Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    nmap scan question (identifying hosts that are alive)

    I've went through quite a few iterations to try and find out a way to do this. Essentially pinging to find live hosts doesn't work on all systems in my network, as with many. I'm wondering what will output all systems that have an open port of any sort, or some other way to identify living systems. The end result of this data is being scanned with Nessus. Anyway, the command line I ended up having to use was
    nmap -iL netranges.txt -F -O -P0 > NETWORKnmap.txt

    This resulted in every IP in every network range being listed as a server, but most of the other scans I attempted didn't find anything. How can I excise entries like this:

    Nmap scan report for 10.xx.xx.xx
    Host is up (0.22s latency).
    All 1000 scanned ports on 10.xx.xx.xx are filtered
    Too many fingerprints match this host to give specific OS details

    yet still find every single live host on the networks I'm scanning?

  2. #2
    Oh and the -O switch is not 100 percent necessary I suppose since it takes quite a bit longer and with the other options I'm using it doesn't really have any ability to identify the OS, but as I'm trying to run a Nessus scan afterwards if I can somehow identify the OS and therefore run the correct sets of Nessus policies, that would be amazing. The important thing here, for me, is to only get living systems in the end results, preferably identified by OS.

  3. #3
    One thought I had was I could run a scan that simply identifies all of the systems, then a second that does a more in-depth port scan to try and identify OS. I don't know, I haven't used nmap in some time and I've never really used it to its full potential.

  4. $spacer_open
  5. #4
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    There's still the --osscan-limit switch for OS detection. In general I would strictly specify which ports to scan for with the -p switch, thus scanning only about 10 or 15 interesting ports depending on the applications you expect to run. It should speed up the thingy a lot. Does this answer your question?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts