Hi Marcos, I'm the upstream author.
I broadly agree with Sven, and think that it's best to build with libcap capabilities support if possible because it increases security. arp-scan's needs are similar to ping: the only capability it needs on Linux is CAP_NET_RAW, and it only needs to enable that for the brief period when it opens the network socket. I gave arp-scan the option to be capabilities aware to fulfil the principle of least privilege. > arp-scan is an admin command. It is installed (by default) in > /usr/sbin/, this directory is not in the $PATH of a normal user. I'm not sure what exactly we mean by an "admin command". arp-scan can be used for sysadmin, but it also has other use cases. Some I know of are: auditing network equipment, pentesters generating hosts lists, services that run arp-scan regularly and log to a database. Some Debian users may be using it outside sysadmin roles. It's worth mentioning that capabilities support was a reqested feature: https://github.com/royhills/arp-scan/issues/21 Thanks, Roy
