Related Reads
NetDiscover is a very neat tool for finding hosts on either wireless or switched networks. It can be used both in active or in passive mode.
ARP stands for Address Resolution Protocol and it allows the discovery of which host has which MAC address. The MAC address is the physical address of the hosts network card.
NetDiscover comes preinstalled with Kali Linux and is quite easy to use.
In passive mode, the tool is silent. It doesn’t send any data at all – it simply sniffs the network for ARP requests.
On my Kali Linux virtual host, I can simply ask NetDiscover to run in passive mode by entering the following command:
> netdiscover -i eth0 -p
It’s important to know that ARP requests are not routed on a network, so if you’re sing Kali Linux as a virtual machine with NAT, it might not work as expected. You should have your network in bridged mode to sniff ARP requests on the network you are connected to.
Also, when running in passive mode, hosts will appear over time as their ARP requests are picked up by NetDiscover.
If you run Netdiscover in active mode, it can discover every host on a network by sending ARP requests. This is more efficient than using ICMP (Ping packets), as ICMP can be filtered by a host’s local firewall, while ARP requests simply cant be blocked.
If ARP were to be blocked, the host would not be able to communicate on an Ethernet network at all. Using ARP is a very neat way of finding all online hosts on a network.
To run NetDiscover in active mode, remove the -p flag; there are a few options for active scanning. If you are unsure of what network you are on, you can test several networks to see if there’s any traffic.
Here’s an example of running Netdiscover in active mode:
> netdiscover -i eth0 -r 192.168.8.0/24 -f
The manpage is available at man netdiscover and the webpage for NetDiscover can be found at http://nixgeneration.com/~jaime/netdiscover/
Did You Know?
Cybrary has tons of FREE training resources!
For lifetime access simply CREATE A FREE ACCOUNT.
Already a member? login here.
We recommend always using caution when following any link
Are you sure you want to continue?
i should not forget about this one