Welcome to Netdiscover 0.3 beta. Netdiscover is a network address discovering
tool, developed mainly for those wireless networks without dhcp server, it
also works on hub/switched networks. Its based on arp packets, it will send arp
requests and sniff for replys.
Its my first public C tool, so dont be too hard with me, if some parts on the
code looks like obfuscated or are unreadable, and feel free to mail me with
suggestions or patches at <jpenalbae@gmail.com>
Also mail me for any bug or compilation error, it must compile with gcc 2.95 or
newer.
An excessive cpu consumption happens on OpenBSD, due to threads design and the
use of pcap_open_live() with pcap_loop(), any sugestions for fix are welcome.
Requirements
============
- libpcap
- libnet > 1.1.2
- Tested to work on Linux, Solaris MacOS X and OpenBSD, other unixes may work
Build
=====
$ sh update-oui-database.sh (optional)
$ cmake .
$ make
# make install
Usage
=====
Screen Keys:
- k/j (or up/down arrow keys) scroll up/down
- q quit
Usage: ./netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]
-i device
The network device to sniff at and inject packets. If no device was
specified, first available will be used.
-r range
Scan a given range instead of auto scan. Valid range values are:
192.168.0.0/24, 192.168.0.0/16 or 192.168.0.0/8
-p
Enable passive mode do not send anything, only sniff
-s time
It will sleep given time in milliseconds between each arp request
injection. (default 1)
-c count
Number of times to send each arp reques. Usefull for networks with
packet loss, so it will scan given times for each host.
-n node
Last ip octet used for scanning as source host, you can change it
if the default host is already used (from 2 to 253) (default 66)
-S
Enable sleep time suppression between each request. I will sleep each 255
scanned hosts instead of do it by each one, this mode was used on 0.3 beta4
and older releases. Avoid this option on networks with packet loss,
or in wireless networks with low signal level. (also called hardcore mode)
-f
Enable fastmode scan, it will only scan for hosts .1, .100, .254 on each
network, usefull when searching for addresses being used, after find one
you can make a specific range scan to see online boxes.
Scanned hosts can be easily modified at fast_ips[] array on main.c source.
If -p or -r options are not used, netdiscover will automatically scan for common
lan addresses. Those address lists can be modified at common_net[] on main.c
Examples
========
Scan common lan addresses on eth0
# netdiscover -i eth0
Fast scan common lan addresses on eth0 (search only for gateways)
# netdiscover -i eth0 -f
Scan some fixed ranges
# netdiscover -i eth0 172.26.0.0/24
# netdiscover -i eth0 192.168.0.0/16
# netdiscover -i eth0 10.0.0.0/8
Scan common lan addresses with sleep time 0.5 instead of default 1
# netdiscover -i eth0 -s 0.5
Scan fixed range on fast mode with sleep time 0.5 instead of default 1
# netdiscover -i eth0 192.168.0.0/16 -f -s 0.5
Only sniff for arp traffic, dont send nothing
# netdiscover -i eth0 -p
Scan for common lan addresses using old hardcore mode (much more faster, but
avoid it on networks with bad link)
# netdiscover -i eth0 -S
More parameter combinations are possible, these are only some examples.
Bugs & Contact
==============
Feel free to mail me with any problem, bug, suggestions or fixes at:
Jaime Penalba <jpenalbae@gmail.com>