Posted by: Troy Tate
ARP, arp scan, education, network scan, network tool, nmap, ping, tool, utility
One of my favorite tools to manage a population of network hosts is the excellent tool NMap. It can easily and quickly be used to scan a large subnet for live hosts. I recently scanned a /16 or 65,535 hosts subnet in about 30 minutes with NMap detecting most common running services on the hosts discovered (note that the network was not very populated, so a densely populated network will take longer to scan than a sparsely populated network). This is a very fast and useful tool. I was particularly interested in MAC addresses as I was seeing some unusual ARP traffic and wanted to see what IP address might be assigned to the device.
The command I used to scan the subnet was:
nmap -PR -oN nmap-arpscan.txt 192.168.0.0/16
This scanned the entire 192.168.0.0/16 network and logged the results to a text file called nmap-arpscan.txt for later review.
One reason to do an ARP sweep on a network is that this will find even firewalled hosts as a system on an IP network may have ICMP filtered but ARP is practically a necessity to participate in network communications. So, this scan will find even firewalled hosts!
You can get more information about NMap from some of my previous blog postings:
What other NMap scans do you do? Share your tips with other ITKE readers!
Thanks for reading and let’s continue to be good network citizens.