Jump to content

Ping Sweep using free NMAP


wildweaselmi
 Share

Recommended Posts

Use the free and popular tool, nmap, to find which IP Addresses are active or not active on your network.

 

ACTIVE/NOT USED IP ADDRESSES

For example to scan an entire class C subnet you can use the following command:

 

 
nmap -sP -R 192.168.1.0/24 |grep up

This will produce a list of ip addresses which are currently being used You can also use this command to find a list of inactive ip addresses when you are looking to add devices to your network:

 
nmap -sP -R 192.168.1.0/24 |grep down

Maybe you don't want to sweep the entire subnet. You can specify the range of IP Addresses to scan

 
nmap -sP 192.168.1.1-254

HAVE MAC, WHATS IP ADDRESS? Another option is that you need to identify what IP Address a machine got after a reboot. As long as you have the mac-address this is possible using nmap

 
sudo nmap -n -sP 192.168.1.0/24 | grep "00:11:22:33:44"

-n tells nmap not to never do reverse DNS resolution on the active IP address it finds. Makes scanning faster -sP Only perform a ping scan (host discovery) and prints the results, go no further. OPEN PORTS You may want to scan for computers with a certain port open. Like for example what devices are listening for an SSH connection.

 
nmap -p 22 --open -sV 192.168.1.0/24
  • nmap : the executable name
  • -p 22 : specifies the port to test
  • --open : suppress output for clients that are not listening
  • -sV : display the version string reported by the scanned server
  • 10.0.0.0/24 : the target network, could have been 192.168.0.0/24

Check for open UDP Port(s)

 
 sudo nmap -p 69 -sU -P0 10.130.8.0/24

 

 

Results will say (filtered, closed, open)

  • open : standard response is SYN,ACK : Service running on the port / port is open
  • closed : Standard response RST : Service not running on the port / port is closed
  • filtered : No response : Firewalled port

 

Check out this video for more information on using nmap to do scanning

Link to comment
Share on other sites

  • 8 months later...
  • 2 weeks later...

I prefer this scan because the results are easier to view.





netadm1n@usrn2netweb02:~$ sudo nmap -sP -T Insane 10.6.56.130-146



Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-17 09:14 EST

Nmap scan report for 10.6.56.135

Host is up (0.00020s latency).

MAC Address: 00:0D:60:0B:00:32 (IBM)

Nmap scan report for 10.6.56.138

Host is up (0.00020s latency).

MAC Address: 00:11:25:C5:39:7E (IBM)

Nmap scan report for 10.6.56.140

Host is up (0.00023s latency).

MAC Address: 00:09:6B:AE:8A:13 (IBM)

Nmap scan report for 10.6.56.143

Host is up (0.00013s latency).

MAC Address: 00:0D:60:DE:DE:14 (IBM)

Nmap done: 17 IP addresses (4 hosts up) scanned in 0.30 seconds


 



If I run the command you mentioned I get the following huge report





netadm1n@usrn2netweb02:~$ sudo nmap nmap -T4 -A -v 10.6.56.130-146

password for netadm1n:



Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-17 09:10 EST

NSE: Loaded 36 scripts for scanning.

Failed to resolve given hostname/IP: nmap.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges

Initiating ARP Ping Scan at 09:10

Scanning 17 hosts

Completed ARP Ping Scan at 09:10, 0.22s elapsed (17 total hosts)

