ARP偵查工具Netdiscover

大學霸發表於2015-01-14

ARP偵查工具Netdiscover

Netdiscover是一個主動/被動的ARP偵查工具。該工具在不使用DHCP的無線網路上非常有用。使用Netdiscover工具可以在網路上掃描IP地址,ARP偵查工具Netdiscover檢查線上主機或搜尋為它們傳送的ARP請求。下面將介紹Netdiscover工具的使用方法。本文選自Kail Linux滲透測試實訓手冊大學霸

首先檢視下Netdiscover工具的幫助資訊,執行命令如下所示:


  • root@kali:~# netdiscover -h
  • Netdiscover 0.3-beta7 [Active/passive arp reconnaissance tool]
  • Written by: Jaime Penalba
  • Usage: netdiscover [-i device] [-r range | -l file | -p] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-C]
  •   -i device: your network device
  •   -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
  •   -l file: scan the list of ranges contained into the given file
  •   -p passive mode: do not send anything, only sniff
  •   -F filter: Customize pcap filter expression (default: "arp")
  •   -s time: time to sleep between each arp request (miliseconds)
  •   -n node: last ip octet used for scanning (from 2 to 253)
  •   -c count: number of times to send each arp reques (for nets with packet loss)
  •   -f enable fastmode scan, saves a lot of time, recommended for auto
  •   -d ignore home config files for autoscan and fast mode
  •   -S enable sleep time supression betwen each request (hardcore mode)
  •  ?-P print results in a format suitable for parsing by another program
  •   -L in parsable output mode (-P), continue listening after the active scan is completed
  • If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.


輸出的資訊顯示了Netdiscover的語法格式及可用的引數本文選自Kail Linux滲透測試實訓手冊大學霸

【例項3-3】使用Netdiscover工具掃描區域網中所有的主機ARP偵查工具Netdiscover。執行命令如下所示:


  • root@kali:~# netdiscover


執行以上命令後,將顯示如下所示的資訊:


  • Currently scanning: 10.7.99.0/8   |   Screen View: Unique Hosts              
  •                                                                               
  •  692 Captured ARP Req/Rep packets, from 3 hosts.   Total size: 41520           
  •  _____________________________________________________________________________
  •    IP            At MAC Address      Count  Len   MAC Vendor                  
  •  -------------------------------------------------------------------------------------------------------------------------------
  •  192.168.6.102   00:e0:1c:3c:18:79    296    17760   Cradlepoint, Inc         
  •  192.168.6.1     14:e6:e4:ac:fb:20    387     23220   Unknown vendor           
  •  192.168.6.110   00:0c:29:2e:2b:02    09      540     VMware, Inc.


從輸出的資訊中,可以看到掃描到三臺主機本文選自Kail Linux滲透測試實訓手冊大學霸ARP偵查工具Netdiscover

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29597077/viewspace-1401147/,如需轉載,請註明出處,否則將追究法律責任。

相關文章