(I don't have the original, so ill qoute this guy) Nmap has an option to change how it determines if a host is up by attempting a port connection instead. I find this to be highly effective. Using a couple of standard ports are the best, such as 80, 21, etc. If you only have a few ports your searching for, then drop host discovery and scan those specific ports, youd get the same results but a tad bit less overhead(mainly in the sense of stealth or an obsession with not wasting bandwidth if you can help it) On Jan 2, 2012 1:00 PM, "S Walker" <[email protected]> wrote:
> > Just an added note to the current replies (which are all great for hosts > not in the local broadcast domain): It is almost certain that every device > in your local network will respond to an ARP request. nmap does this by > default anyway (-PR for local networks), but it's worth bearing in mind, as > something local that won't respond to an ARP request is almost certainly > not reachable. > > S > > ---------------------------------------- > > Date: Mon, 2 Jan 2012 12:03:42 -0500 > > Subject: Re: Nmap > > From: [email protected] > > To: [email protected] > > > > Sorry for the late answer... > > > > But when you scan for machines that do not answer to ping (it means > > answer with an echo reply for each echo request), you could try using > > timestamp, and will return timestamp reply, and also information > > request and wait for an information reply > > > > Both coould be useful also to detect equipments that do not answer to > > ping. And if you want something more "noisy" maybe a network discovery > > or a -P0 option. > > > > Here is a summary of message types with their port (for ICMP protocol). > > > > 0 Echo Reply > > 3 Destination Unreachable > > 4 Source Quench > > 5 Redirect > > 8 Echo > > 11 Time Exceeded > > 12 Parameter Problem > > 13 Timestamp > > 14 Timestamp Reply > > 15 Information Request > > 16 Information Reply > > > > More detail on: http://www.faqs.org/rfcs/rfc792.html > > > > Hope it will be useful. > > > > Regards, > > > > Juan Pablo. > > > > On Sun, Oct 2, 2011 at 4:35 PM, John M. Martinelli > > wrote: > > > This would work but it would be kind of "noisy" to open port scan > > > every host. Also probably a little more time consuming. > > > > > > Adding in syn scan or open port scan will create more time required as > > > we're now looking for open ports. What if all ports are closed? Will > > > it respond to a certain type of ICMP? > > > > > > I think a great question to ask is: "What is the least-impactful way I > > > can very quickly determine what hosts are alive?" without a > > > traditional ping sweep. > > > > > > On Sat, Oct 1, 2011 at 10:37 PM, Jeffory Atkinson wrote: > > >> > > >> All depends on what you are trying to achieve. I would assume that > you are not concerned about monitoring devices seeing you have done a ping > sweep with nmap. I agree with others a port scan is going to give you the > best idea if a host is active. There are Many instances filtering devices > can drop icmp or respond for hosts behind them. Open ports and services > are the best identifiers. A port has to be open in some form (open or > filtered) to interact with in-bound connections. I would recommend a -sS > (syn) scan you can opt for standard services or add -p1- for all 65k+ > ports. All ports will verify and services/demons running. There are other > options if bandwidth is an issue. > > >> > > >> > > >> On Sep 30, 2011, at 5:17 PM, Ukpong wrote: > > >> > > >> > Can somebody suggest the best NMAP commands for identifying hosts > that > > >> > are not responding to ICMP ping requests ? > > >> > > > >> > > ------------------------------------------------------------------------ > > >> > This list is sponsored by: Information Assurance Certification > Review Board > > >> > > > >> > Prove to peers and potential employers without a doubt that you can > actually do a proper penetration test. IACRB CPT and CEPT certs require a > full practical examination in order to become certified. > > >> > > > >> > http://www.iacertification.org > > >> > > ------------------------------------------------------------------------ > > >> > > > >> > > >> > ------------------------------------------------------------------------ > > >> This list is sponsored by: Information Assurance Certification Review > Board > > >> > > >> Prove to peers and potential employers without a doubt that you can > actually do a proper penetration test. IACRB CPT and CEPT certs require a > full practical examination in order to become certified. > > >> > > >> http://www.iacertification.org > > >> > ------------------------------------------------------------------------ > > >> > > > > > > > ------------------------------------------------------------------------ > > > This list is sponsored by: Information Assurance Certification Review > Board > > > > > > Prove to peers and potential employers without a doubt that you can > actually do a proper penetration test. IACRB CPT and CEPT certs require a > full practical examination in order to become certified. > > > > > > http://www.iacertification.org > > > > ------------------------------------------------------------------------ > > > > > > > > > > > -- > > > > =============================================== > > |_|0|_| Ing Juan QuiƱe, CISSP, OSCP, GISP, ISO 27001 LA, Cobit-F. > > |_|_|0| visita: http://hackspy.blogspot.com/ > > |0|0|0| a.k.a. HaCKsPy - from Security Wari Projects, now PeruSEC > > > > "... hacking is a way to live your life, not a day job or semi-ordered > > list of instructions found in a thick book ..." Anthony Bunyan > > "... Live your life as if you will die tomorrow but learn as if you > > will live forever ..." Mahatma Gandhi > > "... Romper un sistema de seguridad los acerca tanto a ser hackers > > como encender autos puenteando cables los convierte en ingenieros > > automitrices ..." > > "... Nada es tan importante, ni tan urgente que no pueda ser hecho con > > seguridad ..." > > > > ------------------------------------------------------------------------ > > This list is sponsored by: Information Assurance Certification Review > Board > > > > Prove to peers and potential employers without a doubt that you can > actually do a proper penetration test. IACRB CPT and CEPT certs require a > full practical examination in order to become certified. > > > > http://www.iacertification.org > > ------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------ > This list is sponsored by: Information Assurance Certification Review Board > > Prove to peers and potential employers without a doubt that you can > actually do a proper penetration test. IACRB CPT and CEPT certs require a > full practical examination in order to become certified. > > http://www.iacertification.org > ------------------------------------------------------------------------ > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
