Sunday, August 2, 2015

Using Netdiscover to Find IP and Mac Addresses

Linux Slaves Netdicover Tutorials - This is one of so many Linux network monitoring tools we can use to discover the IP addresses on a corporate, educational, wireless or other network by using Netdiscover. It needs to send out arp requests.

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are war-driving. It can be also used on hub/switched networks.

Also read on Linuxslaves :

Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks.

How To install Netdiscover

Netdiscover is available on Backtrack, Kali Linux and others pentest distro as default linux security tools. You can install by download the package at last of this post. Or install it manually by follow this commands to install netdiscover under terminal :

sudo apt-get install netdiscover

Type your password to confirm and you get this tools.

3. How to use Netdiscover

How To Use netdiscover? You can check help to get usage guide. Here's the help :

Usage: netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]
-i device: your network device
-r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
-p passive mode do not send anything, only sniff
-s time: time to sleep between each arp request (miliseconds)
-c count: number of times to send each arp reques (for nets with packet loss)
-n node: last ip octet used for scanning (from 2 to 253)
-S enable sleep time supression betwen each request (hardcore mode)
-f enable fastmode scan, saves a lot of time, recommended for auto

For an example, looking for how many clients and get the MAC addreses.

sudo netdiscover -r 192.168.1.0/24 -i wlan0

And here's the output taken from my Ubuntu desktop.

Netdiscover to Find IP and Mac Addresses

If you want to change your mac address for the scan, try this one :

ifconfig wlan0 down
ifconfig wlan0 hw ether 00:11:22:33:44:55
ifconfig wlan0 up
netdiscover -i wlan0 [options]

Netdiscover also can run in pasive mode. This means that it will not send ARP packets out but will wait for them to come from another source. To make netdiscover runing in passive mode add -p inside the command. So it would be like this :

sudo netdiscover -p -r 192.168.1.0/24 -i wlan0

Requirements :
- libnet 1.1.x
- libpcap
- Tested to work on Linux, Solaris, MacOS X OpenBSD, other & unixes may also work

That's all I can share about tutorial and guide to use netdiscover for finding IP and Mac Addresses. Share this post if like the article! Hope you've enjoyed reading this tutorial as much I’ve enjoyed writing it. Thanks for visiting us.

Related Post

No comments:

Post a Comment