If you are like me, you don’t have time to run nmap scans and do other network maintenance. Running nmap is one of those really fun and useful tools that are easy to use, but since I rarely use it, I never remember the options. Â Today was one of those situations where I needed to hunt down a host on my client’s network remotely running certain software. It wasn’t responding to any remote services (like RDP) or pings, so I didn’t even know if it was on the correct IP address. Â I thought it would easy enough to do a quick network scan with nmap to discover the hosts running.
At a simple level, and on a small, class C network, I just ran this:
sudo nmap -PR 192.168.0.*
This allowed me to quickly see all the hosts that were up on the local subnet, and here’s an example showing the end of the output on the last host found:
Interesting ports on 192.168.0.210: Not shown: 992 closed ports PORT   STATE SERVICE 21/tcp  open  ftp 80/tcp  open  http 139/tcp  open  netbios-ssn 427/tcp  open  svrloc 443/tcp  open  https 515/tcp  open  printer 631/tcp  open  ipp 9100/tcp open  jetdirect MAC Address: 00:1B:xx:xx:xx:xx (NEC AccessTechnica) Nmap done: 256 IP addresses (20 hosts up) scanned in 42.07 seconds
That was super helpful. Â The host I needed showed right up, at the correct IP address, with most of the ports I expected. (not the one shown above) Now I just need to remote into the system (if I can) and adjust things. Â Nmap made it real easy on our Linux server.
There are some more useful commands, and as I need them, I’ll blog them. For today, this was all I needed.