[QCLUG] Linux Tool of the Week - netdiscover

David Hinkle hinkle@cipafilter.com
Tue, 25 Nov 2008 15:01:13 -0600 

This is a multi-part message in MIME format.

---------------------- multipart/alternative attachment
You can bring whatever you want, just let me in on your plans before you =
execute them. =20

David

-----Original Message-----
From: qclug-bounces@qclug.org on behalf of Arron Lorenz
Sent: Tue 11/25/2008 2:59 PM
To: qclug@qclug.org
Subject: Re: [QCLUG] Linux Tool of the Week - netdiscover
=20
Well yes but that doesn't mean we can bring a switch and two laptops? Or
does it?

On Tue, Nov 25, 2008 at 2:49 PM, David Hinkle <hinkle@cipafilter.com> =
wrote:

>  That's ok, you can scan us.  I'll be on hand to make sure you don't =
wreak
> any havok.  I can take a few minutes to talk about nmap as well.
>
> David
>
>
>
> -----Original Message-----
> From: qclug-bounces@qclug.org on behalf of Chris Cooper
> Sent: Tue 11/25/2008 2:46 PM
> To: qclug@qclug.org
> Subject: Re: [QCLUG] Linux Tool of the Week - netdiscover
>
> Out of respect for our host's network, I will politely decline.
> Network scans on private networks and all....
>
> On Tue, Nov 25, 2008 at 2:16 PM, Arron Lorenz <arronlorenz@gmail.com>
> wrote:
> > Chris,
> > will you been attending the next meeting a CIPA? Maybe you could do =
a
> short
> > presentation about netdiscover. I would be interested in seeing it =
in
> > operation.
> > Arron
> >
> > On Mon, Nov 24, 2008 at 7:41 PM, Dave Bergert <dbergert@gmail.com>
> wrote:
> >>
> >> Cool:
> >>
> >> I was not famialar with netdiscover:   You can also do an apr scan =
with
> >> nmap: http://nmap.org/
> >>
> >> nmap -PR <ip addr/range>
> >>
> >> but it looks like netdiscover gives a little more detail on NIC =
type/etc
> >>
> >> I've also used arpwatch: ( http://en.wikipedia.org/wiki/Arpwatch )  =
in
> the
> >> past to detect when a new device is plugged into the LAN, it can =
even
> email
> >> an alert. - here is a simple how-to
> >> http://24h.atspace.com/it/security/arpwatch.htm
> >>
> >>
> >> DB
> >>
> >>
> >> On Sun, Nov 23, 2008 at 5:14 PM, Chris Cooper <QCAdmin@gmail.com>
> wrote:
> >>>
> >>> netdiscover - ARP based network resolution tool.Protocol
> >>> http://nixgeneration.com/~jaime/netdiscover/
> >>>
> >>> This week's highlight I found just over a year ago, and it quickly
> >>> became one of my favorites.  Netdiscover is a network scanner that
> >>> finds all of the IP's in use on the local segment.  Because it =
uses
> >>> ARP, it is only able to scan the local ethernet segment, however,
> >>> using arp gives it a couple advantages over traditional tools like
> >>> nmap.
> >>>
> >>> The first advantage is that it can scan for firewalled devices =
that
> >>> don't respond to ping requests.  Even if a machine is set to drop =
all
> >>> TCP/IP traffic, it will still respond to basic ARP requests.  This =
is
> >>> a requirement of the IPv4 specification to try to prevent IP =
address
> >>> conflicts.  For those that want to know a little more about ARP,
> >>> Wikipedia has an excellent article here:
> >>> http://en.wikipedia.org/wiki/Address_Resolution_Protocol
> >>>
> >>> The second advantage netdiscover has is that it does not need an
> >>> address within the subnet it is trying to scan.  It can quickly =
skip
> >>> from subnet to subnet, scanning everything in between.  This is =
useful
> >>> when you are looking for a device with an unknown address.  Take, =
for
> >>> example, a wireless access point.  Since the AP acts as a bridge, =
it
> >>> doesn't need an IP address on the network to do its job, but the =
IP is
> >>> required to reconfigure the device.  Netdiscover is an easy way to
> >>> track down the IP of the switch, even if it is outside the local
> >>> subnet.
> >>>
> >>> Finally, it can show you if any IP address conflicts exist.  In =
it's
> >>> output, it provides the MAC address from each response and
> >>> cross-references it with the OUI list.  This gives you a fair idea =
of
> >>> what type of device you are looking for.
> >>>
> >>> A final word of note, I have noticed that at full speed, =
netdiscover
> >>> tends to occasionally miss devices, especially on large networks =
or
> >>> networks with wireless segments.  When scanning multiple subnets, =
i
> >>> will typically leave the speed at default, but once I am targeting =
a
> >>> specific subnet, I will typically use -s 10 or -s 50 to increase =
the
> >>> wait between requests to 10-50ms (the default is 1ms).
> >>> For example: "netdiscover -i eth0 -r 192.168.1.0/24 -s 50"
> >>>
> >>> -Cooper
> >>> _______________________________________________
> >>> QCLUG mailing list
> >>> QCLUG@qclug.org
> >>> http://qclug.org/mailman/listinfo/qclug
> >>
> >
> >
> >
> > --
> > From:
> > Arron James Lorenz
> > Reel to Reel Drive In
> > http://www.DavenportDriveIn.com
> > 563-579-7046
> >
> _______________________________________________
> QCLUG mailing list
> QCLUG@qclug.org
> http://qclug.org/mailman/listinfo/qclug
>
>


--=20
From:
Arron James Lorenz
Reel to Reel Drive In
http://www.DavenportDriveIn.com
563-579-7046


---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/f6b3ad6e/attachment.htm

---------------------- multipart/alternative attachment--