Skip to content

Ping Sweep_ Nmap method

Jump to bottom
TheGetch edited this page May 14, 2021 · 2 revisions

Ping Sweep: Nmap method

Ping Sweep: Nmap method

To perform a ping sweep in nmap, the -sn flag is vital. In its simplest form, any of the following three options could be used for scanning:

nmap -sn x.x.x.x/24
nmap -sn x.x.x.1-254
nmap -sn x.x.x.*

You can also grep out the IPs and cut out fluf:

nmap -sn 172.x.x.x/24 | grep "172" | cut -f 5 -d ' '

A slower, more stealthier approach that utilizes the files containing the IP address split (as seen in the first section above) would be:

nmap --randomize-hosts -sn -T2 -oN nmap_discoveryScan_x.x.x.x-16.txt -iL x.x.x.x_IP_range.split.txt

This will export the results into a text file (-oN). Randomized hosts is optional, depending on the customer and the testing situation. The flag, -oA, can be used in place of -oX or -oN, as -oA will output the results to all output formats.

The results for both command options shown above will be the list of hosts that responded to the ping, thus are up and alive.

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally