March 13th, 2006 03:28 PM
Finding hosts on subnet using nmap.
When I'm at a client's network sometimes I have the task of trying to find active hosts within the network. Lately I've been using the ping sweep command for NMAP and saving my results to a file, like so:
nmap -oN activehosts.txt -vv -sP 192.168.0.0/24
However the thought occurred to me "what if a client is blocking ICMP pings"? That might be the case, at which point that client PC would be "hidden" from my sweep. So what's the best most efficient way to hunt for active clients on a network, preferably using nmap?