On Fri, Jun 16, 2006 at 08:52:14AM +1200, Craig FALCONER wrote:
> Laziness... "find all laptops which are powered and connected to the net so
> I can VNC to them for testing rather than having to walk around the place
> and find likely canditates"
Untested, but would this help?
$ sudo nmap -sP -PA5800,5900 192.168.1.0/24
As per the man page extracts below, this shoud ICMP PING everything on
the specified network, and if they are up, will follow up with a TCP SYN
to the standard VNC ports of 5800 and 5900 ... if you don't run the
command as root, it'll do a connect() to the ports instead.
-sP Ping scanning: Sometimes you only want to know which hosts on
a
network are up. Nmap can do this by sending ICMP echo request packets
to every IP address on the networks you specify. Hosts that respond are up.
Unfortunately, some sites such as microsoft.com block echo request packets.
Thus nmap can also send a TCP ack packet to (by default) port 80. If we get an
RST back, that machine is up. A third technique involves sending a SYN packet
and waiting for a RST or a SYN/ACK. For non- root users, a connect() method is
used.
By default (for root users), nmap uses both the ICMP
and ACK
techniques in parallel. You can change the -P option described later.
Note that pinging is done by default anyway, and
only hosts
that respond are scanned. Only use this option if you wish to ping sweep
without doing any actual port scans.
-PA [portlist]
Use TCP ACK "ping" to determine what hosts are up.
Instead of
sending ICMP echo request packets and waiting for a response, we spew out TCP
ACK packets throughout the target network (or to a single machine) and then
wait for responses to trickle back. Hosts that are up should respond with
a RST. This option preserves the efficiency of only scanning hosts that are up
while still allowing you to scan networks/hosts that block ping packets. For
non root UNIX users, we use connect() and thus a SYN is actually being
sent. To set the destination ports of the probe packets use
-PA<port1>[,port2][...]. The default port is 80, since this port is often not
filtered out. Note that this option now accepts multiple, comma-separated port
numbers.
