knowledge/technology/applications/cli/network/netdiscover.md

---
obj: application
source: https://www.kali.org/tools/netdiscover
repo: https://github.com/netdiscover-scanner/netdiscover
---

# netdiscover
Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without [dhcp](../../../internet/DHCP.md) server, when you are wardriving. It can be also used on hub/switched networks.

Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending ARP requests.

Netdiscover can also be used to inspect your network ARP traffic, or find network addresses using auto scan mode, which will scan for common local networks.

Netdiscover uses the OUI table to show the vendor of the each MAC address discovered and is very useful for security checks or in pentests.

## Options
| Option       | Description                                                                                  |
| ------------ | -------------------------------------------------------------------------------------------- |
| ` -i device` | network device used                                                                          |
| ` -r range`  | scan a given range instead of auto scan. 192.168.6.0/24,/16,/8                               |
| ` -l file`   | scan the list of ranges contained into the given file                                        |
| ` -p`        | passive mode, do not send anything, only sniff                                               |
| ` -m file`   | scan a list of known MACs and host names                                                     |
| ` -F filter` | customize pcap filter expression (default: "arp")                                            |
| ` -s time`   | time to sleep between each ARP request (milliseconds)                                        |
| ` -c count`  | number of times to send each ARP request (for nets with packet loss)                         |
| ` -n node`   | last source IP octet used for scanning (from 2 to 253)                                       |
| ` -d`        | ignore home config files for autoscan and fast mode                                          |
| ` -f`        | enable fastmode scan, saves a lot of time, recommended for auto                              |
| ` -P`        | print results in a format suitable for parsing by another program and stop after active scan | 
| ` -L`        | similar to `-P` but continue listening after the active scan is completed                    |
| ` -N`        | Do not print header. Only valid when `-P` or `-L` is enabled.                                |
| ` -S`        | enable sleep time suppression between each request (hardcore mode)                           |