Only SYN packets are sent (using a connect call) to ports 80 and 443 Request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP The default host discovery done with -sn consists of an ICMP echo Reliable than pinging the broadcast address because many hosts do not This is often called a ping sweep, and is more It canĮasily be used to count available machines on a network or monitor Systems administrators often find this option valuable as well. Up is more valuable to attackers than the list provided by list scan Network without attracting much attention. It allows light reconnaissance of a target This is byĭefault one step more intrusive than the list scan, and can often be This is often known as a “ping scan”, but you canĪlso request that traceroute and NSE host scripts be run. Only print out the available hosts that responded to the hostĭiscovery probes. This option tells Nmap not to do a port scan after host discovery, and If you want to scan a /24, change the command above to query all 254 hosts.įrom the nmap book, -sP is discontinued and replaced by -sn: Unless I'm missing something, that should be a /25 mask and 126 hosts available. This will list every host in your network (so, you could use any other IP from that subnet as it should be available).Įdit and note: The subnet you mention is 255.255.255.128, but then you show the output as scanning 254 hosts. I don't know which version of nmap you are running in your Red Hat 6.5, but for recent releases, the correct (and faster) way I think it would be: But the same thing is done on the wire in both cases. Mine can be done without privilege, and may give you a better understanding of what's actually happening. When a privileged user tries to scan targets on a local ethernet network, ARP requests are used unless -send-ip was specified. Note the text quoted in Leo's answer about nmap: Vishal, the methods are functionally identical. This method's not infallible - it misses devices that are turned off, for one thing - but it's the least-dreadful method I've yet tried.Įdit: Eric Duminil, yes, it only works on a local network see paragraph one. Here's a device that's just down note the lack of a MAC address: tmp]$ ping -c 1 -W 1 192.168.3.241ġ packets transmitted, 0 received, 100% packet loss, time tmp]$ arp -a -n|grep -w 192.168.3.241 Here's a filtering device (one configured with a single line of iptables to ignore all traffic): tmp]$ ping -c 1 -W 1 192.168.3.31ġ packets transmitted, 0 received, 100% packet loss, time tmp]$ arp -a -n|grep -w 192.168.3.31 Here's a simple, non-filtering device (ie, one which isn't configured to ignore some classes of IP traffic): tmp]$ ping -c 1 -W 1 192.168.3.1 Given that you specify you're scanning a local network, I find the least-fragile method of doing what you want is to try to connect to a remote address, then look in my ARP cache. Devices are not, however, free to ignore ARP requests, afaik. What exactly am I doing wrong here? Is there any foolproof way in Red Hat Linux (RHEL) of discovering all IP addresses being used in the subnet of which my computer is a part of? RHEL: 6.5Īny well-behaved device on an Ethernet LAN is free to ignore nearly any traffic, so PINGs, port scans, and the like are all unreliable. The result on B is not even showing its own IP address as well as the IP address of A! Nmap done: 256 IP addresses (8 hosts up) scanned in 1.23 secondsīut on B, the result is different i.e., Nmap done: 256 IP addresses (0 hosts up) scanned in 0.00 seconds On A, the result shows, a list of 8 IP addresses which are (supposedly) already being used, including that of A and B. I want to configure multiple IP addresses to the same machine and hence I want to know what all IP addresses are already being used in the subnet.įrom an earlier question, I tried nmap -sP -PR 172.16.128.* command, but, I'm skeptical about its result as the same command gives different results on my two computers (A and B). Both have got a static IP address with a subnet mask of 255.255.255.128 (I checked that a DHCP server was not being used). I've got access to two computers (A and B) on a network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |