IT Trenches

Dec 15 2009   9:38PM GMT

Use NMap to quickly scan a large subnet for MAC or IP addresses – even firewalled systems!



Posted by: Troy Tate
Tags:
ARP
arp scan
education
network scan
network tool
nmap
ping
tool
utility

One of my favorite tools to manage a population of network hosts is the excellent tool NMap. It can easily and quickly be used to scan a large subnet for live hosts. I recently scanned a /16 or 65,535 hosts subnet in about 30 minutes with NMap detecting most common running services on the hosts discovered (note that the network was not very populated, so a densely populated network will take longer to scan than a sparsely populated network). This is a very fast and useful tool. I was particularly interested in MAC addresses as I was seeing some unusual ARP traffic and wanted to see what IP address might be assigned to the device.

The command I used to scan the subnet was:

nmap -PR -oN nmap-arpscan.txt 192.168.0.0/16

This scanned the entire 192.168.0.0/16 network and logged the results to a text file called nmap-arpscan.txt for later review.

One reason to do an ARP sweep on a network is that this will find even firewalled hosts as a system on an IP network may have ICMP filtered but ARP is practically a necessity to participate in network communications. So, this scan will find even firewalled hosts!

You can get more information about NMap from some of my previous blog postings:

Online Nmap video training – scan your network

Nmap v5 released – nearly 600 changes!

What other NMap scans do you do? Share your tips with other ITKE readers!

Thanks for reading and let’s continue to be good network citizens.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    Please remember that ARP works only on a local LAN. It will not work across a WAN link.
    32,960 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: