There will be situations where host exclusion is necessary to avoid scanning certain machines. For example, you may lack the authorization, or it may be that the host has already been scanned and you want to save some time. Nmap implements an option to exclude a host or list of hosts to help you in these cases.
This recipe describes how to exclude hosts from your Nmap scans.
Open your terminal and type the following command:
# nmap -sV -O --exclude 192.168.1.102,192.168.1.254 192.168.1.1/24
You should see the scan results of all the available hosts in the private network 192.168.1.1-255
, excluding the IPs 192.168.1.254
and 192.168.1.102
, as shown in the following example:
# nmap -sV -O --exclude 192.168.1.102,192.168.1.254 192.168.1.1/24 Nmap scan report for 192.168.1.101 Host is up (0.019s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 21/tcp filtered ftp 53/tcp filtered domain 554/tcp filtered rtsp 3306/tcp filtered mysql MAC Address: 00:23:76:CD:C5:BE (HTC) Too many fingerprints match this host to give specific OS details Network Distance: 1 hop OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 254 IP addresses (1 host up) scanned in 18.19 seconds
The arguments -sV -O --exclude 192.168.1.102,192.168.1.254 192.168.1.1/1
tell Nmap to perform a service detection scan (-sV
) with an OS fingerprinting (-O
) of all the 256 IPs (192.168.1.1/24
) in this private network, excluding the machines with the IPs 192.168.102
and 192.168.1.254
(--exclude 192.168.1.102,192.168.1.254
), respectively.
The argument --exclude
also support IP ranges, as shown in the following examples:
# nmap -sV -O --exclude 192.168.1-100 192.168.1.1/24 # nmap -sV -O --exclude 192.168.1.1,192.168.1.10-20 192.168.1.1/24
3.21.21.47