Discover Network Hosts with NetDiscover
> netdiscover -i eth0 -pIt's important to know that ARP requests are not routed on a network, so if you're sing Kali Linux as a virtual machine with NAT, it might not work as expected. You should have your network in bridged mode to sniff ARP requests on the network you are connected to.Also, when running in passive mode, hosts will appear over time as their ARP requests are picked up by NetDiscover.If you run Netdiscover in active mode, it can discover every host on a network by sending ARP requests. This is more efficient than using ICMP (Ping packets), as ICMP can be filtered by a host's local firewall, while ARP requests simply cant be blocked.If ARP were to be blocked, the host would not be able to communicate on an Ethernet network at all. Using ARP is a very neat way of finding all online hosts on a network.To run NetDiscover in active mode, remove the -p flag; there are a few options for active scanning. If you are unsure of what network you are on, you can test several networks to see if there's any traffic.
- The -r flag allows you to specify this, as an example -r 192.168.0.0/24.
- If you do not specify this, NetDiscover will use the auto scan feature to scan the most common internal networks.
- If you're using the auto scan feature, you should also probably use the -f flag for fast. This tells NetDiscover not to try every IP on every network specified but instead try a few ones.
- Once you see ARP requests for a particular network, you can run NetDiscover again for that particular network without the -f flag and use the -r flag to specify which particular network you want to scan every IP for.
> netdiscover -i eth0 -r 192.168.8.0/24 -fThe manpage is available at man netdiscover and the webpage for NetDiscover can be found at http://nixgeneration.com/~jaime/netdiscover/