We have detected ping scans, web server scans with nikto etc from our internal network. So me & my team can get the info even if somebody is performing a ping between internal hosts. The network has a firewall & I am part of the monitoring team which needs to look for network traffic anomalies. Out of curiosity, I tried running the tool in my company network. I would like to share with you one of my experience. Netdiscover is a simple arp scanner which can be used to enumerate hosts. Syntax: netdiscover -P -N Ĭommand: netdiscover-r 192.168.1.1/24 -PN
There is a parsable output option also in case you want to pipe it to a file. p option helps on this but at the cost of patience. For this, simply we need specify all the ranges we want to scan in a file line-by-line Syntax: netdiscover -l Ĭommand: netdiscover -l ranges File containing ranges to scan Multiple Ranges This is useful when you have a large network with multiple subnets & networks. We can scan a specific range with -r option Syntax: netdiscover -r Ĭommand: netdiscover -r 192.168.1.0/24 Specifying Range
Netdiscover runs simply by calling executing the command in auto mode Syntax: netdiscover L in parsable output mode (-P), continue listening after the active scan is completed Lab: Simple Host discovery & Related Options P print results in a format suitable for parsing by another program S enable sleep time supression betwen each request (hardcore mode) d ignore home config files for autoscan and fast mode f enable fastmode scan, saves a lot of time, recommended for auto c count: number of times to send each arp reques (for nets with packet loss) n node: last ip octet used for scanning (from 2 to 253) s time: time to sleep between each arp request (miliseconds) F filter: Customize pcap filter expression (default: "arp") m file: scan the list of known MACs and host names p passive mode: do not send anything, only sniff l file: scan the list of ranges contained into the given file r range: scan a given range instead of auto scan. Produces a live display of identified hosts.Netdiscover is a simple and initial-recon tool which can be very handy. This can be used in the first phases of a pentest where you have access to a network. It simply produces the output in a live display(ncurse). Netdiscover is a simple ARP scanner which can be used to scan for live hosts in a network. Netdiscover – simple ARP Scanner to scan for live hosts in a network
0 kommentar(er)
