NetDiscover on N900 (Network Reconnaissance, ARP)
 

A fellow Maemo member has ported the NetDiscover tool to the N900. See Hawaii's port and download it at: http://www.knownokia.ca/2010/10/quic...r-on-n900.html

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without DHCP server, when you are wardriving or walkwalking with the N900. It can be also used on hub/switched networks (but we don't have a LAN connection on the N900...)

Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks.

If anyone has any similar networking or penetration testing tools working on the N900 (outside those tools publicly available on the usual repositories) then please share.

The screen-shot is courtesy of ('stolen from') the Knownokia.ca blog.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

I tried to get this working a few days ago. Installed the libnet package first - then opened the tar file and tried running ./configure inside that on my N900.

Discovered I needed a C++ compiler, so messed around getting the necessary packages for that from the Maemo SDK repo. That didn't work out too well (forget the exact errors now).

Now I'm quite confused. On the Know Nokia post, Simon mentioned that he'd "...attached the source, and a precompiled stand-alone binary." My understanding is that a precompiled stand-alone binary has already been compiled - can someone confirm this?

Only problem is, I can't find the elusive binary anywhere in the tar file or linked from the post!

Would anyone be able to shed some light on this?

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Sorry. It's in src/ - as a compiled binary `netdiscover`

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Aha - thanks Simon!

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

I had also spent a few minutes locating the actual binary, and promptly moved it out of the /src directory for myself :)

Does anyone have other similiar tools to share?

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Simon (Hawaii),

I am wondering what would need to be done to use your recompiled version of NetDiscover on interfaces other than eth0. For example. it would be great to be able to run NetDiscover on interface tun0 when connected to a VPN, or perhaps even on gprs0 just for kicks (realizing I would not expect to get any responses, but you never know, perhaps the mobile ISP is misconfigured).

At this point we get a the following message when trying an interface other than wlan0 is

"libnet_init() failed: unknown physical layer type 0x335"

Any thoughts on this subject are welcome, thank you.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Looks interesting, could you push this to extras-devel?

arpscan
 

looks a lot like arp-scan (same as arpscan in some distros, just different name, not sure the history of that (forked?)
see arpscan )
does not need libnet...:D

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Hi, on my side I have backported the latest version from SVN at Sourceforge http://netdiscover.svn.sourceforge.n...y=date#dirlist
The Changelog :


So, here is my contribution :

http://bigbob.fun.free.fr/netdiscove...ild1_armel.deb

Copy somewhere on your device, switch to root access, then as usual, use :

A++

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

colin.stephane,

Does your backported version support network interfaces other than wlan0?

Thank you

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

The error you posted is due to libnet. What they are referring to as layer 0x335, is not supported.

I'm not sure what gprs0 link spec is - the easiest way to fix this would be to bridge a tun/tap interface to it to get a layer 3-2 device to bind to with netdiscover.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

However, the binary from 'colin.stephane' (previous page) does work with gprs0... no any real output, of course. It seems that NetDiscover walks through all subnets but no response from T-Mobile.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

The svn release removes libnet dependency from ifaces.c, ifaces.h and main.c - and puts it onto libpcap.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

As a side note - if you're interested in dumping RAW data from ANY network interface, regardless of link type, see attached. This is stupid useful, it's an absolute necessity for me.

binary only, and it will attach to the first active interface or one supplied through `-i $INTERFACE`.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Hi,

Yes, it work with phonet0 for example but doesn't report any MAC or IP since this interface is not connected ...

I have also compiled the package for x86 to be able to use it on many interfaces on Firewall I have build at office, something like bonding + vlan with name like 'bond0.200:FWB2'

To be clear, I have made the x86 package before the armel one, because I needed the new version to be able to use it on my Firewall interfaces ...

A++

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

What is the difference to tcpdump?

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Thanks for your input colin.stephane and Hawaii, I will try colin.stephane's binary today to see how it goes.

Re: NetDiscover on N900 (Network Reconnaissance, ARP)
 

Could you please be more verbose?
Do you have the code? what is the difference between rawdump and tcpdump?
I run ./rawdump -i phonet0 and seems to capture my first interface (wlan0). Do you kill it with Control-C??

Thanks and Regards.

Alvaro