Netdiscover
Jump to navigation
Jump to search
Description
Netdiscover is an active/passive arp reconnaissance tool.
Installation
Backtrack
Backtrack 5 R2 already comes with netdiscover installed in /usr/local/sbin.
From scratch
$ sudo apt-get install netdiscover
Usage
Syntax
netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-C]
Note
If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.
Options
- -i <device>
- your network device
- -r <range>
- scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
- -l <file>
- scan the list of ranges contained into the given file
- -p <passive mode>
- do not send anything, only sniff
- -F <filter>
- Customize pcap filter expression (default: "arp")
- -s
- time to sleep between each arp request (miliseconds)
- -n <node>
- last ip octet used for scanning (from 2 to 253)
- -c <count>
- number of times to send each arp reques (for nets with packet loss)
- -f
- enable fastmode scan, saves a lot of time, recommended for auto
- -d
- ignore home config files for autoscan and fast mode
- -S
- enable sleep time supression betwen each request (hardcore mode)
- -P
- print results in a format suitable for parsing by another program
- -L
- in parsable output mode (-P), continue listening after the active scan is completed
Example
Here is an example:
# netdiscover
Currently scanning: 172.16.151.0/16 | Screen View: Unique Hosts
5 Captured ARP Req/Rep packets, from 3 hosts. Total size: 300
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor
-----------------------------------------------------------------------------
192.168.60.2 00:50:56:f0:49:00 03 180 VMWare, Inc.
192.168.60.1 00:50:56:c0:00:08 01 060 VMWare, Inc.
192.168.60.254 00:50:56:f9:06:47 01 060 VMWare, Inc.