Netdiscover

From aldeid
Jump to navigation Jump to search

Description

Netdiscover is an active/passive arp reconnaissance tool.

Installation

Backtrack

Backtrack 5 R2 already comes with netdiscover installed in /usr/local/sbin.

From scratch

$ sudo apt-get install netdiscover

Usage

Syntax

netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-C]
Note
If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.

Options

-i <device>
your network device
-r <range>
scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
-l <file>
scan the list of ranges contained into the given file
-p <passive mode>
do not send anything, only sniff
-F <filter>
Customize pcap filter expression (default: "arp")
-s
time to sleep between each arp request (miliseconds)
-n <node>
last ip octet used for scanning (from 2 to 253)
-c <count>
number of times to send each arp reques (for nets with packet loss)
-f
enable fastmode scan, saves a lot of time, recommended for auto
-d
ignore home config files for autoscan and fast mode
-S
enable sleep time supression betwen each request (hardcore mode)
-P
print results in a format suitable for parsing by another program
-L
in parsable output mode (-P), continue listening after the active scan is completed

Example

Here is an example:

# netdiscover

 Currently scanning: 172.16.151.0/16   |   Screen View: Unique Hosts                                                                                                              
                                                                                                                                                                                  
 5 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 300                                                                                                                  
 _____________________________________________________________________________
   IP            At MAC Address      Count  Len   MAC Vendor                   
 ----------------------------------------------------------------------------- 
 192.168.60.2    00:50:56:f0:49:00    03    180   VMWare, Inc.                                                                                                                    
 192.168.60.1    00:50:56:c0:00:08    01    060   VMWare, Inc.                                                                                                                    
 192.168.60.254  00:50:56:f9:06:47    01    060   VMWare, Inc.

Comments