Fast Host Discovery with nmap

By | 2012/09/02

The easiest way to do host discovery is with nmap. nmap of course offers a variety of ways to probe and map out detected hosts and poke at any open ports or services. But as for a quick discovery, ICMP is ideal to just get a quick assessment of online hosts. I’ll show you how!


The following command runs a quick ICMP (ping) discovery scan with nmap:

$ sudo nmap -sP range

Example:

$ sudo nmap -sP 172.16.1.1-254

Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-02 18:50 EDT
Nmap scan report for 172.16.1.1
Host is up (0.0100s latency).
MAC Address: C0:C1:C0:07:34:1F (Cisco-Linksys)
Nmap scan report for 172.16.1.124
Host is up (0.017s latency).
MAC Address: 00:0D:4B:62:5F:89 (Roku)
Nmap scan report for 172.16.1.135
Host is up (0.34s latency).
MAC Address: 98:0C:82:63:15:83 (Samsung Electro Mechanics)
Nmap scan report for 172.16.1.140
Host is up (0.00063s latency).
MAC Address: 08:00:27:24:E5:44 (Cadmus Computer Systems)
Nmap scan report for 172.16.1.141
Host is up (0.00020s latency).
MAC Address: 08:00:27:9C:E5:FF (Cadmus Computer Systems)
Nmap scan report for 172.16.1.145
Host is up (0.00082s latency).
MAC Address: 08:00:27:F6:CC:76 (Cadmus Computer Systems)
Nmap scan report for 172.16.1.202
Host is up.
Nmap scan report for 172.16.1.203
Host is up (0.020s latency).
MAC Address: 00:22:58:93:AA:FC (Taiyo Yuden Co.)
Nmap done: 254 IP addresses (8 hosts up) scanned in 15.78 seconds

To have the results dumped to an XML file, use tack oX. Example:

$ sudo nmap -sP 172.16.1.1-254 -oX scan.xml

Cool!