IT Trenches

Dec 15 2009   9:38PM GMT

Use NMap to quickly scan a large subnet for MAC or IP addresses – even firewalled systems!

Troy Tate Profile: Troy Tate

One of my favorite tools to manage a population of network hosts is the excellent tool NMap. It can easily and quickly be used to scan a large subnet for live hosts. I recently scanned a /16 or 65,535 hosts subnet in about 30 minutes with NMap detecting most common running services on the hosts discovered (note that the network was not very populated, so a densely populated network will take longer to scan than a sparsely populated network). This is a very fast and useful tool. I was particularly interested in MAC addresses as I was seeing some unusual ARP traffic and wanted to see what IP address might be assigned to the device.

The command I used to scan the subnet was:

nmap -PR -oN nmap-arpscan.txt 192.168.0.0/16

This scanned the entire 192.168.0.0/16 network and logged the results to a text file called nmap-arpscan.txt for later review.

One reason to do an ARP sweep on a network is that this will find even firewalled hosts as a system on an IP network may have ICMP filtered but ARP is practically a necessity to participate in network communications. So, this scan will find even firewalled hosts!

You can get more information about NMap from some of my previous blog postings:

Online Nmap video training – scan your network

Nmap v5 released – nearly 600 changes!

What other NMap scans do you do? Share your tips with other ITKE readers!

Thanks for reading and let’s continue to be good network citizens.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Labnuke99
    Please remember that ARP works only on a local LAN. It will not work across a WAN link.
    32,960 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: