You might be accidentally updating your apt source list and type apt update. But you might not realize that upgrading your installed module will cause one of your favorite tools not working: netdiscover.
In my case above, I’m running Kali Linux 2020.3, with netdiscover version 0.5.1 and libpcap0.8 version 1.10.0-2. I encountered this problem earlier when the default installation of Kali Linux already used the latest version of libpcap0.8. Tool netdiscover is not giving me the expected result: list of IPs in the same subnet. As you can see above, there is not even the IP address of the gateway.
I did some validation with my installation first. The network setting might be different between Kali Linux VM and target VM. I’m using VMware Fusion on my Apple macOS, this is the configuration of my Kali Linux VM (above), and my Metasploitable 3 Microsoft Windows 2008 (below). Make sure that both VMs are connected to the same network segment, and netdiscover is using the network interface connected to the same network with the target. Also, it is good to check this configuration especially when you installed multiple network interfaces in your Kali Linux
Then, check the connectivity with ifconfig and use that interface in netdiscover as command below. There is a backtick ` between hostname -I command. It means execute that command first then use the output to the next command. Also, pay attention the network CIDR. Below example shows that my eth0 was assign to network 172.16.139.0/24, but several cases you might encounter the network CIDR /20 or /16. Unfortunatelly, netdiscover is not supporting CIDR /20, you can either choose /24 or /16 to scan the network.
I usually set up my VM run on the private network, so that it is not accidentally updating itself, downloading stuffs that I don’t want, or perhaps upgrading libraries that might break the experience. But if I want to download things from internet, I switch the network interface and revert it back again after it is done. Kali Linux and Windows 2008 are smart enough to detect whether there is a change in the networking setting. Above case is the example when I want to download files from internet. This configuration will not return the result since Kali Linux is on the different network with Metasploitable 3 Windows 2008. But, for this blog purpose, I already configured both VMs are on “Private to my Mac” setting.
When I realized that netdiscover was not giving me the expected result. I checked the installed version of libpcap0.8, the library that handles ARPs capturing using command apt-cache policy libpcap0.8. It showed 1.10.0-2, Unfortunately, if you search libpcap0.8 in debian.org website, you will notice that the latest stable version is buster (stable) 1.8.1-6. I decided to downgrade the library and use the stable version. Then I download the proper binary according to the system architecture. In my case, I’m using amd64 binary.
I run this VM on VMware Fusion 10.5 and also Oracle VirtualBox 6.1.8, both virtualization run Kali Linux 2020.3 with updated libpcap0.8. The results are similar: netdiscover is not working as expected. After downgrading to libpcap0.8 1.8.1-6, all ARP packages are captured by netdiscover, as screenshot above.
But this odd is not happening to my Kali Linux on the cloud. Using the latest version of netdiscover, and latest libpcap, the netdiscover still be able to capture ARP packets and show the expected result as picture below.
Even after I upgraded netdiscover to the latest version on my Kali Linux, and using the latest version of libpcap0.8, netdiscover still not be able to show the expected results. I’m guessing that something blocking the latest version of libpcap run under VMware Fusion and Oracle VirtualBox. Will update this again after I discover the technical reason.
Happy hunting!
UPDATE April 11th, 2021 01:05AM UTC:
There’s discussion in netdiscover github repository, user fajard01 mentioned that the netdiscover showed the expected result because I’m using /16 CIDR, while using /24 netdiscover didn’t show any result. I just tested on the Kali Linux AWS using netdiscover v0.7 and libpcap0.8 1.10.0-2 both with /16 and /24. Yes, it is confirmed that using /24 makes netdiscover not giving the expected result. But when I downgraded the libpcap0.8 to 1.8.1-6, both /16 and /24 gave me the expected result as below.
netdiscover 0.7 + libpcap0.8 1.10.0-2: No result for /24 
netdiscover 0.7 + libpcap0.8 1.8.1-6: results for /24 and /16
