdout (fd 0) instead of stderr (fd 1) in accordance with GNU
Coding Standards section 4.7, "Standards for Command Line Interfaces".
Thanks to "srdja" for this pull request.
* get-oui, get-iab: omit trailing whitespace from ieee-oui.txt and
ieee-iab.txt files.
* ieee-oui.txt, ieee-iab.txt: Updated from IEEE website using modified
scripts.
2013-12-02 Roy Hills <[email protected]>
* link-packet-socket.c: Die with an error if we can't open a raw
packet socket to obtain the interface MAC address. This avoids
a segmentation violation on Linux if we try to run arp-scan against
a specific interface without the required privileges.
2013-12-02 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h arp-scan.1: Added new --randomseed option,
which allows the random numer generator to be seeded with a specific
value.
* arp-scan.c, arp-scan.h, utils.c: Removed --debug (-d) option. This
has not been used for years, and the associated debug code was
causing more clutter than it was worth.
* check-host-list: Added test to check generation of random host list.
2013-12-01 Roy Hills <[email protected]>
* configure.ac, .gitignore: Added configure option --enable-gcov to
enable gcov code coverage.
2013-11-12 Roy Hills <[email protected]>
* arp-fingerprint: Added fingerprint for Cisco IOS 15.0.
2013-11-02 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.1: Added new --plain (-x) option to supress
printing of header and footer text, and only display one output
line for each responding host. Idea from Stefan Tomanek's arp-scan
fork on github at https://github.com/wertarbyte/arp-scan.
2013-09-21 Roy Hills <[email protected]>
* get-oui, get-iab: Use LWP::UserAgent instead of LWP::Simple to enable
us to obtain the raw content rather than the decoded content. This
avoids Unicode/UTF-8 issues caused by a change in behaviour between
LWP 5.813 on Debian Lenny and 5.836 on Debian Squeeze.
* ieee-oui.txt, ieee-iab.txt: Updated from IEEE website using modified
scripts.
2013-09-05 Roy Hills <[email protected]>
* arp-fingerprint: Added fingerprint for WIZnet W5100 on Arduino
Ethernet shield.
2013-09-05 Roy Hills <[email protected]>
* configure.ac: Change the bug-report string in AC_INIT from the
arp-scan email address to the github URL.
* Added references to the github repository in various files in
place of the arp-scan email address.
* Updated ieee-oui.txt and ieee-iab.txt files.
2013-08-15 Roy Hills <[email protected]>
* Removed $Id$ keywords from all files, and associated rcsid variables
from C source. These are not really needed and they don't work with
git.
* check-run1: Added GPL licence text, which had been accidentally
ommitted when the script was written.
* configure.ac: Incremented version to 1.9.2 to distinguish new
version under git revision control.
* .gitignore: new file containing file patterns that should not be
committed to the repository.
2013-08-15 Roy Hills <[email protected]>
* ChangeLog: Removed pointless id keywords.
* Final SVN revision before migration to git.
2013-07-25 Roy Hills <[email protected]>
* Released arp-scan version 1.9.
tarball arp-scan-1.9.tar.gz, size 488442 bytes
md5sum 38584d6c1edfa9f6b41d496e4a5539f1
* configure.ac: Incremented version to 1.9.1.
2013-07-24 Roy Hills <[email protected]>
* ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from
IEEE website using get-oui and get-iab Perl scripts.
* configure.ac: Incremented version number to 1.9.
* NEWS: Updated with latest changes.
2013-05-09 Roy Hills <[email protected]>
* ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from
IEEE website using get-oui and get-iab Perl scripts.
* Built with autoconf 2.69 and automake 1.11 from Debian Wheezy to
add support for ARM 64 bit CPU architecture and remove configure
warnings about conftest.dSYM on MacOS X.
2013-05-03 Roy Hills <[email protected]>
* arp-fingerprint: Added FreeBSD 8.2, FreeBSD 9.1, DragonflyBSD 3.0,
DragonflyBSD 3.2, Linux 3.2, Linux 3.8, NetBSD 5.1, NetBSD 6.0,
OpenBSD 4.8, OpenBSD 5.1 and RiscOS 5.19.
* NEWS: Updated with changes since last release.
* configure.ac: Incremented version number to 1.8.4.
2013-04-25 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h: Changed arp-scan to use the libpcap
function pcap_sendpacket() instead of our own link-layer specific
link_send() functions. This means that we now require libpcap
version 0.9.3 or later.
