Kali Linux下的ARP侦测工具__netdiscover
root@hi:~# netdiscover -h Netdiscover 0.3-beta7 [Active/passive arp reconnaissance tool] Written by: Jaime Penalba <[email protected]> Usage: netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-C] -i device: your network device -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8 -l file: scan the list of ranges contained into the given file -p passive mode: do not send anything, only sniff -F filter: Customize pcap filter expression (default: "arp") -s time: time to sleep between each arp request (miliseconds) -n node: last ip octet used for scanning (from 2 to 253) -c count: number of times to send each arp reques (for nets with packet loss) -f enable fastmode scan, saves a lot of time, recommended for auto -d ignore home config files for autoscan and fast mode -S enable sleep time supression betwen each request (hardcore mode) -P print results in a format suitable for parsing by another program -L in parsable output mode (-P), continue listening after the active scan is completed If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.
如果不带任何参数的话,netdiscover命令或从常见的局域网地址进行扫描,如:192.168.0.0-192.168.254.0/24,/16,/8
使用示例:
root@hi:~# netdiscover Currently scanning: 192.168.93.0/16 | Screen View: Unique Hosts 29 Captured ARP Req/Rep packets, from 10 hosts. Total size: 1740 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor ----------------------------------------------------------------------------- 192.168.1.7 44:6d:57:e1:35:4c 06 360 Unknown vendor 192.168.1.1 1c:fa:68:11:ef:57 03 180 Unknown vendor 192.168.1.100 20:68:9d:92:f3:d7 06 360 Unknown vendor 192.168.1.102 fc:25:3f:90:a9:c4 01 060 Unknown vendor 192.168.1.106 20:68:9d:1b:b0:54 02 120 Unknown vendor 192.168.1.104 0c:8b:fd:0b:bb:16 03 180 Unknown vendor 192.168.1.187 50:46:5d:b2:22:4a 01 060 Unknown vendor 192.168.1.190 60:a4:4c:33:0d:07 01 060 Unknown vendor 192.168.1.103 30:85:a9:f6:38:9f 04 240 Unknown vendor 192.168.1.111 20:68:9d:1b:b0:54 02 120 Unknown vendor
使用-r选项手动指定扫描区间(CIDR地址块形式):
root@hi:~/Desktop/2014-2# netdiscover -r 192.168.1.1/24 Currently scanning: Finished! | Screen View: Unique Hosts 94 Captured ARP Req/Rep packets, from 8 hosts. Total size: 5640 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor ----------------------------------------------------------------------------- 192.168.1.100 20:68:9d:92:f3:d7 86 5160 Unknown vendor 192.168.1.1 1c:fa:68:11:ef:57 01 060 Unknown vendor 192.168.1.7 44:6d:57:e1:35:4c 02 120 Unknown vendor 192.168.1.106 20:68:9d:1b:b0:54 01 060 Unknown vendor 192.168.1.104 0c:8b:fd:0b:bb:16 01 060 Unknown vendor 192.168.1.111 20:68:9d:1b:b0:54 01 060 Unknown vendor 192.168.1.187 50:46:5d:b2:22:4a 01 060 Unknown vendor 192.168.1.190 60:a4:4c:33:0d:07 01 060 Unknown vendor
效果还是很不错的,速度很快,比用Wireshark抓包自己分析要快和方便。
《“Kali Linux下的ARP侦测工具__netdiscover”》 有 1 条评论
net_guard – 使用 ARP 协议探测网络中未知设备的工具
https://github.com/joarleymoraes/net_guard