Searching for NetDiscover or equivalent tool.



  • On Linux systems I have often used NetDiscover, a useful tool for detecting IPs on NICs:

    luis@Midnighter:~$ sudo netdiscover -i eth2
     Currently scanning: 172.28.25.0/16   |   Screen View: Unique Hosts
    
     90 Captured ARP Req/Rep packets, from 12 hosts.   Total size: 5400
     _____________________________________________________________________________
       IP            At MAC Address      Count  Len   MAC Vendor
     -----------------------------------------------------------------------------
     192.168.10.2    00:24:a5:0e:a8:42    01    060   Unknown vendor
     192.168.11.1    00:24:a5:0e:a8:42    48    2880   Unknown vendor
     192.168.11.100  ac:22:0b:51:dd:33    29    1740   Unknown vendor
     192.168.11.108  00:0a:e4:a0:7f:78    01    060   Wistron Corp.
     192.168.11.110  00:1d:60:13:df:cb    01    060   ASUSTek COMPUTER INC.
     192.168.11.116  00:1d:7d:d4:39:29    01    060   GIGA-BYTE TECHNOLOGY CO.,LTD.
     192.168.11.230  00:24:a5:c8:16:a2    01    060   Unknown vendor
     192.168.11.240  00:12:0e:2d:ee:0a    01    060   AboCom
     192.168.11.253  00:18:f8:92:28:02    04    240   Cisco-Linksys LLC
     192.168.11.254  00:14:bf:60:19:88    01    060   Cisco-Linksys LLC
     192.168.22.1    00:24:a5:c8:16:a2    01    060   Unknown vendor
     192.168.210.1   00:24:a5:c8:16:a2    01    060   Unknown vendor
    

    Is there anything equivalent for pfSense? The original is available for download, but it requires compilation:

    http://nixgeneration.com/~jaime/netdiscover/releases/

    I would like some CLI method, but GUI are accepted too.


  • LAYER 8 Global Moderator

    pretty sure arp scan is same thing… You could just install the package

    here is 64bit version
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/arp-scan-1.9.txz

    [2.2.6-RELEASE][root@pfSense.local.lan]/root: arp-scan -I em1 -l
    Interface: em1, datalink type: EN10MB (Ethernet)
    Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
    192.168.9.7    00:0c:29:f0:74:06      VMware, Inc.
    192.168.9.8    00:0c:29:48:2d:09      VMware, Inc.
    192.168.9.31    b8:27:eb:1c:6e:09      Raspberry Pi Foundation
    192.168.9.40    00:1f:29:54:17:14      Hewlett-Packard Company
    192.168.9.99    00:06:dc:43:ad:78      Syabas Technology (Amquest)
    192.168.9.100  18:03:73:b1:0d:d3      Dell Inc
    192.168.9.128  00:1e:2a:d3:c9:3d      Netgear Inc.
    192.168.9.224  00:0c:29:68:0a:3c      VMware, Inc.

    hmmmm not seeing my cisco sg300??  Odd, clearly is in the arp table of pfsense

    sg300.local.lan (192.168.9.252) at c0:7b:bc:65:4f:13 on em1 expires in 1162 seconds [ethernet]

    Hmm now its seeing it, sometimes sees it, sometimes doesnt?

    [2.2.6-RELEASE][root@pfSense.local.lan]/root: arp-scan -I em1 -l
    Interface: em1, datalink type: EN10MB (Ethernet)
    Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
    192.168.9.7    00:0c:29:f0:74:06      VMware, Inc.
    192.168.9.8    00:0c:29:48:2d:09      VMware, Inc.
    192.168.9.31    b8:27:eb:1c:6e:09      Raspberry Pi Foundation
    192.168.9.40    00:1f:29:54:17:14      Hewlett-Packard Company
    192.168.9.99    00:06:dc:43:ad:78      Syabas Technology (Amquest)
    192.168.9.100  18:03:73:b1:0d:d3      Dell Inc
    192.168.9.128  00:1e:2a:d3:c9:3d      Netgear Inc.
    192.168.9.224  00:0c:29:68:0a:3c      VMware, Inc.
    192.168.9.252  c0:7b:bc:65:4f:13      (Unknown)



  • It happens to me too on Linux when using netdiscover: sometimes some device is not seen.
    But I think it is normal: this list is not exhaustive, because it depends on the method(s) used to detect devices.
    Even nMap sometimes does not detect an open port that is really open, i.e: 22TCP is shown as filtered, but if I try to log via SSH, I success.
    When I reviewed about the matter sometime ago, I found a brief explanation about the several methods that detect nearly 100% each device in the LAN at the websites of dSploit and zANTI2 for Android: ARP scan, ICMP ping… etc.

    Anyway, NetDiscover/ARP-Scan partial search is enough for me on most cases.
    Thanks you, JohnPoz.


Log in to reply