/netdiscover

netdiscover

Primary LanguageObjective-CGNU General Public License v3.0GPL-3.0

Welcome to Netdiscover 0.3 beta. Netdiscover is a network address discovering
tool, developed mainly for those wireless networks without dhcp server, it
also works on hub/switched networks. Its based on arp packets, it will send arp
requests and sniff for replys.

Its my first public C tool, so dont be too hard with me, if some parts on the
code looks like offuscated or are unreadable, and feel free to mail me with 
suggestions or patches at <jpenalbae@gmail.com>

Also mail me for any bug or compilation error, it must compile with gcc 2.95 or
newer.

An excesive cpu comsuption happens on OpenBSD, due to threads design and the
use of pcap_open_live() with pcap_loop(), any sugestions for fix are welcome.


Requeriments
============

 - libpcap
 - libnet > 1.1.2
 - Tested to work on Linux, Solaris MacOS X and OpenBSD, other unixes may work
 

Build
=====

$ sh update-oui-database.sh (optional)
$ ./configure
$ make
# make install


Usage
=====

Screen Keys:

	- k/j (or up/down arrow keys) scroll up/down
	- q quit


Usage: ./netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]

  -i device
    The network device to sniff at and inject packets. If no device was
    specified, first available will be used.

  -r range
    Scan a given range instead of auto scan. Valid range values are:
    192.168.0.0/24, 192.168.0.0/16 or 192.168.0.0/8

  -p
    Enable passive mode do not send anything, only sniff

  -s time
    It will sleep given time in milliseconds between each arp request
    injection. (default 1)

  -c count
    Number of times to send each arp reques. Usefull for networks with
    packet loss, so it will scan given times for each host.

  -n node
    Last ip octet used for scanning as source host, you can change it
    if the default host is already used (from 2 to 253) (default 66)

  -S
    Enable sleep time supression betwen each request. I will sleep each 255
    scanned hosts instead of do it by each one, this mode was used on 0.3 beta4
    and older releases. Avoid this option on networks with packet lossing,
    or in wireless networks with low signal level. (also called hardcore mode)

  -f
    Enable fastmode scan, it will only scan for hosts .1, .100, .254 on each
    network, usefull when searching for addresses being used, after find one
    you can make a specific range scan to see online boxes.
    Scanned hosts can be easily modified at fast_ips[] array on main.c source.

If -p or -r options are not used, netdiscover will automatically scan for common
lan addresses. Those address lists can be modified at common_net[] on main.c


Examples
========

Scan common lan addresses on eth0
# netdiscover -i eth0

Fast scan common lan addresses on eth0 (search only for gateways)
# netdiscover -i eth0 -f

Scan some fixed ranges
# netdiscover -i eth0 172.26.0.0/24
# netdiscover -i eth0 192.168.0.0/16
# netdiscover -i eth0 10.0.0.0/8

Scan common lan addresses with sleep time 0.5 instead of default 1
# netdiscover -i eth0 -s 0.5

Scan fixed range on fast mode with sleep time 0.5 instead of default 1
# netdiscover -i eth0 192.168.0.0/16 -f -s 0.5

Only sniff for arp traffic, dont send nothing
# netdiscover -i eth0 -p

Scan for common lan addresses using old hardcore mode (much more faster, but
avoid it on networks with bad link)
# netdiscover -i eth0 -S

More parameter combinations are possible, these are only some examples.


Bugs & Contact
==============

Feel free to mail me with any problem, bug, suggestions or fixes at:
Jaime Penalba <jpenalbae@gmail.com>