Day 46: Nmap, ip range scanning
Since yesterday, we know how to get a list of opened port on a machine.
Sometimes, it is usefull to scan a specific port on a larger ip range, to find a machine with a dynamic IP (in a NAT configuration for example).
# Return a list of running machines with an SSH port opened (22):
$ nmap -sS -p 22 10.42.1.0/24
Starting Nmap 6.47 ( http://nmap.org ) at 2017-07-26 09:31 UTC
Nmap scan report for 10.42.1.1
Host is up (0.00019s latency).
PORT STATE SERVICE
22/tcp filtered ssh
MAC Address: 06:44:0C:F3:80:93 (Unknown)
Nmap scan report for 10.42.1.89
Host is up (-0.076s latency).
PORT STATE SERVICE
22/tcp closed ssh
MAC Address: 06:89:6A:F5:0B:75 (Unknown)
Nmap scan report for 10.42.1.112
Host is up (-0.076s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 06:57:41:2F:0D:23 (Unknown)
Nmap scan report for 10.42.1.121
Host is up (-0.076s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 06:2D:E4:27:3E:2B (Unknown)
Nmap scan report for 10.42.1.150
Host is up (-0.076s latency).
PORT STATE SERVICE
22/tcp closed ssh
MAC Address: 06:72:D8:4B:71:45 (Unknown)
Nmap scan report for 10.42.1.201
Host is up (-0.076s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 06:30:ED:68:BB:2F (Unknown)
Nmap scan report for 10.42.1.209
Host is up (0.00022s latency).
PORT STATE SERVICE
22/tcp closed ssh
MAC Address: 06:60:87:D5:14:FD (Unknown)
Nmap scan report for 10.42.1.101
Host is up (0.000066s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (8 hosts up) scanned in 4.14 seconds
Legal
Of course, nmap can be used for scanning public IP ranges. Please don’t do it. It can be prohibited by your ISP, or some local laws: https://nmap.org/book/legal-issues.html