Re: Finding hosts on subnet using nmap.
How large can these networks typicall get?
Originally posted here by rogueactivex
When I'm at a client's network sometimes I have the task of trying to find active hosts within the network. Lately I've been using the ping sweep command for NMAP and saving my results to a file, like so:
nmap -oN activehosts.txt -vv -sP 192.168.0.0/24
However the thought occurred to me "what if a client is blocking ICMP pings"? That might be the case, at which point that client PC would be "hidden" from my sweep. So what's the best most efficient way to hunt for active clients on a network, preferably using nmap?
What type of information needs to be known about the clients?
How long do you realistically wish to hunt for clients?
Does it need to be cmd line based?
On small networks, I typically use this LAN Scanner . Famatech makes a few free utilities that make small tasks extremely simple.