Is command arp-scan working with loopback?
Apparently command arp-scan is working with eth0 like :
sudo arp-scan –I eth0 -l
But this happens, when system is set-up with loopback :
sudo arp-scan --interface=lo --localnet
Delivers output :
[sudo] password für $user:
Interface: lo, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 16777216 hosts (
)
Why are here over 16 Million hosts scanned off each other one by one ? I did not intend that to sit directly at provider, while using command arp-scan ?
How can I limit 16 Mio hosts to just the recent 2.000 hosts ?
1 Answer
By using --localnet option of arp-scan, the hosts to scan are derived from the subnet configuration of the interface specified.
In your case, thats lo with a 127.0.0.1/8 address and subnet, which results in 16777216 possible addresses.
According to the man page of arp-scan, you can limit the amount of targets either by adding them on the commandline or make use of the --file option.
By the way, I don't think it makes a lot sense to arp-scan your loopback device.
