bar

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.

Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks.

Current version: 0.3-beta6
Author: Jaime Peñalba <jpenalbae at gmail dot com>

You can download the latest release here, look the archive, or read the ChangeLog
Also svn browser is available here, a live generated snapshot from svn can be downloaded. Changelog


News

14/9/2009: The CVS repository has been migrated to SVN hosted by sourceforge.net, so now there is anonymous access for everyone. Just run "svn co https://netdiscover.svn.sourceforge.net/svnroot/netdiscover/trunk netdiscover" to download the latest development version.

19/1/2009: A good number of changes have been done over cvs code such as support to redefine ips scanned on fast mode or auto scan mode ranges using config files, also many changes have been submitted by Alex <sud at latinsud dot com> Thanks!!!. So until i have some spare time to make a new release, cvs version tarball can be downloaded here to keep updated.

27/6/2007: After a really long downtime due to unexpected cease of service of the hosting company holding netdiscover, i have managed to restore almost all the data from this project, anyway some archive releases where lost for ever.

21/7/2005: Again, other beta version is available, can be downloaded here, added mac vendor database, take a look at the bottom of the web. Also Solaris and OpenBSD support is on the way.

25/7/2005: Beta version 3 is now available, it can be downloaded here, now supporting Solaris and OpenBSD, however running on openbsd 3.6 it takes too many cpu cycles, some debugging is needed, if you try netdiscover on any other platform please mail me with the history. Also feature requests and bugfixes are open if there are no requests or bug reports, i will release the 0.3 final version when OpenBSD issues are fixed and code cleaned.

21/7/2005: Again, other beta version is available, can be downloaded here, added mac vendor database, take a look at the bottom of the web. Also Solaris and OpenBSD support is on the way.

20/7/2005: New beta version is available, can be downloaded here, if you guys want some action, and are bored of networks with shitty addressements try this version, with the new fast mode, it can scan the hole common local network addresses on 3min 57seg, really amazing. Also packet capture has been improved to 0% packet loss


Requirements

  • libnet 1.1.x, can be found here
  • libpcap, can be found here
  • Tested to work on Linux, Solaris, MacOS X and OpenBSD, other unixes may also work


Building

As you may already know:

$ tar zxvf netdiscover-0.3-beta6.tar.gz
$ cd netdiscover-0.3-beta6
$ ./configure [your options]
$ make
# make install

Binary packages

You can find binaries for some linux flavours packaged by volunteers
  • Debian
  • Available at official debian repositories for stable/testing/unstable, you can just apt-get it!!

    # apt-get install netdiscover

  • Ubuntu
  • Available at official repositories for multiple flavours, you can just apt-get it!!

    # apt-get install netdiscover

  • Gentoo
  • Available to build using portege over official repositories

    # emerge netdiscover

  • Mandriva
  • Included in cooker distribution CDs

Usage

Command line usage & parameters:
Usage: netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]
  -i device: your network device
  -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
  -p passive mode do not send anything, only sniff
  -s time: time to sleep between each arp request (miliseconds)
  -c count: number of times to send each arp reques (for nets with packet loss)
  -n node: last ip octet used for scanning (from 2 to 253)
  -S enable sleep time supression betwen each request (hardcore mode)
  -f enable fastmode scan, saves a lot of time, recommended for auto

If -p or -r arent enabled, netdiscover will scan for common lan addresses

On screen usage keys:
  h      Show help screen
  j      Scroll down (or down arrow)
  k      Scroll up (or up arrow)
  a      Show arp replys list
  r      Show arp requests list
  q      Close help screen or end application

Some examples of usage
  • Scan a class C network, to see wich hosts are up
    # netdiscover -i wlan0 -r 192.168.1.0/24

  • Scanning /16 network, trying to find online boexes
    # netdiscover -i wlan0 -r 192.168.0.0/16

  • Scan a class A network, trying to find network addresses
    # netdiscover -i wlan0 -r 10.0.0.0/8

  • Auto scan common networks
    # netdiscover -i wlan0

  • Dont send arp requests, listen only
    # netdiscover -i wlan0 -p

If you want to change your mac address for the scan, try:
# ifconfig wlan0 down
# ifconfig wlan0 hw ether 00:11:22:33:44:55
# ifconfig wlan0 up
# netdiscover -i wlan0 [options]

Sample output


sample1
 Image1: List of arp replies found actively scanning a 192.168.1.1/24 network.

sample2
 Image2: List of arp request passively found.

sample3
 Image3: List of unique hosts found trough arp replies or requests.

sample4
 Image4: Sample output of help screen containing controls

Bugs & Contact

If you find any bug, have any suggestions or patches, you can email me at
"Jaime Peñalba <jpenalbae at gmail dot com>"