[QCLUG] Linux Tool of the Week - netdiscover
Arron Lorenz
arronlorenz@gmail.com
Tue, 25 Nov 2008 15:17:21 -0600
---------------------- multipart/alternative attachment
It would be interesting to the see the comparison. I do enjoy nmap but that
is just because it's good for everything! I also know that netdiscover has
come in really handy a few times. Mostly because it's quick and easy.
On Tue, Nov 25, 2008 at 3:01 PM, David Hinkle <hinkle@cipafilter.com> wrote:
> You can bring whatever you want, just let me in on your plans before you
> execute them.
>
> David
>
>
> -----Original Message-----
> From: qclug-bounces@qclug.org on behalf of Arron Lorenz
> Sent: Tue 11/25/2008 2:59 PM
> To: qclug@qclug.org
> Subject: Re: [QCLUG] Linux Tool of the Week - netdiscover
>
> Well yes but that doesn't mean we can bring a switch and two laptops? Or
> does it?
>
> On Tue, Nov 25, 2008 at 2:49 PM, David Hinkle <hinkle@cipafilter.com>
> wrote:
>
> > That's ok, you can scan us. I'll be on hand to make sure you don't
> wreak
> > any havok. I can take a few minutes to talk about nmap as well.
> >
> > David
> >
> >
> >
> > -----Original Message-----
> > From: qclug-bounces@qclug.org on behalf of Chris Cooper
> > Sent: Tue 11/25/2008 2:46 PM
> > To: qclug@qclug.org
> > Subject: Re: [QCLUG] Linux Tool of the Week - netdiscover
> >
> > Out of respect for our host's network, I will politely decline.
> > Network scans on private networks and all....
> >
> > On Tue, Nov 25, 2008 at 2:16 PM, Arron Lorenz <arronlorenz@gmail.com>
> > wrote:
> > > Chris,
> > > will you been attending the next meeting a CIPA? Maybe you could do a
> > short
> > > presentation about netdiscover. I would be interested in seeing it in
> > > operation.
> > > Arron
> > >
> > > On Mon, Nov 24, 2008 at 7:41 PM, Dave Bergert <dbergert@gmail.com>
> > wrote:
> > >>
> > >> Cool:
> > >>
> > >> I was not famialar with netdiscover: You can also do an apr scan
> with
> > >> nmap: http://nmap.org/
> > >>
> > >> nmap -PR <ip addr/range>
> > >>
> > >> but it looks like netdiscover gives a little more detail on NIC
> type/etc
> > >>
> > >> I've also used arpwatch: ( http://en.wikipedia.org/wiki/Arpwatch )
> in
> > the
> > >> past to detect when a new device is plugged into the LAN, it can even
> > email
> > >> an alert. - here is a simple how-to
> > >> http://24h.atspace.com/it/security/arpwatch.htm
> > >>
> > >>
> > >> DB
> > >>
> > >>
> > >> On Sun, Nov 23, 2008 at 5:14 PM, Chris Cooper <QCAdmin@gmail.com>
> > wrote:
> > >>>
> > >>> netdiscover - ARP based network resolution tool.Protocol
> > >>> http://nixgeneration.com/~jaime/netdiscover/
> > >>>
> > >>> This week's highlight I found just over a year ago, and it quickly
> > >>> became one of my favorites. Netdiscover is a network scanner that
> > >>> finds all of the IP's in use on the local segment. Because it uses
> > >>> ARP, it is only able to scan the local ethernet segment, however,
> > >>> using arp gives it a couple advantages over traditional tools like
> > >>> nmap.
> > >>>
> > >>> The first advantage is that it can scan for firewalled devices that
> > >>> don't respond to ping requests. Even if a machine is set to drop all
> > >>> TCP/IP traffic, it will still respond to basic ARP requests. This is
> > >>> a requirement of the IPv4 specification to try to prevent IP address
> > >>> conflicts. For those that want to know a little more about ARP,
> > >>> Wikipedia has an excellent article here:
> > >>> http://en.wikipedia.org/wiki/Address_Resolution_Protocol
> > >>>
> > >>> The second advantage netdiscover has is that it does not need an
> > >>> address within the subnet it is trying to scan. It can quickly skip
> > >>> from subnet to subnet, scanning everything in between. This is
> useful
> > >>> when you are looking for a device with an unknown address. Take, for
> > >>> example, a wireless access point. Since the AP acts as a bridge, it
> > >>> doesn't need an IP address on the network to do its job, but the IP
> is
> > >>> required to reconfigure the device. Netdiscover is an easy way to
> > >>> track down the IP of the switch, even if it is outside the local
> > >>> subnet.
> > >>>
> > >>> Finally, it can show you if any IP address conflicts exist. In it's
> > >>> output, it provides the MAC address from each response and
> > >>> cross-references it with the OUI list. This gives you a fair idea of
> > >>> what type of device you are looking for.
> > >>>
> > >>> A final word of note, I have noticed that at full speed, netdiscover
> > >>> tends to occasionally miss devices, especially on large networks or
> > >>> networks with wireless segments. When scanning multiple subnets, i
> > >>> will typically leave the speed at default, but once I am targeting a
> > >>> specific subnet, I will typically use -s 10 or -s 50 to increase the
> > >>> wait between requests to 10-50ms (the default is 1ms).
> > >>> For example: "netdiscover -i eth0 -r 192.168.1.0/24 -s 50"
> > >>>
> > >>> -Cooper
> > >>> _______________________________________________
> > >>> QCLUG mailing list
> > >>> QCLUG@qclug.org
> > >>> http://qclug.org/mailman/listinfo/qclug
> > >>
> > >
> > >
> > >
> > > --
> > > From:
> > > Arron James Lorenz
> > > Reel to Reel Drive In
> > > http://www.DavenportDriveIn.com
> > > 563-579-7046
> > >
> > _______________________________________________
> > QCLUG mailing list
> > QCLUG@qclug.org
> > http://qclug.org/mailman/listinfo/qclug
> >
> >
>
>
> --
> From:
> Arron James Lorenz
> Reel to Reel Drive In
> http://www.DavenportDriveIn.com
> 563-579-7046
>
>
--
From:
Arron James Lorenz
Reel to Reel Drive In
http://www.DavenportDriveIn.com
563-579-7046
---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/88c7a8df/attachment.htm
---------------------- multipart/alternative attachment--