Nmap network discovery port scan

If you are like me, you don’t have time to run nmap scans and do other network maintenance. Running nmap is one of those really fun and useful tools that are easy to use, but since I rarely use it, I never remember the options.  Today was one of those situations where I needed to hunt down a host on my client’s network remotely running certain software. It wasn’t responding to any remote services (like RDP) or pings, so I didn’t even know if it was on the correct IP address.  I thought it would easy enough to do a quick network scan with nmap to discover the hosts running.

At a simple level, and on a small, class C network, I just ran this:

sudo nmap -PR 192.168.0.*

This allowed me to quickly see all the hosts that were up on the local subnet, and here’s an example showing the end of the output on the last host found:

Interesting ports on
Not shown: 992 closed ports
21/tcp   open  ftp
80/tcp   open  http
139/tcp  open  netbios-ssn
427/tcp  open  svrloc
443/tcp  open  https
515/tcp  open  printer
631/tcp  open  ipp
9100/tcp open  jetdirect
MAC Address: 00:1B:xx:xx:xx:xx (NEC AccessTechnica)
Nmap done: 256 IP addresses (20 hosts up) scanned in 42.07 seconds

That was super helpful.  The host I needed showed right up, at the correct IP address, with most of the ports I expected. (not the one shown above) Now I just need to remote into the system (if I can) and adjust things.  Nmap made it real easy on our Linux server.

There are some more useful commands, and as I need them, I’ll blog them. For today, this was all I needed.