Penetration Testing with Kali Linux – Netdiscover for Wardriving

Any Penetration Testing project is heavily dependent on its first phase i.e. INFORMATION Gathering . Even during the war driving phase we need to discover the Addresses of the live hosts . In a case where your penetration testing requires you to scan for the wireless network addresses without connected to the network , Netdiscover is of assistance .

Netdiscover for Ip Address Enumeration

Netdiscover is used for the active or passive scanning of those wireless networks without the DHCP server , specially when you are wardriving . However the tool can also be used for scanning hub/switched networks . This tool helps in the quick discovery of the IP addresses on a given network , even if we dont have any DHCP server .

In Kali Linux , the Tool is under the following path :

Application →Kali Linux → Information gathering → Live Host Identification → netdiscover

OR just simply type netdiscover on the terminal to start the tool in the Default mode .

To view the Help menu Type  : netdiscover -h and you will get a list of commandline options .

Netdiscover 0.3-beta6 [Active/passive arp reconnaissance tool]
Written by: Jaime Penalba 

Usage: netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]
  -i device: your network device
  -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
  -p passive mode do not send anything, only sniff
  -s time: time to sleep between each arp request (miliseconds)
  -c count: number of times to send each arp reques (for nets with packet loss)
  -n node: last ip octet used for scanning (from 2 to 253)
  -S enable sleep time supression betwen each request (hardcore mode)
  -f enable fastmode scan, saves a lot of time, recommended for auto

If -p or -r aren't enabled, netdiscover will scan for common lan addresses

If you simply type netdicover on the terminal then the Auto Scan is started .

Syntax : netdiscover

This will auto detect online hosts , IP addresses , Mac addresses , Mac Vendors etc . At any point if you want to stop the scan simply type Ctrl+C  .

In case you want Netdiscover only to scan for a range of IP addresses use the following syntax :

netdiscover -I eth0 -r 192.168.100.0/24

Where -I specifies the interface used for Scanning and 192.168.100.0 is the IP range (-r) to be scanned for  .

Netdiscover comes as a network scanner checking for live hosts but what gives it power is to scan a network even when we dont have a DHCP server to access . In such a case where we need a quick network scan , Netdiscover is the best tool to use .