arp-sk – ARP Swiss Army Knife Tool | Darknet

02 October 2006 | 21,451 views

arp-sk – ARP Swiss Army Knife Tool

arp-sk is basically an ARP Traffic Generation Tool. It’s quite old but still very useful!

There are 2 basics mode:
– who-has: build a request ARP message.
– reply: build a reply ARP message (default)

Other advanced modes should come very soon
– arping: send a who-has to every host on the LAN to see who is here
– promisc: detection of boxes that are sniffing on the network using promiscuous mode of their network interface
– arpmim: perform Man in the Middle attack

Link level options

-s: set the source address of the packet.
Default : MAC address of the interface used to send the packets.

-d: set the destination address of the packet
Default: broadcast

These 2 options have a strong influence on the ARP message itself.
Here are the default according to these options:

– request

      # ./arp-sk -i eth1 -w
      + Running mode "who-has"
      + IfName: eth1
      + Source MAC: 52:54:05:f4:62:30
      + Source ARP MAC: 52:54:05:f4:62:30
      + Source ARP IP : 192.168.1.1 (batman)
      + Target MAC: ff:ff:ff:ff:ff:ff
      + Target ARP MAC: 00:00:00:00:00:00
      + Target ARP IP : 255.255.255.255 (255.255.255.255)

– reply

      # ./arp-sk -i eth1 -r
      + Running mode "reply"
      + IfName: eth1
      + Source MAC: 52:54:05:f4:62:30
      + Source ARP MAC: 52:54:05:f4:62:30
      + Source ARP IP : 192.168.1.1 (batman)
      + Target MAC: ff:ff:ff:ff:ff:ff
      + Target ARP MAC: ff:ff:ff:ff:ff:ff
      + Target ARP IP : 255.255.255.255 (255.255.255.255)

The only difference comes from the destiantion mac address from ARP message, since it has to be 00:00:00:00:00:00. For the reply mode, consistency is preserved and the destination MAC address used for the link layer is copied in the ARP message.

You can download arp-sk here:

arp-sk-0.0.16.tgz