* link-bpf.c, link-dlpi.c, link-packet-socket.c: Removed unneeded
link-layer specific link_send() functions. Changed link_open()
and link_close() functions to static, and modified
get_hardware_address() and get_source_ip() functions to call
link_open/link_close directly. Included link_t typedef in
link_handle struct declaration.
* configure.ac: Change the libpcap function check from
pcap_lib_version() to pcap_sendpacket(), to ensure that we have
a recent enough version of libpcap.
* arp-scan.c: New function get_source_ip() to get the interface IP
address using platform-independent code.
* link-bpf.c, link-dlpi.c, link-packet-socket.c: Removed unneeded
link-layer specific get_source_ip() functions.
2013-04-15 Roy Hills <[email protected]>
* Modified copyright statement in files to include up to 2013.
* get-oui, get-iab: Modified regex to allow optional whitespace at
the beginning of line.
* ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from
IEEE website using get-oui and get-iab Perl scripts.
* check-decode: Updated for new IEEE OUI vendors.
* configure.ac: Incremented version number to 1.8.3.
* arp-scan.c: Removed unneeded errlen declaration to avoid "set but
not used" warning with GCC 4.6 and later.
2013-01-01 Roy Hills <[email protected]>
* arp-fingerprint: Added Windows 8
2012-08-08 Roy Hills <[email protected]>
* configure.ac: Added OS pattern for Dragonfly BSD.
2012-06-06 Roy Hills <[email protected]>
* arp-fingerprint: Added fingerprint for BeOS.
2012-05-29 Roy Hills <[email protected]>
* arp-scan.c: Copy the pcap_header->ts structure to a temporary
struct timeval before passing to timeval_diff during rtt calculation.
We can't pass a pointer to pcap_header->ts directly to timeval_diff
because it's not guaranteed to have the same size as a struct
timeval. E.g. OpenBSD 5.1 on amd64. Thanks to Stuart Henderson at
OpenBSD for spotting this bug.
2012-05-20 Roy Hills <[email protected]>
* get-oui, get-iab: Applied patch from Stuart Henderson at OpenBSD.
This allows the -u (alternative URL) option to be correctly handled,
and changes the default URLs to the new locations on the IEEE
website (the old locations still work, but with a redirect).
* ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from
IEEE website using get-oui and get-iab Perl scripts.
2011-12-30 Roy Hills <[email protected]>
* arp-scan.c, arp-scan.h, arp-scan.1: If the location of the various
MAC/Vendor mapping files (IEEE OUI, IEEE IAB or custom) are not
specified on the command line with the appropriate option, then
look for them in the current directory before looking in the system
wide location.
* ieee-oui.txt, ieee-iab.txt: Updated IEEE OUI and IAB listings from
IEEE website using get-oui and get-iab Perl scripts.
* check-decode: Updated patterns to reflect vendor name changes in
latest IEEE OUI file.
2011-12-18 Roy Hills <[email protected]>
* configure.ac: Incremented version to 1.8.2
2011-09-27 Roy Hills <[email protected]>
* arp-scan.h, arp-scan.c, arp-scan.1: Added new option --rtt (-D) to
calculate and display the packet round-trip time.
2011-08-18 Roy Hills <[email protected]>
* arp-scan.h, arp-scan.1: Raised default timeout from 100ms to 500ms.
It is suspected that the default timeout is too short in some
situations, and this may be one of the causes of duplicate responses.
* arp-scan.h, link-bpf.c: Include <net/bpf.h> before arp-scan.h in
link-bpf.c, and remove conditional inclusion of <net/bpf.h> in
arp-scan.h. This causes <net/bpf.h> to be included before <pcap.h>
on all systems that use BPF, e.g. BSD and MacOS. This should prevent
the problems that occur on some of these systems, and remove the need
for conditional inclusion to prevent them.
* arp-fingerprint: Added additional fingerprint for Linux 2.6 on
Amazon Kindle.
2011-07-31 Roy Hills <[email protected]>
* arp-fingerprint: Added fingerprint for GNU/Hurd
2011-07-04 Roy Hills <[email protected]>
* Makefile.am: Added pkt-custom-request-vlan-llc.dat to EXTRA_DIST.
2011-03-07 Roy Hills <[email protected]>
* configure.ac: Incremented version to 1.8.1.
2011-03-01 Roy Hills <[email protected]>
* Released arp-scan version 1.8.
tarball arp-scan-1.8.tar.gz, size 430221 bytes
md5sum be8826574ec566217eb7ca040fe472f9