Skip to content
This repository has been archived by the owner on Jul 4, 2023. It is now read-only.

mmaraya/ipforensics

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

202 Commits

doc

doc

 
 

include

include

 
 

lib

lib

 
 

src

src

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Doxyfile

Doxyfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

icon.png

icon.png

 
 

Repository files navigation

ipforensics logo ipforensics Build Status Coverity Scan Build Status

ipforensics is a network administration utility that conducts a passive inventory of IPv4 and IPv6 devices on your local network segment by either capturing live packets off the network or reading previously recorded packet capture files. It can be used to perform passive network enumeration and assist in IPv4 to IPv6 migrations by displaying the number of network devices detected that have only IPv4, have only IPv6 or are dual-stacked IPv4 and IPv6.

Supported Platforms

ipforensics runs under Linux, Mac OS X, and Windows.

Download

Precompiled binaries for the latest version of ipforensics can be downloaded from https://github.com/mmaraya/ipforensics/releases/tag/v1.0.

Usage

ipforensics [-hv] [-d device] [-f filename] [-n packets]
-h: display usage
-v: verbose display
-i interface: packet capture device to use (admin needed)
-c count: number of packets to read or capture
-r in file: read packets from pcap file
-w out file: write summary report to file, or append if the file exists

To read all packets from a pcap file named mycap.cap, use:

ipforensics -r mycap.cap

To read the first 100 packets from a pcap file named mycap.cap, use:

ipforensics -r mycap.cap -c 100

To read the first 250 packets from network device eth0, use:

sudo ipforensics -i eth0 -c 250

To read the first 125 packets from network device eth0 and write or append results to out.txt, use:

sudo ipforensics -i eth0 -c 125 -w out.txt

Sample Output

MAC Address       IPv4 Address    IPv6 Address
================= =============== =======================================
00:23:be:bf:22:ec 192.168.1.102
00:25:00:ef:54:69 192.168.1.4
00:26:bb:21:ad:40 192.168.1.9     fe80::226:bbff:fe21:ad40
00:7f:28:cf:e9:19 108.160.163.43
6c:c2:6b:22:89:c3 192.168.1.2
a4:d1:d2:3e:31:f8 192.168.1.6     fe80::841:557d:84c6:a048
ac:16:2d:bd:36:ec 192.168.1.12    fe80::ae16:2dff:febd:36ec
dc:2b:61:69:51:e0 192.168.1.3     fe80::104e:a2c9:540:5ba2
f4:5f:d4:34:a5:ee 192.168.1.100
=========================================================================
Hosts: 9; IPv4 only: 5; IPv6 only: 0; dual-stack: 4; migrated: 44%

License

Please see the file named LICENSE.

Issues

Please submit questions, comments, bugs, enhancement requests at https://github.com/mmaraya/ipforensics/issues.

Disclaimer

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

PCAP-based IPv6 migration reporting tool

Resources

Readme

License

View license
Activity

Stars

5 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases 2

ipforensics 1.0 Latest
Apr 7, 2014
+ 1 release

Packages

No packages published

Languages