Initiating Parallel DNS resolution of 17 hosts. at 09:10

Completed Parallel DNS resolution of 17 hosts. at 09:10, 0.04s elapsed

Nmap scan report for 10.6.56.130

Nmap scan report for 10.6.56.131

Nmap scan report for 10.6.56.132

Nmap scan report for 10.6.56.133

Nmap scan report for 10.6.56.134

Nmap scan report for 10.6.56.136

Nmap scan report for 10.6.56.137

Nmap scan report for 10.6.56.139

Nmap scan report for 10.6.56.141

Nmap scan report for 10.6.56.142

Nmap scan report for 10.6.56.144

Nmap scan report for 10.6.56.145

Nmap scan report for 10.6.56.146

Initiating SYN Stealth Scan at 09:10

Scanning 4 hosts

Discovered open port 21/tcp on 10.6.56.138

Discovered open port 21/tcp on 10.6.56.135

Discovered open port 21/tcp on 10.6.56.143

Discovered open port 21/tcp on 10.6.56.140

Discovered open port 23/tcp on 10.6.56.135

Discovered open port 25/tcp on 10.6.56.138

Discovered open port 199/tcp on 10.6.56.138

Discovered open port 25/tcp on 10.6.56.135

Discovered open port 22/tcp on 10.6.56.138

Discovered open port 25/tcp on 10.6.56.143

Discovered open port 199/tcp on 10.6.56.135

Discovered open port 199/tcp on 10.6.56.143

Discovered open port 22/tcp on 10.6.56.143

Discovered open port 111/tcp on 10.6.56.138

Discovered open port 22/tcp on 10.6.56.140

Discovered open port 111/tcp on 10.6.56.143

Discovered open port 111/tcp on 10.6.56.135

Discovered open port 111/tcp on 10.6.56.140

Discovered open port 9091/tcp on 10.6.56.143

Discovered open port 32769/tcp on 10.6.56.135

Discovered open port 32770/tcp on 10.6.56.135

Discovered open port 13783/tcp on 10.6.56.135

Discovered open port 514/tcp on 10.6.56.135

Discovered open port 13/tcp on 10.6.56.138

Discovered open port 13/tcp on 10.6.56.143

Discovered open port 13/tcp on 10.6.56.135

Discovered open port 32774/tcp on 10.6.56.138

Discovered open port 2049/tcp on 10.6.56.140

Discovered open port 2049/tcp on 10.6.56.135

Discovered open port 512/tcp on 10.6.56.135

Discovered open port 32773/tcp on 10.6.56.138

Discovered open port 32775/tcp on 10.6.56.143

Discovered open port 5432/tcp on 10.6.56.143

Discovered open port 32773/tcp on 10.6.56.143

Discovered open port 1334/tcp on 10.6.56.138

Discovered open port 1334/tcp on 10.6.56.140

Discovered open port 37/tcp on 10.6.56.138

Discovered open port 1334/tcp on 10.6.56.143

Discovered open port 7937/tcp on 10.6.56.143

Discovered open port 37/tcp on 10.6.56.135

Discovered open port 37/tcp on 10.6.56.143

Discovered open port 27000/tcp on 10.6.56.143

Discovered open port 2500/tcp on 10.6.56.138

Discovered open port 2500/tcp on 10.6.56.140

Discovered open port 1521/tcp on 10.6.56.135

Discovered open port 32768/tcp on 10.6.56.138

Discovered open port 7938/tcp on 10.6.56.143

Discovered open port 5280/tcp on 10.6.56.138

Discovered open port 5280/tcp on 10.6.56.140

Discovered open port 2500/tcp on 10.6.56.143

Discovered open port 9090/tcp on 10.6.56.138

Discovered open port 9090/tcp on 10.6.56.140

Discovered open port 32768/tcp on 10.6.56.143

Discovered open port 32768/tcp on 10.6.56.135

Discovered open port 513/tcp on 10.6.56.135

Discovered open port 5280/tcp on 10.6.56.143

Discovered open port 544/tcp on 10.6.56.135

Discovered open port 8085/tcp on 10.6.56.143

Discovered open port 9090/tcp on 10.6.56.143

Discovered open port 13722/tcp on 10.6.56.135

Discovered open port 13782/tcp on 10.6.56.135

Discovered open port 543/tcp on 10.6.56.135

Completed SYN Stealth Scan against 10.6.56.138 in 0.04s (3 hosts left)

Completed SYN Stealth Scan against 10.6.56.140 in 0.04s (2 hosts left)

Discovered open port 32771/tcp on 10.6.56.135

Completed SYN Stealth Scan against 10.6.56.135 in 0.04s (1 host left)

Completed SYN Stealth Scan at 09:10, 0.04s elapsed (4000 total ports)

Initiating Service scan at 09:10

Scanning 63 services on 4 hosts

Completed Service scan at 09:13, 132.04s elapsed (63 services on 4 hosts)

Initiating RPCGrind Scan against 10.6.56.135 at 09:13

Completed RPCGrind Scan against 10.6.56.135 at 09:13, 0.16s elapsed (5 ports)

Initiating RPCGrind Scan against 10.6.56.138 at 09:13

Completed RPCGrind Scan against 10.6.56.138 at 09:13, 0.17s elapsed (3 ports)

Initiating RPCGrind Scan against 10.6.56.140 at 09:13

Completed RPCGrind Scan against 10.6.56.140 at 09:13, 0.00s elapsed (2 ports)

Initiating RPCGrind Scan against 10.6.56.143 at 09:13

Completed RPCGrind Scan against 10.6.56.143 at 09:13, 0.81s elapsed (8 ports)

Initiating OS detection (try #1) against 4 hosts

NSE: Script scanning 4 hosts.

NSE: Starting runlevel 1 (of 1) scan.

Initiating NSE at 09:13

Completed NSE at 09:13, 30.84s elapsed

NSE: Script Scanning completed.

Nmap scan report for 10.6.56.135

Host is up (0.0046s latency).

Not shown: 979 closed ports

PORT      STATE SERVICE    VERSION

13/tcp    open  daytime

21/tcp    open  ftp        HP-UX or AIX ftpd 4.1

23/tcp    open  telnet     AIX telnetd

25/tcp    open  smtp       Sendmail AIX5.2/8.11.6p2

| smtp-commands: EHLO usdtsmwg003.lab.mwg.com Hello usna0netweb02.na.mwg.com , pleased to meet you, ENHANCEDSTATUSCODES, EXPN, VERB, 8BITMIME, SIZE, DSN, ONEX, ETRN, XUSR, HELP

|_HELP 2.0.0 This is sendmail version AIX5.2/8.11.6p2 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use: HELP . 2.0.0 To report bugs in the implementation send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

37/tcp    open  time?

111/tcp   open  rpcbind    2-4 (rpc #100000)

| rpcinfo:

| 100000  2,3,4      111/udp  rpcbind

| 100003  2,3       2049/udp  nfs

| 200006  1         2049/udp

| 100005  1,2,3    32819/udp  mountd

| 100021  1,2,3,4  32822/udp  nlockmgr

| 100024  1        32836/udp  status

| 100133  1        32836/udp  nsm_addrand

| 200001  1,2      32836/udp  PyramidSys5

| 100000  2,3,4      111/tcp  rpcbind

| 100003  2,3       2049/tcp  nfs

| 200006  1         2049/tcp

| 100005  1,2,3    32769/tcp  mountd

| 100021  1,2,3,4  32770/tcp  nlockmgr

| 100024  1        32771/tcp  status

| 100133  1        32771/tcp  nsm_addrand

|_200001  1,2      32771/tcp  PyramidSys5

199/tcp   open  smux?

512/tcp   open  exec       AIX rexecd

513/tcp   open  login

514/tcp   open  tcpwrapped

543/tcp   open  klogin     AIX kerberized rlogin

544/tcp   open  kshell     AIX (kerberized?) rshd

1521/tcp  open  oracle-tns Oracle TNS Listener 10.2.0.4.0 (for IBM/AIX RISC System/6000)

2049/tcp  open  nfs        2-3 (rpc #100003)

13722/tcp open  netbackup  Veritas Netbackup java listener

13782/tcp open  netbackup?

13783/tcp open  tcpwrapped

32768/tcp open  unknown

32769/tcp open  mountd     1-3 (rpc #100005)

32770/tcp open  nlockmgr   1-4 (rpc #100021)

32771/tcp open  status     1 (rpc #100024)

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

SF-Port37-TCP:V=5.21%I=7%D=1/17%Time=50F80670%P=i686-pc-linux-gnu%r(NULL,4

SF:,"\xd4\xa2\x88\xb6")%r(GenericLines,4,"\xd4\xa2\x88\xb6")%r(GetRequest,

SF:4,"\xd4\xa2\x88\xb6")%r(HTTPOptions,4,"\xd4\xa2\x88\xb6")%r(RTSPRequest

SF:,4,"\xd4\xa2\x88\xb6")%r(RPCCheck,4,"\xd4\xa2\x88\xb6")%r(DNSVersionBin

SF:dReq,4,"\xd4\xa2\x88\xb6")%r(DNSStatusRequest,4,"\xd4\xa2\x88\xb6")%r(H

SF:elp,4,"\xd4\xa2\x88\xb6")%r(SSLSessionReq,4,"\xd4\xa2\x88\xb6")%r(SMBPr

SF:ogNeg,4,"\xd4\xa2\x88\xb6")%r(X11Probe,4,"\xd4\xa2\x88\xb6")%r(FourOhFo

SF:urRequest,4,"\xd4\xa2\x88\xb6")%r(LPDString,4,"\xd4\xa2\x88\xb6")%r(LDA

SF:PBindReq,4,"\xd4\xa2\x88\xb6")%r(SIPOptions,4,"\xd4\xa2\x88\xb6")%r(LAN

SF:Desk-RC,4,"\xd4\xa2\x88\xb6")%r(TerminalServer,4,"\xd4\xa2\x88\xb6")%r(

SF:NCP,4,"\xd4\xa2\x88\xb6")%r(NotesRPC,4,"\xd4\xa2\x88\xb6")%r(WMSRequest

SF:,4,"\xd4\xa2\x88\xb6")%r(oracle-tns,4,"\xd4\xa2\x88\xb6");

MAC Address: 00:0D:60:0B:00:32 (IBM)

Device type: general purpose

Running: IBM AIX 5.X

OS details: IBM AIX 5.1 or 5.2

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=260 (Good luck!)

IP ID Sequence Generation: Incremental

Service Info: Host: usdtsmwg003; OSs: Unix, AIX



HOP RTT     ADDRESS

1   4.60 ms 10.6.56.135



Nmap scan report for 10.6.56.138

Host is up (0.00036s latency).

Not shown: 986 closed ports

PORT      STATE SERVICE     VERSION

13/tcp    open  daytime

21/tcp    open  ftp         HP-UX or AIX ftpd 4.2

22/tcp    open  ssh         OpenSSH 4.3 (protocol 2.0)

| ssh-hostkey: 1024 a5:59:3c:65:ff:60:5c:fa:c0:9e:1a:47:67:39:64:d8 (DSA)

|_2048 dc:c4:3a:3a:bb:71:7f:d2:14:d5:c5:0b:29:17:66:41 (RSA)

25/tcp    open  smtp        Sendmail AIX5.3/8.13.4

| smtp-commands: EHLO usdetp510b.mwg.com Hello , pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE, DSN, ETRN, DELIVERBY, HELP

|_HELP 2.0.0 This is sendmail version AIX5.3/8.13.4 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use: HELP . 2.0.0 To report bugs in the implementation send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

37/tcp    open  time?

111/tcp   open  rpcbind

| rpcinfo:

| 100000  2,3,4      111/udp  rpcbind

| 100024  1        32773/udp  status

| 100133  1        32773/udp  nsm_addrand

| 200001  1,2      32773/udp  PyramidSys5

| 100021  1,2,3,4  32782/udp  nlockmgr

| 100000  2,3,4      111/tcp  rpcbind

| 100024  1        32773/tcp  status

| 100133  1        32773/tcp  nsm_addrand

| 200001  1,2      32773/tcp  PyramidSys5

|_100021  1,2,3,4  32774/tcp  nlockmgr

199/tcp   open  smux?

1334/tcp  open  unknown

2500/tcp  open  rtsserv?

5280/tcp  open  unknown

9090/tcp  open  zeus-admin?

