[QCLUG] Linux Tool of the Week - netdiscover

[Arron Lorenz]

---------------------- multipart/alternative attachment
Chris,will you been attending the next meeting a CIPA? Maybe you could do a
short presentation about netdiscover. I would be interested in seeing it in
operation.

Arron

On Mon, Nov 24, 2008 at 7:41 PM, Dave Bergert <dbergert@gmail.com> wrote:

> Cool:
>
> I was not famialar with netdiscover:   You can also do an apr scan with
> nmap: http://nmap.org/
>
> nmap -PR <ip addr/range>
>
> but it looks like netdiscover gives a little more detail on NIC type/etc
>
> I've also used arpwatch: ( http://en.wikipedia.org/wiki/Arpwatch )  in the
> past to detect when a new device is plugged into the LAN, it can even email
> an alert. - here is a simple how-to
> http://24h.atspace.com/it/security/arpwatch.htm
>
>
> DB
>
>
>
> On Sun, Nov 23, 2008 at 5:14 PM, Chris Cooper <QCAdmin@gmail.com> wrote:
>
>> netdiscover - ARP based network resolution tool.Protocol
>> http://nixgeneration.com/~jaime/netdiscover/<http://nixgeneration.com/%7Ejaime/netdiscover/>
>>
>> This week's highlight I found just over a year ago, and it quickly
>> became one of my favorites.  Netdiscover is a network scanner that
>> finds all of the IP's in use on the local segment.  Because it uses
>> ARP, it is only able to scan the local ethernet segment, however,
>> using arp gives it a couple advantages over traditional tools like
>> nmap.
>>
>> The first advantage is that it can scan for firewalled devices that
>> don't respond to ping requests.  Even if a machine is set to drop all
>> TCP/IP traffic, it will still respond to basic ARP requests.  This is
>> a requirement of the IPv4 specification to try to prevent IP address
>> conflicts.  For those that want to know a little more about ARP,
>> Wikipedia has an excellent article here:
>> http://en.wikipedia.org/wiki/Address_Resolution_Protocol
>>
>> The second advantage netdiscover has is that it does not need an
>> address within the subnet it is trying to scan.  It can quickly skip
>> from subnet to subnet, scanning everything in between.  This is useful
>> when you are looking for a device with an unknown address.  Take, for
>> example, a wireless access point.  Since the AP acts as a bridge, it
>> doesn't need an IP address on the network to do its job, but the IP is
>> required to reconfigure the device.  Netdiscover is an easy way to
>> track down the IP of the switch, even if it is outside the local
>> subnet.
>>
>> Finally, it can show you if any IP address conflicts exist.  In it's
>> output, it provides the MAC address from each response and
>> cross-references it with the OUI list.  This gives you a fair idea of
>> what type of device you are looking for.
>>
>> A final word of note, I have noticed that at full speed, netdiscover
>> tends to occasionally miss devices, especially on large networks or
>> networks with wireless segments.  When scanning multiple subnets, i
>> will typically leave the speed at default, but once I am targeting a
>> specific subnet, I will typically use -s 10 or -s 50 to increase the
>> wait between requests to 10-50ms (the default is 1ms).
>> For example: "netdiscover -i eth0 -r 192.168.1.0/24 -s 50"
>>
>> -Cooper
>> _______________________________________________
>> QCLUG mailing list
>> QCLUG@qclug.org
>> http://qclug.org/mailman/listinfo/qclug
>>
>
>


-- 
From:
Arron James Lorenz
Reel to Reel Drive In
http://www.DavenportDriveIn.com
563-579-7046

---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/a99bb39e/attachment.htm

---------------------- multipart/alternative attachment--