Originally posted here by Opus00
What type of environment is it, windows? unix? mixed? If it is a windows environment and using active directories and dynamic dns you could do a reverse lookup on the entire class. Some computers may still show up in dns when in fact it no longer is on the network, but it will decay off with time.

Another thing you could do is not use the -sP and just look for active ports on the IP's. If a computer is not allowing ICMP when using nmap and it can not ping it, I believe nmap detects it as down, so use the -P0.

I'm sure there are many other ways of detecting, such as getting on a spanning port and do passive sniffing, this is just off the cuff, hope it helps some.
There will be some sniffing in promiscuous mode. However I was curious if there was a quick and easy way to scan for hosts on the network.

It sounds like in your second paragraph you are recommending I use this command instead:

nmap -oN activehosts.txt -vv -P0 192.168.0.0/24

Are you saying that this will not ping the hosts but instead scan for active ports on all the hosts in a subnet? Which ports does it interrogate? All 65k? Does it do so randomly (more of a curiousity)? Does it prefer any type of stealth scanning with this option? Thanks for the help.