Nmap Announce mailing list archives
Re: Scanning subnets w/CIDR
From: Jeffrey Paul <sneak () datavibe net>
Date: Tue, 14 Mar 2000 23:39:19 -0500
Of course, nmap supports other types of range definitons too...... for instance 1.2.3.1-254 1.2.1-254.1-254 etc.... to quote the manpage directly: Everything that isn't an option (or option argument) in nmap is treated as a target host specification. The simplest case is listing single hostnames or IP addresses on the command line. If you want to scan a sub- net of IP addresses, you can append '/mask' to the hostname or IP address. mask must be between 0 (scan the whole internet) and 32 (scan the single host specified). Use /24 to scan a class 'C' address and /16 for a class 'B'. Nmap also has a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class 'B' network 128.210.*.* by specifying '128.210.*.*' or '128.210.0-255.0-255' or even '128.210.1-50,51-255.1,2,3,4,5-255'. And of course you can use the mask notation: '128.210.0.0/16'. These are all equivalent. If you use astericts ('*'), remember that most shells require you to escape them with back slashes or protect them with quotes. Another interesting thing to do is slice the Internet the other way. Instead of scanning all the hosts in a class 'B', scan '*.*.5.6-7' to scan every IP address that ends in .5.6 or .5.7 Pick your own numbers. endquoteI believe using this kind of address flexibility will deal with almost any kind of scan you would want to do.... and if not, you can always hack up a teeny script to generate what you need, put the ips in a file and use
nmap <options> -iL - to read lists of hosts/ips to scan from stdin..... -j
On Tue, 7 Mar 2000, Mark E. Drummond wrote:I have a class B net, chopped up into variously sized subnets. Can the "/##" an address spec be any sized mask? /22 ? /20 ?I've been scanning variably sized subnets w/o any trouble (except when I forget and scan the wrong subnet). /18 /20, etc. is no problem.Also, I noticed that nmap will scan the net address and broadcast address themselves. Should it not be coded to not scan these? Or perhaps a more flexible language for specifying address such as "x.x.x.x/xx EXCEPT x.x.x.x ..." ?I'd think that you'd be better having it not scan the net & broadcast for the specified net mask with an override switch to force the other behavior. It gets the functionality you suggest w/o changing any of the language/grammar ... or minimally so. andrew. -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
-- -------------------------------------------------- sneak () datavibe net - 0xCD91A427 9907 3747 3CE9 11C5 2B1C F141 D09F 488C CD91 A427 Note: key id 0x299450B6 is lost and inactive. -------------------------------------------------- Copyright 2000 Jeffrey Paul. The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Thank you.
Current thread:
- Scanning subnets w/CIDR Mark E. Drummond (Mar 14)
- Re: Scanning subnets w/CIDR Andrew Brennan (Mar 14)
- Re: Scanning subnets w/CIDR Jeffrey Paul (Mar 14)
- Re: Scanning subnets w/CIDR Fyodor (Mar 14)
- Re: Scanning subnets w/CIDR Matthew R. Potter (Mar 15)
- <Possible follow-ups>
- Re: Scanning subnets w/CIDR peter pajak (Mar 14)
- Re: Scanning subnets w/CIDR rain forest puppy (Mar 14)
- Re: Scanning subnets w/CIDR Greg Jones (Mar 15)
- Re: Scanning subnets w/CIDR Andrew Brennan (Mar 14)