Searching for NetDiscover or equivalent tool.
-
On Linux systems I have often used NetDiscover, a useful tool for detecting IPs on NICs:
luis@Midnighter:~$ sudo netdiscover -i eth2 Currently scanning: 172.28.25.0/16 | Screen View: Unique Hosts 90 Captured ARP Req/Rep packets, from 12 hosts. Total size: 5400 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor ----------------------------------------------------------------------------- 192.168.10.2 00:24:a5:0e:a8:42 01 060 Unknown vendor 192.168.11.1 00:24:a5:0e:a8:42 48 2880 Unknown vendor 192.168.11.100 ac:22:0b:51:dd:33 29 1740 Unknown vendor 192.168.11.108 00:0a:e4:a0:7f:78 01 060 Wistron Corp. 192.168.11.110 00:1d:60:13:df:cb 01 060 ASUSTek COMPUTER INC. 192.168.11.116 00:1d:7d:d4:39:29 01 060 GIGA-BYTE TECHNOLOGY CO.,LTD. 192.168.11.230 00:24:a5:c8:16:a2 01 060 Unknown vendor 192.168.11.240 00:12:0e:2d:ee:0a 01 060 AboCom 192.168.11.253 00:18:f8:92:28:02 04 240 Cisco-Linksys LLC 192.168.11.254 00:14:bf:60:19:88 01 060 Cisco-Linksys LLC 192.168.22.1 00:24:a5:c8:16:a2 01 060 Unknown vendor 192.168.210.1 00:24:a5:c8:16:a2 01 060 Unknown vendor
Is there anything equivalent for pfSense? The original is available for download, but it requires compilation:
http://nixgeneration.com/~jaime/netdiscover/releases/
I would like some CLI method, but GUI are accepted too.
-
pretty sure arp scan is same thing… You could just install the package
here is 64bit version
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/arp-scan-1.9.txz[2.2.6-RELEASE][root@pfSense.local.lan]/root: arp-scan -I em1 -l
Interface: em1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.9.7 00:0c:29:f0:74:06 VMware, Inc.
192.168.9.8 00:0c:29:48:2d:09 VMware, Inc.
192.168.9.31 b8:27:eb:1c:6e:09 Raspberry Pi Foundation
192.168.9.40 00:1f:29:54:17:14 Hewlett-Packard Company
192.168.9.99 00:06:dc:43:ad:78 Syabas Technology (Amquest)
192.168.9.100 18:03:73:b1:0d:d3 Dell Inc
192.168.9.128 00:1e:2a:d3:c9:3d Netgear Inc.
192.168.9.224 00:0c:29:68:0a:3c VMware, Inc.hmmmm not seeing my cisco sg300?? Odd, clearly is in the arp table of pfsense
sg300.local.lan (192.168.9.252) at c0:7b:bc:65:4f:13 on em1 expires in 1162 seconds [ethernet]
Hmm now its seeing it, sometimes sees it, sometimes doesnt?
[2.2.6-RELEASE][root@pfSense.local.lan]/root: arp-scan -I em1 -l
Interface: em1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.9.7 00:0c:29:f0:74:06 VMware, Inc.
192.168.9.8 00:0c:29:48:2d:09 VMware, Inc.
192.168.9.31 b8:27:eb:1c:6e:09 Raspberry Pi Foundation
192.168.9.40 00:1f:29:54:17:14 Hewlett-Packard Company
192.168.9.99 00:06:dc:43:ad:78 Syabas Technology (Amquest)
192.168.9.100 18:03:73:b1:0d:d3 Dell Inc
192.168.9.128 00:1e:2a:d3:c9:3d Netgear Inc.
192.168.9.224 00:0c:29:68:0a:3c VMware, Inc.
192.168.9.252 c0:7b:bc:65:4f:13 (Unknown) -
It happens to me too on Linux when using netdiscover: sometimes some device is not seen.
But I think it is normal: this list is not exhaustive, because it depends on the method(s) used to detect devices.
Even nMap sometimes does not detect an open port that is really open, i.e: 22TCP is shown as filtered, but if I try to log via SSH, I success.
When I reviewed about the matter sometime ago, I found a brief explanation about the several methods that detect nearly 100% each device in the LAN at the websites of dSploit and zANTI2 for Android: ARP scan, ICMP ping… etc.Anyway, NetDiscover/ARP-Scan partial search is enough for me on most cases.
Thanks you, JohnPoz.