running the command "arp -a" (from either windows, mac, linux, *BSD, etc) will dump the local ARP tables.
The arp tables are built on demand (you won't have entries listed to computers you're not communicating with) and they allow you to communicate with nodes over _Ethernet_
(MAC routing) via referencing "Private" IP addresses. All routing in a LAN broadcast segment is done via Ethernet (yeah, that protocol originally designed by xerox and others).
Basically when you want to send something to a node on your LAN (router, another computer, a network printer, etc) your computer sends out a broadcasted ARP request saying "hey, i wan't to send something to '192.168.1.25', what's their MAC address so i can send it to them?" then when the proper node picks it up it will respond with a unicast packet that basically says "Hey, i'm '192.168.1.25, and heres my MAC address so you can send that to me'".
When Ettercap does a "host scan" what it's really doing, is broadcasting out incremental ARP requests that look something like this:
- Code: Select all
Who has 192.168.1.2
Who has 192.168.1.3
Who has 192.168.1.4
Who has 192.168.1.5
Who has 192.168.1.254
and it then builds a LAN based host list from the ARP responses it receives.
This is purely an _Ethernet_ broadcast (all ethernet broadcasts end at routers or are segmented by VLANs) so you will only be able to get the ethernet address (MAC addresses) IP address pairs of nodes on you LAN segment.
In order to completely scan a college/corporate network (that is most likely segmented by VLANs and by physical "intranet" routers and bridges ), you'll have to use an IP centric scanner (such as nmap). Seeing how i myself am i man page and cannonical DOC whore, i won't regurgitate what's already been written in authoritative texts. However, i will link you to a man page and a canonical source.http://linuxmanpages.com/man1/nmap.1.phphttp://nmap.org/docs.html
Go read, Go learn, Go Go Go Go Go and stop when your ded, take a nap and Go some more!!!!!!