Doesn't work on WSl2 NAT network mode

[Mu-cream]

Network on wsl2

┌──(root㉿W1sh)-[~]
└─# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:05:6e:31 brd ff:ff:ff:ff:ff:ff
    inet 172.30.36.124/20 brd 172.30.47.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe05:6e31/64 scope link
       valid_lft forever preferred_lft forever

Network on host

WLAN:
   IPv4 Address . . . . . . . . . . . . : 172.20.129.135
   NetMask  . . . . . . . . . . . . : 255.255.248.0
   GateWay. . . . . . . . . . . . . : 172.20.128.1

I tried to scan host on host's network segment from wsl but get

┌──(root㉿W1sh)-[~]
└─# arp-scan -I eth0 172.30.36.1/24
Interface: eth0, type: EN10MB, MAC: 00:15:5d:05:6e:31, IPv4: 172.30.36.124
WARNING: host part of 172.30.36.1/24 is non-zero
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)

1 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.103 seconds (121.73 hosts/sec). 0 responded

And I tried to scan from host

>arp-scan.exe -t 172.20.129.135
Reply that B4:0E:DE:13:86:ED is 172.20.129.135 in 0.210700

> arp-scan.exe -t 172.30.36.124
Reply that 00:15:5D:05:6E:31 is 172.30.36.124 in 2.027900

[royhills]

The IP network is 172.30.36.124/20:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:05:6e:31 brd ff:ff:ff:ff:ff:ff
    inet 172.30.36.124/20 brd 172.30.47.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe05:6e31/64 scope link
       valid_lft forever preferred_lft forever

But you are scanning the smaller 172.30.36.0/24 network (specified as 172.30.36.1/24 but arp-scan converts it to the correct CIDR address hence the warning about non-zero host part):

# arp-scan -I eth0 172.30.36.1/24

So you are probably seeing nothing because you're not scanning the entire range of the WSL2 NAT network.

Try arp-scan --localnet which should automatically use the correct network address for the interface, e.g.:

rsh@nuc13:~$ sudo arp-scan --localnet
Interface: eth0, type: EN10MB, MAC: 00:15:5d:9f:59:90, IPv4: 172.19.102.229
Starting arp-scan 1.9.7 with 4096 hosts (https://github.com/royhills/arp-scan)
172.19.96.1     00:15:5d:a0:2e:be       Microsoft Corporation

1 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7: 4096 hosts scanned in 17.425 seconds (235.06 hosts/sec). 1 responded

I'm not familiar with arp-scan.exe - note that this is not the same as arp-scan although it has a confusingly similar name. I don't know how arp-scan.exe is receiving replies from hosts outside the NAT network .