Si alguna vez has utilizado Kali Linux, sabrás que tiene muchísimas herramientas para hacer casi de todo.
También puedes instalarla en cualquier sistema operativo Linux, que en este caso te indicare como instalarlo en Ubuntu/Debian
Tranquilo no lo voy a explicar todas en esta entrada.
La herramienta que es muy sencilla de usar, se llama Net Discover.
¿Que es Net Discover?
Scanning for IP addresses, MAC addresses, host names, and open ports is a way of finding the available computers on a network and finding out which service each computer publishes. In this blog, we will talk about how this can be performed by using Windows PowerShell. In the command below, we are asking netdiscover to find all the live hosts with IP addresses between 192.168.1.1 to 192.168.1.255. We do this by typing; netdiscover -r 192.168.1.0/24. Step 4: Activate Netdiscover. As soon as we enter the command, netdiscover begins sending out ARP requests over the network and then logging the results on our. This week, I bought a reconditioned Macbook Air 2020 Intel i7 running OS Big Sur. I have installed the same set-up: Virtual Box 6.1, run Kali Linux 2020.4. When I run netdiscover, I get hundreds of IP addresses associated to the MAC address of my new Macbook Air. Jul 27, 2015 The netdiscover utility will list all connected hosts on your local LAN. This is useful for scanning a network and determining which hosts are online. I used this command to scan an IP range starting with 192.168.0.1. Jason@darkstar:$ sudo netdiscover -r 192.168.0.1 /24.
Install Open-Source Utilities With Homebrew. The Homebrew command is the underlying package manager that installs all those UNIX and open-source utilities you might want. It’s the easiest way to install them on Mac OS X, just as it is on Linux. Like Homebrew Cask, it uses simple commands. To search for a utility: brew search name.
![Mac Mac](/uploads/1/3/4/4/134453266/919052481.png)
Es una herramienta para sondear la red y así identificar a todos los dispositivos de red.
Se puede utilizar para redes inalambricas o para redes cableadas.
¿Como instalar Net Discover?
Primero si estas utilizando Kali Linux, puedes saltarte este paso ya que lo deberías tener integrado.
Para instalarlo en Ubuntu/Debian solo debéis ejecutar los siguientes comandos:
¿Como puedo utilizar Net Discover?
Es muy fácil de usar, para escanear solo debemos ejecutar el siguiente comando:
Como podéis ver os aparecerán varios dispositivos (A mi solo me aparece una maquina virtual).
Con esto ya veis de una manera muy rápida y sencilla como sondear a los equipos de red.
Network discovery represents an important phase in the Information Gathering activity: it is the process of identifying live hosts on the network. This means that its purpose is not to find all possible informations about the targets (like open ports or vulnerabilities), but just to understand their logical location inside the network. Mapping targets is useful to model network infrastructure.
Nmap
Nmap is the most famous and complete tool for network discovery and scanning: it is considered the “Swiss army knife” of network Security tools and it can be used to perform a large variety of tasks.
Installation
If you are using Kali Linux, Nmap is already part of your arsenal. Otherwise you can install it from package repositories by using
apt-get install nmap
or yum install nmap
or similar commands depending on your Linux distro. You can even download the latest release from https://nmap.org/download.html.Usage
In Kali Linux, Nmap can be started by navigating in the applications menu by clicking on Applications > Information Gathering > nmap like shown in the following image:
Same thing can be done by clicking on the “Show application” menu:
Another possibility is launching it by simply opening the Terminal and typing
nmap
. In any case, we are prompted with tool version and usage instructions:There is a huge list of parameters through which it is possible to perform a great quantity of activities: host discovery, port scanning, service/version detection, OS detection, Firewall/IDS evasion and spoofing, running scripts using Nmap Scripting Engine (NSE) and so on (above only HOST DISCOVERY options are reported).
Host discovery
In this article, we focus on host discovery techniques.We can list hosts belonging to a certain subnet by setting the “-sL” switch; this can be helpful to check the IP addresses belonging to that subnet. The range can be expressed, for example, using the Classless Inter-Domain Routing (CIDR) notation:
Keep in mind this does not send any packet to the hosts: it only makes a list based on the specified network; Nmap by default always tries to do a reverse DNS resolution on the hosts to discover their names.
