nmap – Network exploration tool and security / port scanner

How to find live hosts on my network?

# nmap --iflist

Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-07 11:12 CET
************************INTERFACES************************
DEV     (SHORT)   IP/MASK                       TYPE     UP   MTU   MAC
re0     (re0)     172.21.5.109/21               ethernet up   1500  00:0D:B9:35:88:B4
re1     (re1)     192.168.1.1/24                ethernet up   1500  00:0D:B9:35:88:B5
re1     (re1)     fe80:2::20d:b9ff:fe35:88b5/64 ethernet up   1500  00:0D:B9:35:88:B5
re2     (re2)     10.0.0.1/16                   ethernet up   1500  00:0D:B9:35:88:B6
re2     (re2)     fe80:3::20d:b9ff:fe35:88b6/64 ethernet up   1500  00:0D:B9:35:88:B6
ath0    (ath0)    (none)/0                      ethernet down 2290  04:F0:21:0C:2B:A6
pflog0  (pflog0)  (none)/0                      other    up   33160
pfsync0 (pfsync0) (none)/0                      other    down 1500
lo0     (lo0)     127.0.0.1/8                   loopback up   16384
lo0     (lo0)     ::1/128                       loopback up   16384
lo0     (lo0)     fe80:7::1/64                  loopback up   16384
bridge0 (bridge0) (none)/0                      ethernet up   1500  02:A6:4D:75:47:00

**************************ROUTES**************************
DST/MASK                     DEV METRIC GATEWAY
10.0.0.1/32                  lo0 0
127.0.0.1/32                 lo0 0
172.21.5.109/32              lo0 0
192.168.1.1/32               lo0 0
192.168.1.0/24               re1 0
172.21.0.0/21                re0 0
10.0.0.0/16                  re2 0
0.0.0.0/0                    re0 0      172.21.0.1
fe80::1/128                  lo0 0
::1/128                      lo0 0
fe80::20d:b9ff:fe35:88b6/128 lo0 0
fe80::20d:b9ff:fe35:88b5/128 lo0 0
fe80::/32                    re1 0
ff01::/32                    re2 0      fe80::20d:b9ff:fe35:88b6
fe80::/32                    re2 0
::ffff:0.0.0.0/32            lo0 0      ::1
fe80::/32                    lo0 0
::/32                        lo0 0      ::1
ff01::/32                    re1 0      fe80::20d:b9ff:fe35:88b5
fe80::/32                    lo0 0      ::1
ff01::/32                    lo0 0      ::1
ff02::/32                    lo0 0      ::1
ff02::/32                    re1 0      fe80::20d:b9ff:fe35:88b5
ff02::/32                    re2 0      fe80::20d:b9ff:fe35:88b6
ff02::/32                    lo0 0      ::1
  • -e re2: Only use interface re2
  • -sn: No port scan. Only host discovery.
  • -PS161: TCP SYN Ping to port 161 (SNMP)
# nmap -e re2 -sP -PS161 172.21.6.0/24
Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-07 11:05 CET
Nmap scan report for 172.21.6.29
Host is up (-0.21s latency).
MAC Address: 00:03:F4:04:C7:C7 (NetBurner)
Nmap scan report for 172.21.6.32
Host is up (-0.21s latency).
MAC Address: 00:14:2D:22:F2:74 (Toradex AG)
Nmap scan report for 172.21.6.33
Host is up (-0.21s latency).

Leave a Reply

Your email address will not be published. Required fields are marked *