Back to Commands

arping

networkinglinux
The arping command is one of the most frequently used commands in Linux/Unix-like operating systems. arping The arping command sends ARP (Address Resolution Protocol) requests to a neighboring host or gateway and displays the responses. It is useful for network troubleshooting, checking for duplicate IP addresses, and confirming connectivity at the link layer.
See ExamplesView Syntax

Quick Reference

Command Name:

arping

Category:

networking

Platform:

linux

Basic Usage:

arping [options] [arguments]

Common Use Cases

  • 1

    Network connectivity testing

    Test if a host is reachable on the local network

  • 2

    ARP table verification

    Verify ARP cache entries and detect IP conflicts

  • 3

    Network troubleshooting

    Diagnose network connectivity issues at the link layer

  • 4

    Security monitoring

    Detect unauthorized devices on the network

Syntax

arping [options] destination

Options

Option Description
-A Send ARP REPLY packets (gratuitous ARP)
-b Send ARP requests to broadcast MAC address
-c count Stop after sending count ARP requests
-D Duplicate address detection mode
-f Stop after receiving first reply
-h MAC Set source MAC address
-I interface Specify network interface to use
-i interval Seconds between requests (default: 1)
-q Quiet output (only summary)
-s source Set source IP address
-t MAC Set target MAC address
-U Show only unique responses
-v Verbose output
-w timeout Time to wait for a response in seconds
-W timeout Time to wait for a response in milliseconds

Examples

How to Use These Examples

The examples below show common ways to use the arping command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

Basic Examples:

Send ARP request to an IP address
sudo arping 192.168.1.1
Specify the network interface to use
sudo arping -I eth0 192.168.1.1
Send a specific number of requests (5)
sudo arping -c 5 192.168.1.1
Set the interval between requests (2 seconds)
sudo arping -i 2 192.168.1.1
Stop after receiving the first reply
sudo arping -f 192.168.1.1

Advanced Examples:

Check for duplicate IP address (ARP probe)
sudo arping -D -I eth0 192.168.1.100
Send gratuitous ARP (announce your MAC address)
sudo arping -A -I eth0 192.168.1.10
Use a specific source IP address
sudo arping -s 192.168.1.5 -I eth0 192.168.1.1
Specify source MAC address (useful for testing)
sudo arping -h 00:11:22:33:44:55 -I eth0 192.168.1.1
Query specific MAC address for an IP
sudo arping -t 00:11:22:33:44:55 -I eth0 192.168.1.1
Only display unique responses (filter duplicates)
sudo arping -U -I eth0 192.168.1.1
Verbose output showing MAC address vendor information
sudo arping -v -I eth0 192.168.1.1
Broadcast mode (who-has the IP address?)
sudo arping -b -I eth0 192.168.1.1
Check for multiple hosts on network (use with caution on busy networks)
for i in {1..254}; do sudo arping -c 1 -f 192.168.1.$i & done

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

Understanding ARP:

Address Resolution Protocol (ARP) is used to map IP addresses to MAC (hardware) addresses on a local network. The arping command works at layer 2 (Data Link Layer) of the OSI model and is used to send ARP requests directly.

Common Use Cases:

  • Troubleshooting network connectivity issues: When ping fails, arping can help determine if the problem is at the IP layer or lower
  • Detecting duplicate IP addresses: Use with the -D flag to check if an IP address is already in use
  • Wake-on-LAN preparation: Send ARP packets to ensure a device's MAC address is in neighboring devices' ARP cache
  • Network reconnaissance: Discover active hosts on a local network
  • Updating ARP caches: Force devices to update their ARP tables with gratuitous ARP (-A option)

Different Operation Modes:

  • Standard mode: Send ARP "who-has" requests and wait for replies
  • Duplicate address detection (-D): Check if an IP address is already in use
  • Gratuitous ARP (-A): Announce your MAC address for a specific IP
  • Broadcast mode (-b): Send to the broadcast MAC address instead of a specific target

Understanding Output:

The typical output of arping shows:

  • The number of bytes sent in each request
  • The MAC address of the responding device
  • The round-trip time (RTT) for each request/reply pair
  • A summary showing packets transmitted, received, and packet loss percentage

Permissions Required:

Most implementations of arping require root privileges (or CAP_NET_RAW capability) to create raw sockets. This is why the command typically needs to be run with sudo.

Different Implementations:

There are several implementations of arping with slightly different options:

  • iputils-arping: The most common version on Linux systems
  • arping by Thomas Habets: A different implementation with some unique features

To check which version you have, use arping -h or arping --version.

Interpreting Results:

  • No response: Device may be offline, blocked by a firewall, or not on the local network segment
  • Multiple responses from different MAC addresses: Could indicate a duplicate IP address
  • Responses from unexpected MAC address: Possible ARP spoofing or incorrect network configuration

Complementary Tools:

  • ping: Test connectivity at IP layer (layer 3)
  • ip neighbor: View and manipulate the kernel's ARP table
  • arp: Older command to display and modify the ARP cache
  • arp-scan: More comprehensive tool for scanning networks using ARP
  • tcpdump: Capture and analyze ARP packets

Limitations:

  • Only works on local networks (doesn't cross routers)
  • Not all devices respond to ARP requests (some may ignore them for security)
  • Results can be affected by ARP spoofing or proxy ARP
  • Some versions may not support all options listed

Useful Tips:

  • Always specify the interface with -I when working on multi-homed systems
  • Use -c to limit the number of requests to avoid unnecessary network traffic
  • When troubleshooting, use -v for more detailed output
  • For quick connectivity tests, use -f to stop after the first reply
  • In scripts, use -q for quieter output that's easier to parse

Security Considerations:

  • Excessive ARP traffic can trigger security alerts in network monitoring systems
  • Gratuitous ARP can be used for legitimate purposes but is also used in ARP spoofing attacks
  • Many networks now implement ARP inspection to detect suspicious ARP activity

Common Use Cases

Network connectivity testing

Test if a host is reachable on the local network

ARP table verification

Verify ARP cache entries and detect IP conflicts

Network troubleshooting

Diagnose network connectivity issues at the link layer

Security monitoring

Detect unauthorized devices on the network

Network device discovery

Find active devices on the local network segment

Related Commands

These commands are frequently used alongside arping or serve similar purposes:

ping
arp
ip
nmap
arp-scan
tcpdump
traceroute
ifconfig
Explore All Commands

Use Cases

1

Network connectivity testing

Test if a host is reachable on the local network

2

ARP table verification

Verify ARP cache entries and detect IP conflicts

3

Network troubleshooting

Diagnose network connectivity issues at the link layer

4

Security monitoring

Detect unauthorized devices on the network

5

Network device discovery

Find active devices on the local network segment

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the arping command works in different scenarios.

See ExamplesTry Lab Exercises
$ arping
View All Commands