Arp Scan
nmap -PR -sn 192.0.2.0/24
nmap -n -sn 192.0.2.0/24
function do-v4arpScan {
$adapters = Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.IPAddress -notlike "127.*" -and $_.PrefixLength -lt 30 }
$packet = New-Object byte[] 1
$packet[0] = 1
$UDPclient = new-Object System.Net.Sockets.UdpClient
foreach ($adapter in $adapters) {
$ipParts = $adapter.IPAddress -split "\."
$ipInt = ([uint32]$ipParts[0] -shl 24) -bor ([uint32]$ipParts[1] -shl 16) -bor ([uint32]$ipParts[2] -shl 8) -bor [uint32]$ipParts[3]
$hostBits = 32 - $adapter.PrefixLength
$subnetSize = [math]::Pow(2, $hostBits)
$networkStart = ($ipInt -band (-bnot ($subnetSize - 1)))
$networkEnd = $networkStart + $subnetSize - 1
for ($i = $networkStart + 1; $i -lt $networkEnd; $i++) {
$octet1 = ($i -shr 24) -band 255
$octet2 = ($i -shr 16) -band 255
$octet3 = ($i -shr 8) -band 255
$octet4 = $i -band 255
$IP = [Net.IPAddress]::Parse("$octet1.$octet2.$octet3.$octet4")
$UDPclient.Connect($IP,1)
[void]$UDPclient.Send($packet, $packet.Length)
}
}
Start-Sleep -Milliseconds 500
$arp = Get-NetNeighbor -AddressFamily IPv4 | Where-Object { $_.LinkLayerAddress -ne "00-00-00-00-00-00" -and $_.LinkLayerAddress -ne "FF-FF-FF-FF-FF-FF" -and $_.LinkLayerAddress -ne "" -and $_.LinkLayerAddress -ne "02-50-41-00-00-02" }
$arp | select IPAddress,LinkLayerAddress
}