Instead, if we want to perform a network discovery, we can use the “-sn” switch; this option takes as input an IP address or a range and checks if a host is online or not by sending Address Resolution Protocol (ARP) requests or Internet Control Message Protocol (ICMP) requests depending on the target subnet location (local or remote).
In fact referring to the ISO/OSI stack model, since ARP is a layer 2 protocol, it cannot discover remote systems due to its non routable nature; in that case Nmap automatically switches to ICMP requests which are instead layer 3.
Everytime it is possible, i.e. for hosts on the local subnet, it is better to use ARP discovery since it is faster and highly relayable (ICMP requests can be filtered by Firewalls).
In fact referring to the ISO/OSI stack model, since ARP is a layer 2 protocol, it cannot discover remote systems due to its non routable nature; in that case Nmap automatically switches to ICMP requests which are instead layer 3.
Everytime it is possible, i.e. for hosts on the local subnet, it is better to use ARP discovery since it is faster and highly relayable (ICMP requests can be filtered by Firewalls).
Of course this activity is more intrusive than just listing hosts, but it is a necessary step to understand which machines are up or not.
We can see that in the network defined by the range 192.168.1.0-255 there are 4 hosts that responded to our ARP requests. For every host discovered it is reported its Media Access Control (MAC) address. This value is made by 6 couples of numbers separated by the colon symbol and represents the host in a unique way since refers to the machine network card (the first three couples indicate the manufacturer).
We can see that in the network defined by the range 192.168.1.0-255 there are 4 hosts that responded to our ARP requests. For every host discovered it is reported its Media Access Control (MAC) address. This value is made by 6 couples of numbers separated by the colon symbol and represents the host in a unique way since refers to the machine network card (the first three couples indicate the manufacturer).
Analizying network packets
We can check the discovery activity with a network packet analyzer/sniffer like Wireshark: in Kali, Applications > Sniffing & Spoofing > wireshark.
Once the tool is launched we need to set the network interface we want to listen on, in this case eth0; this can be done by clicking on Capture > Options and then selecting the interface:
Clicking on the Start button launches the packets capture. If now we restart the above Nmap scan we can check its activity in Wireshark main window. The following image shows, as expected, broadcast ARP requests made to the entire range 192.168.1.0-255 by the Kali machine which has IP address 192.168.1.10:
If a machine has the requested IP address, it will respond declaring its MAC address. Data collected in this way are saved in the ARP cache, which is nothing more than a table containing the list of IP addresses with their associated MAC address.
Netdiscover
Netdiscover is my preferred tool for local network discovery: it is pretty fast and offers the possibility to perform both active and passive ARP reconnaissance.
Installation
If you are using Kali Linux, you have it already available. Otherwise, if for example you are using Ubuntu, you can install it from package repositories by using
apt-get install netdiscover
. You can even download the latest release from https://sourceforge.net/projects/netdiscover/.Usage
In Kali Linux, Nmap can be started by navigating in the applications menu by clicking on Applications > Information Gathering > netdiscover like shown in the following image:
Same thing can be done by clicking on the “Show application” menu:
This opens up a Terminal with usage instructions:
They are pretty explanatory; an example of active ARP reconnaissance is this one:
As reported the tool scanned the subnet 192.168.1.0/24 by sendind ARP request on the network and finding out the same four hosts seen before.
If we want to maintain a low profile to avoid getting caught, we can set up a passive ARP discovery; in this case we just sit sniffing the network traffic:
Mac Os Mojave
Of course this will take longer w.r.t. the active scan, but it is difficult to detect since we are just listening for ARP requests and responses on the network made by other systems.
Netdiscover Mac Os Versions
Conclusions
Netdiscover Mac Os High Sierra
We have seen how to use Nmap and Netdiscover for discovering live hosts inside a network. They are both useful tools even if Nmap is better for a port scanning and service detection purpose (in a forthcoming article we will take a look at how it can be used to perform these tasks).