Sunday, November 4, 2012

Dive into netdiscover tool

Hello,hello,

In this tutorial we are gonna talk and make an introduction on the Netdiscover tool.

  What netdiscover is?!?
 
/* Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server when you are wardriving. It can be also used on hub/switched networks.Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks. */ So, that's what the official site of the netdiscover tool says about this
powerful tool. The developer is Jaime Peñalba.Netdiscover is available and you can download it here


So, when you are connected in a local network and you just want to now other host IP's, MAC and other typical information you can simple
run netdiscover via your terminal/konsole in Linux. It's very good, isn't it?

It's time for the "theory" part.
You may saw some unknown words before. Some of them may be "IP", "MAC", "arp requests". Here is the explanation of those words

/*1)Ip: (Internet Protocol) It's the protocol which is used for relaying packets through the internet . Ip also is a protocol on the DoD model at the "Internet Layer"  and transfers data from the host to the destination based on the addresses.*/

/*2)Mac: Mac/physical address/hardware address/ Is a hexadecimal address like which is used for transfering packets to a destination.When
a host wants to send a packet at another host he has to know the MAC address,if he doesn't he has to call an *3)Arp requests. The arp request is a request which asks the MAC address of a host with a specific IP. Then the host with the X IP replies by answering his Mac address.*/

So let's dive into netdiscover tool

In the following scenario I use IP 192.168.1.67,so change my IP with yours.

$1) Type into terminal "$ netdiscover --help" to watch the available commands.Just have a look and we are gonna explain some of them.
$2) For finding other hosts you have to use your interface.My interface is wlan0,type "$ ifconfig" to check yours.
$3) After finding your IP and your interface type "$ netdiscover -i [interface goes here ] " The -i command specifies the interface that we are gonna use.So,by executing this command the netdiscover will show you the available IP's on your network between 192.168.0.0 until 192.168.255.255. But let's see what you will do if you want to use a specific range to scan

$4) For that you have to use the "-r" command.This will scan a given range instead of auto scanning.For example
"$ netdiscover -i [interface goes here ] -r 192.168.2.0/24" that means tha the netdiscover tool will scan between 192.168.2.0 until 192.168.2.255. If you want to scan between 192.0.0.0 and 192.255.255.255 use /8 instead of /16 or /24.

$5) If you have the IP's in a file you can simple use the "-l" command.This command loads the IP ranges that you have written in a file
and then executes a scan against them.

$6) If you wish only to sniff instead of sending something you can use the "-f" command.For example "$ netdiscover -i wlan0 -r 192.168.0.0/16 -p " .This command will just sniff.

$7) Another awesome command is the "-F" with this command you can customize the pcap filter expression.Default is arp.We said about arp's before at /*3)*/

$8) With "-s" command you are able to give the "sleep time" between each arp packet.

$9) You are allowed to customize the number of times to send an arp request with "-c" command.That's helpful when you have package loss

$10) You don't have many time?Just use "-f".That enables the fast mode scan;)

$11) With "-P" you can enable the result printing in a format suitable for parsing by another program

So,as you can see there are many options on netdiscover tool.It's useful and fast!I suggest you you to install it;)

Here are some snaps of the examples i used before...

Here we use the "-f" command for performing Fast scanning...The results are the some,but they are faster;)

Here you can see all the available commands and options on netdiscover tool,by running the "--help" command
In this picture we are using the "-r" command for specific range 192.168.0.0


Thank you,
Nikos Danopoulos

No comments:

Post a Comment