Hie Hackers, Hacking a friend or nearby person on same network for fun is always like little show-off we all want to do. But we dont know the IP-Address or corresponding MAC address of our victim. Today let me tell you this small trick which will give you all the IP Addresses and the corresponding MAC Address on the network you are connected.

This is really short so to make it quite extensive let me tell you the basics.
In a local network when the source and destination are on same network, ARP Packets determine “WHO IS WHO“, ARP Requests map MAC to IP on internal network. Router broadcasts ARP to all devices on network asking their corresponding IP and this this can be used to get your Victim. Lets See How.

This now can be used like on some open network or some library network or school network to get more people on network and identify them, now next maybe any attack like MiTM, or even getting reverse shell.

How to Get all the IP and MAC

Step 1: Start Kali Linux or any Pentesting Distro.

Step 2: Now find the Local IP Address ,Open Terminal and type ifconfig and press enter. From the corresponding connection on which you are pickup inet address. eth0 is LAN wlan0 is wifi….

Step 3: Now Open “netdiscover” from Kali Linux Menu or Terminal

Netdiscover 0.3-pre-beta7 [Active/passive arp reconnaissance tool]
Written by: Jaime Penalba <jpenalbae@gmail.com>

Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-s time] [-n node] [-c count] [-f] [-d] [-S] [-P] [-c]
-i device: your network device
-r range: scan a given range instead of auto scan.,/16,/8
-l file: scan the list of ranges contained into the given file
-p passive mode: do not send anything, only sniff
-m file: scan the list of known MACs and host names
-F filter: Customize pcap filter expression (default: "arp")
-s time: time to sleep between each arp request (milliseconds)
-n node: last ip octet used for scanning (from 2 to 253)
-c count: number of times to send each arp reques (for nets with packet loss)
-f enable fastmode scan, saves a lot of time, recommended for auto
-d ignore home config files for autoscan and fast mode
-S enable sleep time supression between each request (hardcore mode)
-P print results in a format suitable for parsing by another program
-N Do not print header. Only valid when -P is enabled.
-L in parsable output mode (-P), continue listening after the active scan is completed

If -r, -l or -p are not enabled, netdiscover will scan for common lan addresses.


Step 4: Now to get all the MAC and IP address on your local network simply type

#netdiscover -r <>

netdiscover -r IP address

Note: netdiscover -r <IP Address> the last part of IP X.X.X.0/24 means scanning the full network ID for all the possible hosts up. Similarly you also have to use 0/24 in the last part.

As soon you type and hit enter the results are on the screen. You may now pick the victim of your choice.

netdiscover -r -P>MAC-IP.txt
You may also list the IP and MAC to some file as record which maybe used later as MAC address dont usually change very often unless changed purposely.

To change your MAC address in case you want to :  MAC Address Spoofing Quickly : MAC Changer


Please enter your comment!
Please enter your name here