Netdiscover Cheat Sheet
netdiscover is an ARP-based network discovery tool used to identify live hosts on a local network. It supports passive and active scanning modes and is especially useful when ICMP is blocked.
Basic Usage (Passive)
netdiscover
Listens for ARP traffic and discovers hosts passively.
Specify Interface
netdiscover -i eth0
Active Scan (CIDR)
netdiscover -r 192.168.1.0/24
Sends ARP requests to identify live hosts.
Active Scan with Interface
netdiscover -i wlan0 -r 192.168.1.0/24
Fast Mode
netdiscover -f -r 192.168.1.0/24
Reduces delays for quicker results.
Ignore Vendor Lookup
netdiscover -N -r 192.168.1.0/24
Output to File
netdiscover -r 192.168.1.0/24 -P
Prints results in a parseable format.
Typical Workflow
ip addr
netdiscover -i eth0 -r 192.168.1.0/24
nmap -sV 192.168.1.10
Output Columns
- IP → Host IP
- MAC → MAC address
- Vendor → Device manufacturer
Common Issues
No hosts found
- Not on same broadcast domain
- Interface incorrect
- VLAN isolation enabled
Requires root
Run with sudo.
Netdiscover vs Nmap
| Feature | Netdiscover | Nmap |
|---|---|---|
| ARP Scan | Yes | Yes |
| Passive Mode | Yes | No |
| Speed (LAN) | Very Fast | Fast |
Related Tools
arp-scannmapbettercapwireshark
Use Cases
- LAN host discovery
- Network mapping
- Pre-attack reconnaissance
- Red team operations
Legal Notice
Danger
Use netdiscover only on networks you own or have permission to test.