From aldeid
Jump to navigation Jump to search


Netdiscover is an active/passive arp reconnaissance tool.



Backtrack 5 R2 already comes with netdiscover installed in /usr/local/sbin.

From scratch

$ sudo apt-get install netdiscover



netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-C]
If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.


-i <device>
your network device
-r <range>
scan a given range instead of auto scan.,/16,/8
-l <file>
scan the list of ranges contained into the given file
-p <passive mode>
do not send anything, only sniff
-F <filter>
Customize pcap filter expression (default: "arp")
time to sleep between each arp request (miliseconds)
-n <node>
last ip octet used for scanning (from 2 to 253)
-c <count>
number of times to send each arp reques (for nets with packet loss)
enable fastmode scan, saves a lot of time, recommended for auto
ignore home config files for autoscan and fast mode
enable sleep time supression betwen each request (hardcore mode)
print results in a format suitable for parsing by another program
in parsable output mode (-P), continue listening after the active scan is completed


Here is an example:

# netdiscover

 Currently scanning:   |   Screen View: Unique Hosts                                                                                                              
 5 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 300                                                                                                                  
   IP            At MAC Address      Count  Len   MAC Vendor                   
 -----------------------------------------------------------------------------    00:50:56:f0:49:00    03    180   VMWare, Inc.                                                                                                                00:50:56:c0:00:08    01    060   VMWare, Inc.                                                                                                              00:50:56:f9:06:47    01    060   VMWare, Inc.


blog comments powered by Disqus