If you are like me, you don’t have time to run nmap scans and do other network maintenance. Running nmap is one of those really fun and useful tools that are easy to use, but since I rarely use it, I never remember the options. Â Today was one of those situations where I needed to hunt down a host on my client’s network remotely running certain software. It wasn’t responding to any remote services (like RDP) or pings, so I didn’t even know if it was on the correct IP address. Â I thought it would easy enough to do a quick network scan with nmap to discover the hosts running.
At a simple level, and on a small, class C network, I just ran this:
sudo nmap -PR 192.168.0.*
This allowed me to quickly see all the hosts that were up on the local subnet, and here’s an example showing the end of the output on the last host found:
Interesting ports on 192.168.0.210: Not shown: 992 closed ports PORT Â Â STATE SERVICE 21/tcp Â open Â ftp 80/tcp Â open Â http 139/tcp Â open Â netbios-ssn 427/tcp Â open Â svrloc 443/tcp Â open Â https 515/tcp Â open Â printer 631/tcp Â open Â ipp 9100/tcp open Â jetdirect MAC Address: 00:1B:xx:xx:xx:xx (NEC AccessTechnica) Nmap done: 256 IP addresses (20 hosts up) scanned in 42.07 seconds
That was super helpful. Â The host I needed showed right up, at the correct IP address, with most of the ports I expected. (not the one shown above) Now I just need to remote into the system (if I can) and adjust things. Â Nmap made it real easy on our Linux server.
There are some more useful commands, and as I need them, I’ll blog them. For today, this was all I needed.