NMAP – scan for unused or down IP’s

nmap -v sn -n 192.168.3.0/23 -oG - | awk '/Status: Down/{print $2}'
-sn (No port scan) .
 This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the scan. This is often known
 as a "ping scan", but you can also request that traceroute and NSE host scripts be run. This is by default one step more intrusive than the list scan, and
 can often be used for the same purposes. It allows light reconnaissance of a target network without attracting much attention. Knowing how many hosts are
 up is more valuable to attackers than the list provided by list scan of every single IP and host name.

Systems administrators often find this option valuable as well. It can easily be used to count available machines on a network or monitor server
 availability. This is often called a ping sweep, and is more reliable than pinging the broadcast address because many hosts do not reply to broadcast
 queries.


 -n (No DNS resolution) .
 Tells Nmap to never do reverse DNS resolution on the active IP addresses it finds. Since DNS can be slow even with Nmap's built-in parallel stub resolver,
 this option can slash scanning times.


-oG filespec (grepable output) .
 This output format is covered last because it is deprecated. The XML output format is far more powerful, and is nearly as convenient for experienced
 users. XML is a standard for which dozens of excellent parsers are available, while grepable output is my own simple hack. XML is extensible to support
 new Nmap features as they are released, while I often must omit those features from grepable output for lack of a place to put them.

Nevertheless, grepable output is still quite popular. It is a simple format that lists each host on one line and can be trivially searched and parsed with
 standard Unix tools such as grep, awk, cut, sed, diff, and Perl. Even I usually use it for one-off tests done at the command line. Finding all the hosts
 with the SSH port open or that are running Solaris takes only a simple grep to identify the hosts, piped to an awk or cut command to print the desired
 fields.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Get Free Shipping on Everything All Season Long
Best Buy Co, Inc.
Best Buy Co, Inc.