At times, you may need to identify all live hosts on a network during a penetration test. Nmap is able to perform a ping sweep across multiple targets, whether specifying a range or an entire subnet. Using the -sn operator will allow you to perform a ping scan only on the target:
Ping sweep with Nmap
In the preceding snippet, Nmap has presented only the hosts that it thinks are alive on the network segment and was able to look up the MAC addresses of each host to determine the vendor.
- If you would like to perform a range scan, you can use the following syntax: nmap start ip addr - end ip addr.
- If you would like to scan specific IP devices on a network, use the following syntax: nmap host1 host2 host3.
- Nmap also has support for scanning hosts that are listed within a text file by using the following syntax: nmap –iL file.txt.
Let's now take things up a notch and learn more about how to use Nmap in the following section.