32768/tcp open  unknown

32773/tcp open  status      1 (rpc #100024)

32774/tcp open  nlockmgr    1-4 (rpc #100021)

4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port37-TCP:V=5.21%I=7%D=1/17%Time=50F80670%P=i686-pc-linux-gnu%r(NULL,4

SF:,"\xd4\xa2\x92\x9f")%r(GenericLines,4,"\xd4\xa2\x92\x9f")%r(GetRequest,

SF:4,"\xd4\xa2\x92\x9f")%r(HTTPOptions,4,"\xd4\xa2\x92\x9f")%r(RTSPRequest

SF:,4,"\xd4\xa2\x92\x9f")%r(RPCCheck,4,"\xd4\xa2\x92\x9f")%r(DNSVersionBin

SF:dReq,4,"\xd4\xa2\x92\x9f")%r(DNSStatusRequest,4,"\xd4\xa2\x92\x9f")%r(H

SF:elp,4,"\xd4\xa2\x92\x9f")%r(SSLSessionReq,4,"\xd4\xa2\x92\x9f")%r(SMBPr

SF:ogNeg,4,"\xd4\xa2\x92\x9f")%r(X11Probe,4,"\xd4\xa2\x92\x9f")%r(FourOhFo

SF:urRequest,4,"\xd4\xa2\x92\x9f")%r(LPDString,4,"\xd4\xa2\x92\x9f")%r(LDA

SF:PBindReq,4,"\xd4\xa2\x92\x9f")%r(SIPOptions,4,"\xd4\xa2\x92\x9f")%r(LAN

SF:Desk-RC,4,"\xd4\xa2\x92\x9f")%r(TerminalServer,4,"\xd4\xa2\x92\x9f")%r(

SF:NCP,4,"\xd4\xa2\x92\x9f")%r(NotesRPC,4,"\xd4\xa2\x92\x9f")%r(WMSRequest

SF:,4,"\xd4\xa2\x92\x9f")%r(oracle-tns,4,"\xd4\xa2\x92\x9f");

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port2500-TCP:V=5.21%I=7%D=1/17%Time=50F8067B%P=i686-pc-linux-gnu%r(DNSV

SF:ersionBindReq,28,"\x04\x01\0\(\0\0\0\0\xaa\0\x14\0\0\x0f\xa2\x01\x0eLog

SF:in\x20failed\.\n\xfd\0\x02\0\x02\0\0\0\0")%r(DNSStatusRequest,28,"\x04\

SF:x01\0\(\0\0\0\0\xaa\0\x14\0\0\x0f\xa2\x01\x0eLogin\x20failed\.\n\xfd\0\

SF:x02\0\x02\0\0\0\0")%r(oracle-tns,28,"\x04\x01\0\(\0\0\0\0\xaa\0\x14\0\0

SF:\x0f\xa2\x01\x0eLogin\x20failed\.\n\xfd\0\x02\0\x02\0\0\0\0");

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port5280-TCP:V=5.21%I=7%D=1/17%Time=50F80676%P=i686-pc-linux-gnu%r(NULL

SF:,F,"7003\x20823464\x20pid")%r(GetRequest,F,"7003\x20823464\x20pid")%r(G

SF:enericLines,F,"7003\x20680048\x20pid")%r(HTTPOptions,F,"7003\x20680050\

SF:x20pid")%r(RTSPRequest,F,"7003\x20680052\x20pid")%r(RPCCheck,10,"7003\x

SF:201355864\x20pid")%r(DNSVersionBindReq,F,"7003\x20925896\x20pid")%r(DNS

SF:StatusRequest,F,"7003\x20721132\x20pid")%r(Help,10,"7003\x201355814\x20

SF:pid")%r(SSLSessionReq,F,"7003\x20286802\x20pid")%r(SMBProgNeg,F,"7003\x

SF:20286804\x20pid")%r(X11Probe,F,"7003\x20286806\x20pid")%r(FourOhFourReq

SF:uest,F,"7003\x20286808\x20pid")%r(LPDString,F,"7003\x20286810\x20pid")%

SF:r(LDAPBindReq,F,"7003\x20286812\x20pid")%r(SIPOptions,F,"7003\x20618500

SF:\x20pid")%r(LANDesk-RC,10,"7003\x201355836\x20pid")%r(TerminalServer,10

SF:,"7003\x201355838\x20pid")%r(NCP,10,"7003\x201355840\x20pid")%r(NotesRP

SF:C,F,"7003\x20925938\x20pid")%r(WMSRequest,10,"7003\x201355848\x20pid")%

SF:r(oracle-tns,10,"7003\x201130688\x20pid");

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port9090-TCP:V=5.21%I=7%D=1/17%Time=50F80676%P=i686-pc-linux-gnu%r(NULL

