Searching for NetDiscover or equivalent tool.

Sopalajo de Arrierez

On Linux systems I have often used NetDiscover, a useful tool for detecting IPs on NICs:

luis@Midnighter:~$ sudo netdiscover -i eth2
 Currently scanning: 172.28.25.0/16   |   Screen View: Unique Hosts

 90 Captured ARP Req/Rep packets, from 12 hosts.   Total size: 5400
 _____________________________________________________________________________
   IP            At MAC Address      Count  Len   MAC Vendor
 -----------------------------------------------------------------------------
 192.168.10.2    00:24:a5:0e:a8:42    01    060   Unknown vendor
 192.168.11.1    00:24:a5:0e:a8:42    48    2880   Unknown vendor
 192.168.11.100  ac:22:0b:51:dd:33    29    1740   Unknown vendor
 192.168.11.108  00:0a:e4:a0:7f:78    01    060   Wistron Corp.
 192.168.11.110  00:1d:60:13:df:cb    01    060   ASUSTek COMPUTER INC.
 192.168.11.116  00:1d:7d:d4:39:29    01    060   GIGA-BYTE TECHNOLOGY CO.,LTD.
 192.168.11.230  00:24:a5:c8:16:a2    01    060   Unknown vendor
 192.168.11.240  00:12:0e:2d:ee:0a    01    060   AboCom
 192.168.11.253  00:18:f8:92:28:02    04    240   Cisco-Linksys LLC
 192.168.11.254  00:14:bf:60:19:88    01    060   Cisco-Linksys LLC
 192.168.22.1    00:24:a5:c8:16:a2    01    060   Unknown vendor
 192.168.210.1   00:24:a5:c8:16:a2    01    060   Unknown vendor

Is there anything equivalent for pfSense? The original is available for download, but it requires compilation:

http://nixgeneration.com/~jaime/netdiscover/releases/

I would like some CLI method, but GUI are accepted too.

johnpoz

pretty sure arp scan is same thing… You could just install the package

here is 64bit version
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/arp-scan-1.9.txz

[2.2.6-RELEASE][root@pfSense.local.lan]/root: arp-scan -I em1 -l
Interface: em1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.9.7    00:0c:29:f0:74:06      VMware, Inc.
192.168.9.8    00:0c:29:48:2d:09      VMware, Inc.
192.168.9.31    b8:27:eb:1c:6e:09      Raspberry Pi Foundation
192.168.9.40    00:1f:29:54:17:14      Hewlett-Packard Company
192.168.9.99    00:06:dc:43:ad:78      Syabas Technology (Amquest)
192.168.9.100  18:03:73:b1:0d:d3      Dell Inc
192.168.9.128  00:1e:2a:d3:c9:3d      Netgear Inc.
192.168.9.224  00:0c:29:68:0a:3c      VMware, Inc.

hmmmm not seeing my cisco sg300??  Odd, clearly is in the arp table of pfsense

sg300.local.lan (192.168.9.252) at c0:7b:bc:65:4f:13 on em1 expires in 1162 seconds [ethernet]

Hmm now its seeing it, sometimes sees it, sometimes doesnt?

[2.2.6-RELEASE][root@pfSense.local.lan]/root: arp-scan -I em1 -l
Interface: em1, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.9.7    00:0c:29:f0:74:06      VMware, Inc.
192.168.9.8    00:0c:29:48:2d:09      VMware, Inc.
192.168.9.31    b8:27:eb:1c:6e:09      Raspberry Pi Foundation
192.168.9.40    00:1f:29:54:17:14      Hewlett-Packard Company
192.168.9.99    00:06:dc:43:ad:78      Syabas Technology (Amquest)
192.168.9.100  18:03:73:b1:0d:d3      Dell Inc
192.168.9.128  00:1e:2a:d3:c9:3d      Netgear Inc.
192.168.9.224  00:0c:29:68:0a:3c      VMware, Inc.
192.168.9.252  c0:7b:bc:65:4f:13      (Unknown)

Sopalajo de Arrierez

It happens to me too on Linux when using netdiscover: sometimes some device is not seen.
But I think it is normal: this list is not exhaustive, because it depends on the method(s) used to detect devices.
Even nMap sometimes does not detect an open port that is really open, i.e: 22TCP is shown as filtered, but if I try to log via SSH, I success.
When I reviewed about the matter sometime ago, I found a brief explanation about the several methods that detect nearly 100% each device in the LAN at the websites of dSploit and zANTI2 for Android: ARP scan, ICMP ping… etc.

Anyway, NetDiscover/ARP-Scan partial search is enough for me on most cases.
Thanks you, JohnPoz.