Information Gatheringarpreconnaissancenetwork-scannerpassiveactivewardriving

netdiscover

Netdiscover is an active/passive network address scanner using ARP requests. It detects online hosts passively or actively on wireless networks without DHCP or hub/switched networks.

Description

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving. It can also be used on hub/switched networks. Built on top of libnet and libpcap, it can passively detect online hosts, or search for them by actively sending ARP requests.

Netdiscover can also be used to inspect your network ARP traffic or find network addresses using auto scan mode, which will scan for common local networks. It uses the OUI table to show the vendor of each MAC address discovered and is very useful for security checks or in pentests.

If -r, -l or -p are not enabled, netdiscover will scan for common LAN addresses.

How It Works

Built on top of libnet and libpcap, netdiscover passively detects online hosts by sniffing ARP traffic or actively searches for them by sending ARP requests. It supports auto scan mode for common local networks, uses OUI table for MAC vendor lookup, and allows customization of pcap filters with default 'arp'. Sleep times and request counts handle packet loss in networks.

Installation

bash

sudo apt install netdiscover

Flags

-i deviceyour network device

-r rangescan a given range instead of auto scan. 192.168.6.0/24,/16,/8

-l filescan the list of ranges contained into the given file

-ppassive mode: do not send anything, only sniff

-m filescan a list of known MACs and host names

-F filtercustomize pcap filter expression (default: "arp")

-s timetime to sleep between each ARP request (milliseconds)

-c countnumber of times to send each ARP request (for nets with packet loss)

-n nodenode limit (default: infinite)

-ddaemon mode

-ffast mode (default: off)

-Pignore ping

-Llist all captured IPs

-Ndo not resolve names

-Sswap octets (useful for some networks)

Examples

Displays the full usage and options for netdiscover

netdiscover --help

Scans common LAN addresses on specified network device eth0 using auto scan mode

netdiscover -i eth0

Actively scans a specific IP range instead of auto scan

netdiscover -r 192.168.6.0/24

Scans the list of ranges contained in the given file

netdiscover -l ranges.txt

Runs in passive mode, sniffing ARP traffic without sending requests

netdiscover -p

Passively monitors ARP traffic on wireless interface wlan0 for wardriving

netdiscover -i wlan0 -p

Scans large range with 50ms sleep between ARP requests, sending each 3 times for packet loss

netdiscover -r 192.168.1.0/16 -s 50 -c 3

Updated 2026-04-16kali.org ↗