Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks.
Current version: 0.3-beta6
Author: Jaime Peñalba <jpenalbae at gmail dot com>
- libnet 1.1.x, can be found here
- libpcap, can be found here
- Tested to work on Linux, Solaris, MacOS X and OpenBSD, other unixes may also work
As you may already know:
$ tar zxvf netdiscover-0.3-beta6.tar.gz
$ cd netdiscover-0.3-beta6
$ ./configure [your options]
# make install
You can find binaries for some linux flavours packaged by volunteers
Available at official debian repositories for stable/testing/unstable, you can just apt-get it!!
# apt-get install netdiscover
Available at official repositories for multiple flavours, you can just apt-get it!!
# apt-get install netdiscover
Available to build using portege over official repositories
# emerge netdiscover
Included in cooker distribution CDs
Command line usage & parameters:
Usage: netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S] -i device: your network device -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8 -p passive mode do not send anything, only sniff -s time: time to sleep between each arp request (miliseconds) -c count: number of times to send each arp reques (for nets with packet loss) -n node: last ip octet used for scanning (from 2 to 253) -S enable sleep time supression betwen each request (hardcore mode) -f enable fastmode scan, saves a lot of time, recommended for auto If -p or -r arent enabled, netdiscover will scan for common lan addresses
On screen usage keys:
h Show help screen j Scroll down (or down arrow) k Scroll up (or up arrow) a Show arp replys list r Show arp requests list q Close help screen or end application
Some examples of usage
- Scan a class C network, to see wich hosts are up
# netdiscover -i wlan0 -r 192.168.1.0/24
- Scanning /16 network, trying to find online boexes
# netdiscover -i wlan0 -r 192.168.0.0/16
- Scan a class A network, trying to find network addresses
# netdiscover -i wlan0 -r 10.0.0.0/8
- Auto scan common networks
# netdiscover -i wlan0
- Dont send arp requests, listen only
# netdiscover -i wlan0 -p
If you want to change your mac address for the scan, try:
# ifconfig wlan0 down # ifconfig wlan0 hw ether 00:11:22:33:44:55 # ifconfig wlan0 up # netdiscover -i wlan0 [options]
Image1: List of arp replies found actively scanning a 192.168.1.1/24 network.
Image2: List of arp request passively found.
Image3: List of unique hosts found trough arp replies or requests.
Image4: Sample output of help screen containing controls
Netdiscover – Kali Linux