OnWorks favicon

arp-fingerprint - Online in the Cloud

Run arp-fingerprint in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command arp-fingerprint that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



arp-fingerprint - Fingerprint a system using ARP


arp-fingerprint [options] target

The target should be specified as a single IP address or hostname. You cannot specify
multiple targets, IP networks or ranges.

If you use an IP address for the target, you can use the -o option to pass the --numeric
option to arp-scan, which will prevent it from attempting DNS lookups. This can speed up
the fingerprinting process, especially on systems with a slow or faulty DNS configuration.


arp-fingerprint fingerprints the specified target host using the ARP protocol.

It sends various different types of ARP request to the target, and records which types it
responds to. From this, it constructs a fingerprint string consisting of "1" where the
target responded and "0" where it did not. An example of a fingerprint string is
01000100000. This fingerprint string is then used to lookup the likely target operating

Many of the fingerprint strings are shared by several operating systems, so there is not
always a one-to-one mapping between fingerprint strings and operating systems. Also the
fact that a system's fingerprint matches a certain operating system (or list of operating
systems) does not necessarily mean that the system being fingerprinted is that operating
system, although it is quite likely. This is because the list of operating systems is not
exhaustive; it is just what I have discovered to date, and there are bound to be operating
systems that are not listed.

The ARP fingerprint of a system is generally a function of that system's kernel (although
it is possible for the ARP function to be implemented in user space, it almost never is).

Sometimes, an operating system can give different fingerprints depending on the
configuration. An example is Linux, which will respond to a non-local source IP address
if that IP is routed through the interface being tested. This is both good and bad: on
one hand it makes the fingerprinting task more complex; but on the other, it can allow
some aspects of the system configuration to be determined.

Sometimes the fact that two different operating systems share a common ARP fingerprint
string points to a re-use of networking code. One example of this is Windows NT and

arp-fingerprint uses arp-scan to send the ARP requests and receive the replies.

There are other methods that can be used to fingerprint a system using arp-scan which can
be used in addition to arp-fingerprint. These additional methods are not included in arp-
fingerprint either because they are likely to cause disruption to the target system, or
because they require knowledge of the target's configuration that may not always be

arp-fingerprint is still being developed, and the results should not be relied on. As most
of the ARP requests that it sends are non-standard, it is possible that it may disrupt
some systems, so caution is advised.

If you find a system that arp-fingerprint reports as UNKNOWN, and you know what operating
system it is running, could you please send details of the operating system and
fingerprint to arp-scan@nta-monitor.com so I can include it in future versions. Please
include the exact version of the operating system if you know it, as fingerprints
sometimes change between versions.


-h Display a brief usage message and exit.

-v Display verbose progress messages.

-o <option-string>
Pass specified options to arp-scan. You need to enclose the options string in
quotes if it contains spaces. e.g. -o "-I eth1". The commonly used options are
--interface (-I) and --numeric (-N).


$ arp-fingerprint 01000100000 Linux 2.2, 2.4, 2.6

$ arp-fingerprint -o "-N -I eth1" 11110100000 FreeBSD 5.3, Win98, WinME, NT4, 2000, XP, 2003


arp-fingerprint is implemented in Perl, so you need to have the Perl interpreter installed
on your system to use it.

Use arp-fingerprint online using onworks.net services

Free Servers & Workstations

Download Windows & Linux apps

  • 1
    VBA-M (Archived - Now on Github)
    VBA-M (Archived - Now on Github)
    Project has moved to
    Features:Cheat creationsave statesmulti
    system, supports gba, gbc, gb, sgb,
    Download VBA-M (Archived - Now on Github)
  • 2
    Linux System Optimizer and Monitoring
    Github Repository:
    Audience: End Users/Desktop. User
    interface: Qt. Programming La...
    Download Stacer
  • 3
    Fork of TeamWinRecoveryProject(TWRP)
    with many additional functions, redesign
    and more Features:Supports Treble and
    non-Treble ROMsUp-to-date Oreo kernel,
    Download OrangeFox
  • 4
    itop - ITSM  CMDB OpenSource
    itop - ITSM CMDB OpenSource
    IT Operations Portal: a complete open
    source, ITIL, web based service
    management tool including a fully
    customizable CMDB, a helpdesk system and
    a document man...
    Download itop - ITSM CMDB OpenSource
  • 5
    Clementine is a multi-platform music
    player and library organizer inspired by
    Amarok 1.4. It has a fast and
    easy-to-use interface, and allows you to
    search and ...
    Download Clementine
  • 6
    ATTENTION: Cumulative update 2.4.3 has
    been released!! The update works for any
    previous 2.x.x version. If upgrading
    from version v1.x.x, please download and
    Download XISMuS
  • 7
    Modular headtracking program that
    supports multiple face-trackers, filters
    and game-protocols. Among the trackers
    are the SM FaceAPI, AIC Inertial Head
    Tracker ...
    Download facetracknoir
  • More »

Linux commands