Posted on Posted in Tutorial's

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.

Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks.

Current version: 0.3-beta6
Author: Jaime Peñalba <jpenalbae at gmail dot com>

You can download the latest release here, look the archive, or read the ChangeLog
Also svn browser is available here, a live generated snapshot from svn can be downloaded. Changelog


  • libnet 1.1.x, can be found here
  • libpcap, can be found here
  • Tested to work on Linux, Solaris, MacOS X and OpenBSD, other unixes may also work


As you may already know:

$ tar zxvf netdiscover-0.3-beta6.tar.gz
$ cd netdiscover-0.3-beta6
$ ./configure [your options]
$ make
# make install

Binary packages

You can find binaries for some linux flavours packaged by volunteers

    • Debian

Available at official debian repositories for stable/testing/unstable, you can just apt-get it!!

# apt-get install netdiscover
    • Ubuntu

Available at official repositories for multiple flavours, you can just apt-get it!!

# apt-get install netdiscover
    • Gentoo

Available to build using portege over official repositories

# emerge netdiscover
    • Mandriva

Included in cooker distribution CDs


Command line usage & parameters:

Usage: netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]
  -i device: your network device
  -r range: scan a given range instead of auto scan.,/16,/8
  -p passive mode do not send anything, only sniff
  -s time: time to sleep between each arp request (miliseconds)
  -c count: number of times to send each arp reques (for nets with packet loss)
  -n node: last ip octet used for scanning (from 2 to 253)
  -S enable sleep time supression betwen each request (hardcore mode)
  -f enable fastmode scan, saves a lot of time, recommended for auto

If -p or -r arent enabled, netdiscover will scan for common lan addresses

On screen usage keys:

  h      Show help screen
  j      Scroll down (or down arrow)
  k      Scroll up (or up arrow)
  a      Show arp replys list
  r      Show arp requests list
  q      Close help screen or end application

Some examples of usage

  • Scan a class C network, to see wich hosts are up
    # netdiscover -i wlan0 -r
  • Scanning /16 network, trying to find online boexes
    # netdiscover -i wlan0 -r
  • Scan a class A network, trying to find network addresses
    # netdiscover -i wlan0 -r
  • Auto scan common networks
    # netdiscover -i wlan0
  • Dont send arp requests, listen only
    # netdiscover -i wlan0 -p

If you want to change your mac address for the scan, try:

# ifconfig wlan0 down
# ifconfig wlan0 hw ether 00:11:22:33:44:55
# ifconfig wlan0 up
# netdiscover -i wlan0 [options]


Sample output

Image1: List of arp replies found actively scanning a network.

Image2: List of arp request passively found.

Image3: List of unique hosts found trough arp replies or requests.

Image4: Sample output of help screen containing controls

Quelle: netdiscover


Netdiscover – Kali Linux


Leave a Reply