SF:,1E8,"\+\x20find\x20/var/websm/data/wservers/\x20-type\x20f\x20-print\x

SF:20-name\x20\[0-9\]\*\[0-9\]\n\+\x20head\x20-1\n\+\x202>\x20/dev/null\n\

SF:+\x20read\x20portFile\n\+\x20\+\x20basename\n\+\x202>\x20/dev/null\npid

SF:=\n\+\x20portFileInUse=\.in_use\n\+\x20mv\x20\.in_use\n\+\x202>\x20/dev

SF:/null\n\+\x20renice\x20-n\x20-15\n\+\x201>\x20/dev/null\x202>&\x201\n\+

SF:\x20true\n\+\x20grep\x20-sq\x20-E\x20useWaitingServer=t\|useWaitingServ

SF:er=T\x20/var/websm/config/user_settings/websm\.cfg\n\+\x20grep\x20-sq\x

SF:20WServer\n\+\x20ps\x20-o\x20args\x20-p\n\+\x202>\x20/dev/null\n\+\x20\

SF:(\(\x20\x201\x20==\x200\x20\x20\)\)\n\+\x20rm\x20-fr\x20\.in_use\n\+\x2

SF:0startNewWServer\nLanguage\x20received\x20from\x20client:\x20C\nSetloca

SF:le:\x20C\x20C\x20C\x20C\x20C\x20C\n")%r(GetRequest,215,"\+\x20find\x20/

SF:var/websm/data/wservers/\x20-type\x20f\x20-print\x20-name\x20\[0-9\]\*\

SF:[0-9\]\n\+\x20head\x20-1\n\+\x202>\x20/dev/null\n\+\x20read\x20portFile

SF:\n\+\x20\+\x20basename\n\+\x202>\x20/dev/null\npid=\n\+\x20portFileInUs

SF:e=\.in_use\n\+\x20mv\x20\.in_use\n\+\x202>\x20/dev/null\n\+\x20renice\x

SF:20-n\x20-15\n\+\x201>\x20/dev/null\x202>&\x201\n\+\x20true\n\+\x20grep\

SF:x20-sq\x20-E\x20useWaitingServer=t\|useWaitingServer=T\x20/var/websm/co

SF:nfig/user_settings/websm\.cfg\n\+\x20grep\x20-sq\x20WServer\n\+\x20ps\x

SF:20-o\x20args\x20-p\n\+\x202>\x20/dev/null\n\+\x20\(\(\x20\x201\x20==\x2

SF:00\x20\x20\)\)\n\+\x20rm\x20-fr\x20\.in_use\n\+\x20startNewWServer\nLan

SF:guage\x20received\x20from\x20client:\x20C\nSetlocale:\x20C\x20C\x20C\x2

SF:0C\x20C\x20C\nWServer\.HANDSHAKING\x204097\x20WServer\.HANDSHAKING\n")%

SF:r(GenericLines,20B,"\+\x20find\x20/var/websm/data/wservers/\x20-type\x2

SF:0f\x20-print\x20-name\x20\[0-9\]\*\[0-9\]\n\+\x20head\x20-1\n\+\x202>\x

SF:20/dev/null\n\+\x20read\x20portFile\n\+\x20\+\x20basename\n\+\x202>\x20

SF:/dev/null\npid=\n\+\x20portFileInUse=\.in_use\n\+\x20mv\x20\.in_use\n\+

SF:\x202>\x20/dev/null\n\+\x20renice\x20-n\x20-15\n\+\x201>\x20/dev/null\x

SF:202>&\x201\n\+\x20true\n\+\x20grep\x20-sq\x20-E\x20useWaitingServer=t\|

SF:useWaitingServer=T\x20/var/websm/config/user_settings/websm\.cfg\n\+\x2

SF:0grep\x20-sq\x20WServer\n\+\x20ps\x20-o\x20args\x20-p\n\+\x202>\x20/dev

SF:/null\n\+\x20\(\(\x20\x201\x20==\x200\x20\x20\)\)\n\+\x20rm\x20-fr\x20\

SF:.in_use\n\+\x20startNewWServer\nLanguage\x20received\x20from\x20client:

SF:\x20\r\nSetlocale:\x20C\nWServer\.HANDSHAKING\x204098\x20WServer\.HANDS

SF:HAKING\n");

MAC Address: 00:11:25:C5:39:7E (IBM)

Device type: general purpose

Running: FreeBSD 4.X, IBM AIX 5.X

OS details: FreeBSD 4.3-RELEASE or IBM AIX 5.3 - 6.1

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=262 (Good luck!)

IP ID Sequence Generation: Incremental

Service Info: Host: usdetp510b; OS: Unix



HOP RTT     ADDRESS

1   0.36 ms 10.6.56.138



Nmap scan report for 10.6.56.140

Host is up (0.00023s latency).

Not shown: 992 closed ports

PORT     STATE SERVICE      VERSION

21/tcp   open  ftp          HP-UX or AIX ftpd 4.2

22/tcp   open  ssh          OpenSSH 5.4 (protocol 1.99)

|_sshv1: Server supports SSHv1

| ssh-hostkey: 2048 57:95:8c:a8:f4:15:2a:bb:56:93:e2:43:6b:dd:df:5c (RSA1)

| 1024 f4:cd:43:a3:c6:52:38:81:35:66:c2:b8:96:4d:33:22 (DSA)

|_2048 88:b5:13:fb:60:d3:e6:8a:0b:c3:98:ef:a8:da:35:fb (RSA)

