macOS
brew install arp-scanlocal Homebrew formula metadata
sudo port install arp-scanMacPorts ports tree · net/arp-scan/Portfile · source: api.github.com
brew
ARP scanning and fingerprinting tool. Version 1.10.0 via Homebrew; verified from local package data.
install
brew install arp-scanlocal Homebrew formula metadata
sudo port install arp-scanMacPorts ports tree · net/arp-scan/Portfile · source: api.github.com
sudo apk add arp-scanAlpine Linux edge package indexes · arp-scan · source: dl-cdn.alpinelinux.org
sudo apt install arp-scanDebian stable package indexes · arp-scan · source: deb.debian.org
sudo dnf install arp-scanFedora Rawhide package metadata · arp-scan · source: dl.fedoraproject.org
nix profile install nixpkgs#arp-scannixpkgs package indexes · pkgs/by-name/ar/arp-scan/package.nix · source: api.github.com
sudo pacman -S arp-scanArch Linux sync databases · arp-scan · source: geo.mirror.pkgbuild.com
sudo zypper install arp-scanopenSUSE Tumbleweed package metadata · arp-scan · source: download.opensuse.org
overview
ARP scanning and fingerprinting tool
history
arp-scan is a C network scanning tool that discovers and fingerprints IPv4 hosts on a local network using ARP. Upstream documents support for Linux, BSD, macOS, and Solaris, and ships the companion commands `arp-fingerprint`, `get-oui`, and `mac-vendor` data handling.
Roy Hills' upstream changelog records version 1.4 on 2006-06-26 as the first stable public version, after internal versions 1.0 through 1.2 and a 1.3 beta. Early work quickly moved from Linux packet sockets toward portable link-layer support, adding BPF support for BSD and Darwin, Solaris DLPI work, IEEE OUI/IAB update scripts, and packet-generation tests.
The project moved from an internal SVN repository to GitHub in 2013 during the 1.9.2 cycle. That move also changed the development identifiers from increasing SVN revision IDs to Git object hashes and shifted public collaboration toward issues and pull requests.
Later releases kept the old-school Unix toolchain shape, using autoconf/automake, libpcap, manual pages, and text data files, while modernizing around security and portability. The 1.10.0 release added Linux POSIX.1e capability support, flexible output formatting, JSON/XML-format examples, and a consolidated IEEE registry file.
The README explicitly says many distributions provide binary packages and that BSD users may install from ports. The supplied facts show broad package-manager coverage across apk, Homebrew, Debian, Fedora/dnf, MacPorts, Nix, pacman, Ubuntu, and zypper, which matches its role as the canonical packaged ARP LAN scanner.
arp-scan became a package-manager staple because it solves a common administrator problem without requiring IP-layer cooperation: discovering hosts on the local Ethernet segment and mapping MAC prefixes to vendors. It is small enough for scripts, but detailed enough for security inventories, lab networks, appliance discovery, and duplicate-address investigations.
The core invocation sends ARP requests on a local link and prints responding IP/MAC/vendor rows. The README points users to `arp-scan --help` and the manual pages for `arp-scan(1)`, `arp-fingerprint(1)`, `get-oui(1)`, and `mac-vendor(5)`.
Packaging details matter because the executable needs raw-packet privileges. Upstream's packager notes ask Linux builders to enable libcap support when possible; `make install` can install `arp-scan` with `CAP_NET_RAW` or fall back to setuid root.
The tool's vendor lookup depends on local IEEE registry-derived files. Upstream has repeatedly updated its OUI/IAB handling as IEEE changed registry formats and URLs, and 1.10.0 moved `mac-vendor.txt` into the system configuration directory so local changes can survive upgrades.
arp-scan is the baseline package against which newer ARP scanners are compared. It is also a neat example of why network tools need package metadata beyond a homepage: raw socket privileges, capability installation, bundled data files, manual pages, and helper scripts all affect the package experience.
The name collision with arp-scan-rs is important: both may install an `arp-scan` command, but their upstreams, licenses, implementation languages, option sets, and release histories are distinct.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
arp-fingerprint | cli | global executable | |
arp-scan | cli | global executable | |
get-iab | cli | global executable | |
get-oui | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/royhills/arp-scan
install metadata
| Package key | brew:arp-scan |
|---|---|
| Version | 1.10.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/arp-scan |
| Homepage | https://github.com/royhills/arp-scan |
| Repository | https://github.com/royhills/arp-scan |
| Upstream docs | https://github.com/royhills/arp-scan#readme |
| License | GPL-3.0-or-later AND BSD-3-Clause AND ISC |
| Source archive | https://github.com/royhills/arp-scan/archive/refs/tags/1.10.0.tar.gz |
| Build dependencies | autoconf, automake |
| Uses from macOS | libpcap |
| Bottle | available (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | arp-scan |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Conflicts With |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
arp-scan 1.10.0-2+b1
arp scanning and fingerprinting tool
https://github.com/royhills/arp-scan
sudo apt install arp-scanarp-scan
nix profile install nixpkgs#arp-scanarp-scan 1.10.0-2build2
arp scanning and fingerprinting tool
https://github.com/royhills/arp-scan
sudo apt install arp-scanarp-scan 1.10.0-r2
Address Resolution Protocol (ARP) packet scanner
https://github.com/royhills/arp-scan
sudo apk add arp-scanarp-scan-doc 1.10.0-r2
Address Resolution Protocol (ARP) packet scanner (documentation)
https://github.com/royhills/arp-scan
sudo apk add arp-scan-docarp-scan 1.10.0-10.fc44
Scanning and fingerprinting tool
https://github.com/royhills/arp-scan
sudo dnf install arp-scanarp-scan 1.10.0-5
A tool that uses ARP to discover and fingerprint IP hosts on the local network
https://github.com/royhills/arp-scan
sudo pacman -S arp-scanarp-scan 1.10.0-1.13
ARP scanning and fingerprinting tool
https://github.com/royhills/arp-scan
sudo zypper install arp-scanarp-scan
sudo port install arp-scansource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.