概述

今天上课听到大佬讲这款工具，学习了一波~
ARP是将IP地址转化物理地址的网络协议。通过该协议，可以判断某个IP地址是否被使用，从而发现网络中存活的主机。
Kali Linux提供的netdiscover工具，就是借助该协议实施主机发现。它既可以以被动模式嗅探存活的主机，也可以以主动模式扫描主机。用户还可以根据网络稳定性，调整发包速度和数量。

安装

kali下面的，ubuntu的软件源里面也有，所以安装很简单，用包管理器安装就好了
apt install netdiscover
因为工具比较简单所以使用也是比较简单的没有什么复杂的参数
首先看一下它的help

root@kali:~# netdiscover --help
netdiscover: invalid option -- '-'

Netdiscover 0.3-pre-beta7 [Active/passive arp reconnaissance tool]
Written by: Jaime Penalba <jpenalbae@gmail.com>

Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-c]
  -i device: your network device
  -r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
  -l file: scan the list of ranges contained into the given file
  -p passive mode: do not send anything, only sniff
  -m file: scan the list of known MACs and host names
  -F filter: Customize pcap filter expression (default: "arp")
  -s time: time to sleep between each arp request (milliseconds)
  -n node: last ip octet used for scanning (from 2 to 253)
  -c count: number of times to send each arp reques (for nets with packet loss)
  -f enable fastmode scan, saves a lot of time, recommended for auto
  -d ignore home config files for autoscan and fast mode
  -S enable sleep time supression between each request (hardcore mode)
  -P print results in a format suitable for parsing by another program
  -N Do not print header. Only valid when -P is enabled.
  -L in parsable output mode (-P), continue listening after the active scan is completed

If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.

之后介绍一下常用的几个用法吧最简单的就是直接输入netdiscover
之后就是运行它的默认配置然后扫描局域网中所有的机器

image.png

默认的配置扫描网络会比较慢因为你可以看到是扫描B类地址的，所以在局域网中我们没必要这么复杂输入下面就好了
netdiscover -i eth0 -r 192.168.153.1/24
-i是指定网卡
-r是指定ip地址的范围
之后大家可以看一下

image.png

其他的扫描方式，--help可以自己尝试