Any Penetration Testing project is heavily dependent on its first phase i.e. INFORMATION Gathering . Even during the war driving phase we need to discover the Addresses of the live hosts . In a case where your penetration testing requires you to scan for the wireless network addresses without connected to the network , Netdiscover is of assistance .
Netdiscover for Ip Address Enumeration
Netdiscover is used for the active or passive scanning of those wireless networks without the DHCP server , specially when you are wardriving . However the tool can also be used for scanning hub/switched networks . This tool helps in the quick discovery of the IP addresses on a given network , even if we dont have any DHCP server .
In Kali Linux , the Tool is under the following path :
Application →Kali Linux → Information gathering → Live Host Identification → netdiscover
OR just simply type netdiscover on the terminal to start the tool in the Default mode .
To view the Help menu Type : netdiscover -h and you will get a list of commandline options .
Netdiscover 0.3-beta6 [Active/passive arp reconnaissance tool] Written by: Jaime Penalba <jpenalbae@gmail.com> Usage: netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S] -i device: your network device -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8 -p passive mode do not send anything, only sniff -s time: time to sleep between each arp request (miliseconds) -c count: number of times to send each arp reques (for nets with packet loss) -n node: last ip octet used for scanning (from 2 to 253) -S enable sleep time supression betwen each request (hardcore mode) -f enable fastmode scan, saves a lot of time, recommended for auto If -p or -r aren't enabled, netdiscover will scan for common lan addresses
If you simply type netdicover on the terminal then the Auto Scan is started .
Syntax : netdiscover
This will auto detect online hosts , IP addresses , Mac addresses , Mac Vendors etc . At any point if you want to stop the scan simply type Ctrl C .
In case you want Netdiscover only to scan for a range of IP addresses use the following syntax :
netdiscover -I eth0 -r 192.168.100.0/24
Where -I specifies the interface used for Scanning and 192.168.100.0 is the IP range (-r) to be scanned for .
Netdiscover comes as a network scanner checking for live hosts but what gives it power is to scan a network even when we dont have a DHCP server to access . In such a case where we need a quick network scan , Netdiscover is the best tool to use .