111/tcp  open  rpcbind

| rpcinfo:

| 100000  2,3,4      111/udp  rpcbind

| 100003  2,3       2049/udp  nfs

| 200006  1,4       2049/udp

| 100005  1,2,3    32784/udp  mountd

| 400005  1        32785/udp

| 100024  1        32792/udp  status

| 100133  1        32799/udp  nsm_addrand

| 200001  1        32806/udp  PyramidSys5

| 200001  2        32813/udp  PyramidSys5

| 100021  1,2,3,4  32816/udp  nlockmgr

| 100000  2,3,4      111/tcp  rpcbind

| 100003  2,3,4     2049/tcp  nfs

| 200006  1,4       2049/tcp

| 100021  1,2,3,4  44249/tcp  nlockmgr

| 100024  1        47857/tcp  status

| 100133  1        47857/tcp  nsm_addrand

| 200001  1,2      47857/tcp  PyramidSys5

|_100005  1,2,3    49575/tcp  mountd

1334/tcp open  unknown

2049/tcp open  nfs          2-4 (rpc #100003)

2500/tcp open  xfce-session XFCE Session Manager

5280/tcp open  unknown

9090/tcp open  websm        AIX wsmserver

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

SF-Port5280-TCP:V=5.21%I=7%D=1/17%Time=50F80676%P=i686-pc-linux-gnu%r(NULL

SF:,10,"7003\x203277734\x20pid")%r(GetRequest,10,"7003\x203277734\x20pid")

SF:%r(GenericLines,10,"7003\x204391648\x20pid")%r(HTTPOptions,10,"7003\x20

SF:1639102\x20pid")%r(RTSPRequest,10,"7003\x204390980\x20pid")%r(RPCCheck,

SF:10,"7003\x201639106\x20pid")%r(DNSVersionBindReq,10,"7003\x202752578\x2

SF:0pid")%r(DNSStatusRequest,10,"7003\x203211640\x20pid")%r(Help,10,"7003\

SF:x205767672\x20pid")%r(SSLSessionReq,10,"7003\x205308574\x20pid")%r(SMBP

SF:rogNeg,10,"7003\x205767676\x20pid")%r(X11Probe,10,"7003\x207078248\x20p

SF:id")%r(FourOhFourRequest,F,"7003\x20459266\x20pid")%r(LPDString,10,"700

SF:3\x204260514\x20pid")%r(LDAPBindReq,10,"7003\x205833550\x20pid")%r(SIPO

SF:ptions,10,"7003\x207078262\x20pid")%r(LANDesk-RC,10,"7003\x205308604\x2

SF:0pid")%r(TerminalServer,10,"7003\x202098054\x20pid")%r(NCP,10,"7003\x20

SF:5308612\x20pid")%r(NotesRPC,10,"7003\x202752636\x20pid")%r(WMSRequest,1

SF:0,"7003\x202098062\x20pid")%r(oracle-tns,10,"7003\x205309246\x20pid");

MAC Address: 00:09:6B:AE:8A:13 (IBM)

Device type: general purpose

Running: FreeBSD 4.X, IBM AIX 5.X

OS details: FreeBSD 4.3-RELEASE or IBM AIX 5.3 - 6.1

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=264 (Good luck!)

IP ID Sequence Generation: Incremental

Service Info: Host: USMITR_LAO; OSs: Unix, AIX



HOP RTT     ADDRESS

1   0.23 ms 10.6.56.140



Nmap scan report for 10.6.56.143

Host is up (0.0046s latency).

Not shown: 980 closed ports

PORT      STATE SERVICE      VERSION

13/tcp    open  daytime

21/tcp    open  ftp          HP-UX or AIX ftpd 4.2

22/tcp    open  ssh          OpenSSH 4.3 (protocol 2.0)

| ssh-hostkey: 1024 ca:4a:a6:01:5d:b0:21:86:a8:84:ad:3e:e6:92:80:59 (DSA)

|_2048 03:92:74:b9:4e:ba:f9:73:a1:b4:8c:a7:ba:40:9b:ff (RSA)

25/tcp    open  smtp         Sendmail AIX5.3/8.13.4

| smtp-commands: EHLO USTRYSD0GMANCI20.mwg.com Hello , pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE, DSN, ETRN, DELIVERBY, HELP

|_HELP 2.0.0 This is sendmail version AIX5.3/8.13.4 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use: HELP . 2.0.0 To report bugs in the implementation send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

37/tcp    open  time?

111/tcp   open  rpcbind

| rpcinfo:

