The first thing we're going to talk about in this section is gathering information. Gathering information about the connected clients and the router is very important because it will help us know what their IP and MAC addresses are and the operating system that they're running, as well as the ports that they have open in their devices. As for the router, we'll be able to know the manufacturer of the router, and then we'll be able to look for exploits and vulnerabilities that we can use against the router or against the clients if we are trying to hack them.
In Chapter 4, Network Penetration Testing, we saw how we can use airodump-ng to discover connected clients. In the second part of the airodump-ng output, we learned how we could see the associated clients and their MAC addresses. That was about it—that's everything we can get before we connect to the target access point. Now, after connecting, we can gather much more detailed information about these devices. There are a lot of programs for this task, but we're going to talk about three programs, starting with the simplest and quickest one—netdiscover.
As we have said before, netdiscover is the quickest and the simplest program to use, but it doesn't show very detailed information about the target clients. It'll only show us their IP address, their MAC address, and sometimes the hardware manufacturer. We're going to use it by typing netdiscover, and then we're going to enter -i and specify our wireless device, which is eth0. Then we're going to enter the range, which can be any range we want. Looking at the IP (which is 10.0.2.1) tells us which network we are in. We want to discover all the clients that are in this network, so we're going to try and see if there is a device in 10.0.2.1. Then we're going to try 12, 13, 14, 15, 16, up to 254—that's the end of the range. So, to specify a whole range, we can write /24. That means we want 10.0.2.1, and then this IP is just going to increase up to 10.0.2.254, which is the end of the IP range in the network. The command for this is as follows:
-i eth0 -r 10.0.2.1/24
We are going to hit Enter. It will return the output really fast, producing the result shown in the following screenshot:
As we said, it's the quickest way, and we can see in the preceding screenshot that we have four devices connected to the network. We have their MAC Addresses and we have the MAC Vendor. That's about it. The method was very quick, and it just shows simple information.