See More
About Contact Privacy Terms

How to Install & Use Netdiscover to Scan Wireless Networks

verified
Published: Jul 10, 2020 - Updated: Mar 16, 2022

Netdiscover is an active/passive ARP reconnaissance tool, initially developed to gain information about wireless networks without DHCP servers in wardriving scenarios.

It gathers information about the connected clients and the router. It’ll only show us the targeted client’s IP address, their MAC address, and sometimes the hardware manufacturer.

I’m going to share how to use this tool. Let’s get stated:

Table of Contents

  1. Install Netdiscover
  2. Options
  3. Example Commands

Install Netdiscover

Netdiscover is a built-in tool of Kali linux. You can also install it on your machine if not installed:

# Debian distros
sudo apt-get install netdiscover

Options

Run this command to see all available options:

netdiscover -h

Output:

Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-F filter] [-s time] [-c count] [-n node] [-dfPLNS]
  -i device: your network device
  -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
  -l file: scan the list of ranges contained into the given file
  -p passive mode: do not send anything, only sniff
  -m file: scan a list of known MACs and host names
  -F filter: customize pcap filter expression (default: "arp")
  -s time: time to sleep between each ARP request (milliseconds)
  -c count: number of times to send each ARP request (for nets with packet loss)
  -n node: last source IP octet used for scanning (from 2 to 253)
  -d ignore home config files for autoscan and fast mode
  -f enable fastmode scan, saves a lot of time, recommended for auto
  -P print results in a format suitable for parsing by another program and stop after active scan
  -L similar to -P but continue listening after the active scan is completed
  -N Do not print header. Only valid when -P or -L is enabled.
  -S enable sleep time suppression between each request (hardcore mode)

If -r, -l or -p are not enabled, netdiscover will scan for common LAN addresses.

Example Commands

Let’s take a look at some live commands:

# Scan Range
sudo netdiscover -r 192.168.1.0/24

# Parsable Outputs
sudo netdiscover -r 192.168.1.0/24 -PN

# Passive Scanning
sudo netdiscover -p -r 192.168.1.0/16 -PN
That’s it. Thanks for reading. ?
Hacking and Security Information Gathering
0
0
Share