| 100000      2,3,4      111/udp  rpcbind

| 390109      2         8992/udp  nsrstat

| 100021      1,2,3,4  32825/udp  nlockmgr

| 100024      1        32848/udp  status

| 100133      1        32848/udp  nsm_addrand

| 200001      1,2      32848/udp  PyramidSys5

| 100000      2,3,4      111/tcp  rpcbind

| 1111042036  1         5006/tcp

| 1111042072  1         5006/tcp

| 1111042003  1         5018/tcp

| 1111042012  1         5020/tcp

| 1111042053  1         5032/tcp

| 1111042039  1         5034/tcp

| 1111042034  1         5056/tcp

| 1111042082  1         5076/tcp

| 1111042055  1         5090/tcp

| 1111042061  1         5096/tcp

| 1111042060  1         5102/tcp

| 1111042029  1         5108/tcp

| 1111042025  1         5112/tcp

| 1111042019  1         5122/tcp

| 1111042050  1         5136/tcp

| 1111042030  1         5144/tcp

| 1111042077  1         5162/tcp

| 1111042022  1         5164/tcp

| 1111042011  1         5186/tcp

| 1111042028  1         5188/tcp

| 1111042013  1         5192/tcp

| 1111042080  1         5196/tcp

| 1111042081  1         5204/tcp

| 1111042048  1         5222/tcp

| 1111042056  1         5228/tcp

| 1111042031  1         5236/tcp

| 1111042042  1         5251/tcp

| 1111042044  1         5258/tcp

| 1111042018  1         5268/tcp

| 1111042024  1         5290/tcp

| 1111042020  1         5294/tcp

| 1111042065  1         5324/tcp

| 1111042071  1         5330/tcp

| 1111042010  1         5332/tcp

| 1111042049  1         5336/tcp

| 1111042058  1         5336/tcp

| 1111042059  1         5346/tcp

| 1111042069  1         5348/tcp

| 1111042021  1         5360/tcp

| 1111042079  1         5374/tcp

| 1111042004  1         5382/tcp

| 1111042040  1         5382/tcp

| 1111042007  1         5386/tcp

| 1111042075  1         5390/tcp

| 1111042026  1         5400/tcp

| 1111042097  1         5400/tcp

| 1111042023  1         5410/tcp

| 1111042032  1         5414/tcp

| 395644      1         5428/tcp  caservd

| 1111042066  1         5429/tcp

| 395645      1         5429/tcp  calqserver

| 395646      1         5430/tcp  camediadsvr

| 395647      1         5431/tcp  caldbserver

| 395648      1         5432/tcp  caauthd

| 395649      1         5433/tcp  cadiscovd

| 395650      1         5434/tcp  caloggerd

| 1111042054  1         5435/tcp

| 395652      1         5436/tcp

| 395653      1         5437/tcp

| 1111042064  1         5438/tcp

| 1111042067  1         5440/tcp

| 1111042045  1         5442/tcp

| 1111042091  1         5450/tcp

| 1111042095  1         5454/tcp

| 1111042087  1         5462/tcp

| 1111042005  1         5464/tcp

| 1111042035  1         5470/tcp

| 1111042038  1         5488/tcp

| 1111042078  1         5506/tcp

| 1111042037  1         5512/tcp

| 1111042047  1         5518/tcp

| 1111042083  1         5564/tcp

| 1111042052  1         5566/tcp

| 1111042076  1         5578/tcp

| 1111042096  1         5590/tcp

| 1111042033  1         5600/tcp

| 1111042014  1         5600/tcp

| 1111042015  1         5606/tcp

| 1111042085  1         5608/tcp

| 1111042027  1         5614/tcp

| 1111042043  1         5615/tcp

| 1111042084  1         5624/tcp

| 1111042074  1         5690/tcp

| 1111042057  1         5724/tcp

| 1111042068  1         5752/tcp

| 1111042099  1         5778/tcp

| 1111042009  1         5796/tcp

| 1111042017  1         5796/tcp

| 1111042041  1         5808/tcp

| 1111042046  1         5828/tcp

| 1111042051  1         5904/tcp

| 1111042063  1         5906/tcp

| 1111042073  1         5960/tcp

| 1111042062  1         5966/tcp

| 1111042070  1         5974/tcp

| 390113      1         7937/tcp  nsrexec

| 390429      101       8085/tcp

| 390104      105       8319/tcp  nsrmmd

| 390109      2         8824/tcp  nsrstat

| 390110      1         8824/tcp  nsrjb

| 390120      1         8824/tcp

| 390103      2         8824/tcp  nsrd

| 390104      305       9025/tcp  nsrmmd

| 390107      5,6       9034/tcp  nsrmmdbd

| 390105      5,6       9091/tcp  nsrindexd

| 390436      1         9094/tcp

| 390435      1         9104/tcp

| 390430      1         9119/tcp

| 390433      1         9279/tcp

| 100021      1,2,3,4  32773/tcp  nlockmgr

| 100024      1        32775/tcp  status

| 100133      1        32775/tcp  nsm_addrand

|_200001      1,2      32775/tcp  PyramidSys5

199/tcp   open  smux?

1334/tcp  open  unknown

2500/tcp  open  xfce-session XFCE Session Manager

5280/tcp  open  unknown

5432/tcp  open  rpc.unknown

7937/tcp  open  nsrexec      1 (rpc #390113)

7938/tcp  open  rpcbind      2 (rpc #100000)

| rpcinfo:

| 100000  2     7938/udp  rpcbind

| 390109  2     8992/udp  nsrstat

| 390113  1     7937/tcp  nsrexec

| 100000  2     7938/tcp  rpcbind

| 390429  101   8085/tcp

| 390104  105   8319/tcp  nsrmmd

| 390109  2     8824/tcp  nsrstat

| 390110  1     8824/tcp  nsrjb

| 390120  1     8824/tcp

| 390103  2     8824/tcp  nsrd

| 390107  5,6   9034/tcp  nsrmmdbd

| 390105  5,6   9091/tcp  nsrindexd

| 390436  1     9094/tcp

| 390435  1     9104/tcp

| 390430  1     9119/tcp

|_390433  1     9279/tcp

8085/tcp  open  rpc.unknown

9090/tcp  open  http         AIX Web-based System Manager

9091/tcp  open  nsrindexd    5-6 (rpc #390105)

27000/tcp open  flexlm       FlexLM license manager

32768/tcp open  unknown

32773/tcp open  nlockmgr     1-4 (rpc #100021)

32775/tcp open  status       1 (rpc #100024)

2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port37-TCP:V=5.21%I=7%D=1/17%Time=50F80676%P=i686-pc-linux-gnu%r(NULL,4

SF:,"\xd4\xa2\x955")%r(GenericLines,4,"\xd4\xa2\x955")%r(GetRequest,4,"\

SF:4\xa2\x955")%r(HTTPOptions,4,"\xd4\xa2\x955")%r(RTSPRequest,4,"\xd4\xa2

SF:\x955")%r(RPCCheck,4,"\xd4\xa2\x955")%r(DNSVersionBindReq,4,"\xd4\xa2\x

SF:955")%r(DNSStatusRequest,4,"\xd4\xa2\x955")%r(Help,4,"\xd4\xa2\x955")%r

SF:(SSLSessionReq,4,"\xd4\xa2\x955")%r(SMBProgNeg,4,"\xd4\xa2\x955")%r(X11

SF:Probe,4,"\xd4\xa2\x955")%r(FourOhFourRequest,4,"\xd4\xa2\x955")%r(LPDSt

SF:ring,4,"\xd4\xa2\x955")%r(LDAPBindReq,4,"\xd4\xa2\x955")%r(SIPOptions,4

SF:,"\xd4\xa2\x955")%r(LANDesk-RC,4,"\xd4\xa2\x955")%r(TerminalServer,4,"\

SF:xd4\xa2\x955")%r(NCP,4,"\xd4\xa2\x955")%r(NotesRPC,4,"\xd4\xa2\x955")%r

SF:(WMSRequest,4,"\xd4\xa2\x955")%r(oracle-tns,4,"\xd4\xa2\x955");

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port5280-TCP:V=5.21%I=7%D=1/17%Time=50F8067C%P=i686-pc-linux-gnu%r(NULL

SF:,10,"7003\x201110054\x20pid")%r(GetRequest,10,"7003\x201110054\x20pid")

SF:%r(GenericLines,F,"7003\x20708706\x20pid")%r(HTTPOptions,F,"7003\x20708

SF:708\x20pid")%r(RTSPRequest,10,"7003\x201216552\x20pid")%r(RPCCheck,10,"

SF:7003\x201110062\x20pid")%r(DNSVersionBindReq,10,"7003\x201081448\x20pid

SF:")%r(DNSStatusRequest,10,"7003\x201273888\x20pid")%r(Help,F,"7003\x2070

SF:8732\x20pid")%r(SSLSessionReq,10,"7003\x201273900\x20pid")%r(SMBProgNeg

SF:,F,"7003\x20708738\x20pid")%r(X11Probe,10,"7003\x201450194\x20pid")%r(F

SF:ourOhFourRequest,10,"7003\x201273910\x20pid")%r(LPDString,10,"7003\x201

SF:450206\x20pid")%r(LDAPBindReq,10,"7003\x201081506\x20pid")%r(SIPOptions

SF:,F,"7003\x20708754\x20pid")%r(LANDesk-RC,10,"7003\x201110088\x20pid")%r

SF:(TerminalServer,10,"7003\x201188076\x20pid")%r(NCP,F,"7003\x20708764\x2

SF:0pid")%r(NotesRPC,10,"7003\x201110100\x20pid")%r(WMSRequest,10,"7003\x2

SF:01081522\x20pid")%r(oracle-tns,10,"7003\x201273938\x20pid");

MAC Address: 00:0D:60:DE:DE:14 (IBM)

Device type: general purpose

Running: IBM AIX 5.X

OS details: IBM AIX 5.3 - 6.1

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=251 (Good luck!)

IP ID Sequence Generation: Incremental

Service Info: Host: USTRYSD0GMANCI20; OSs: Unix, AIX



HOP RTT     ADDRESS

1   4.65 ms 10.6.56.143



Read data files from: /usr/share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 17 IP addresses (4 hosts up) scanned in 167.29 seconds

           Raw packets sent: 4106 (183.652KB) | Rcvd: 4064 (163.996KB)


 










 



Link to comment
Share on other sites

In that case this might be more what you are looking for





netadm1n@usrn2netweb02:~$ sudo nmap -v -sn 10.6.56.130-146 | grep down

Nmap scan report for 10.6.56.130

Nmap scan report for 10.6.56.131

Nmap scan report for 10.6.56.132

Nmap scan report for 10.6.56.133

Nmap scan report for 10.6.56.134

Nmap scan report for 10.6.56.136

Nmap scan report for 10.6.56.137

Nmap scan report for 10.6.56.139

Nmap scan report for 10.6.56.141

Nmap scan report for 10.6.56.142

Nmap scan report for 10.6.56.144

Nmap scan report for 10.6.56.145

Nmap scan report for 10.6.56.146

netadm1n@usrn2netweb02:~$ sudo nmap -v -sn 10.6.56.130-146 | grep up

Host is up (0.00017s latency).

Host is up (0.00020s latency).

Host is up (0.00023s latency).

Host is up (0.00019s latency).

Nmap done: 17 IP addresses (4 hosts up) scanned in 0.34 seconds


 






 



Link to comment
Share on other sites

  • 2 months later...

If you don't have nmap loaded on your ubuntu box and need to do a ping sweep that is easy to copy and paste in an email try this



 



 





for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep 'from'; done



OR



 





prefix="10.132" && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c "ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \"icmp\" &" ; done; done



Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...