Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Nmap: Network Exploration and Security Auditing Cookbook

You're reading from   Nmap: Network Exploration and Security Auditing Cookbook Network discovery and security scanning at your fingertips

Arrow left icon
Product type Paperback
Published in May 2017
Publisher
ISBN-13 9781786467454
Length 416 pages
Edition 2nd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Paulino Calderon Paulino Calderon
Author Profile Icon Paulino Calderon
Paulino Calderon
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Nmap Fundamentals FREE CHAPTER 2. Network Exploration 3. Reconnaissance Tasks 4. Scanning Web Servers 5. Scanning Databases 6. Scanning Mail Servers 7. Scanning Windows Systems 8. Scanning ICS SCADA Systems 9. Optimizing Scans 10. Generating Scan Reports 11. Writing Your Own NSE Scripts 12. HTTP, HTTP Pipelining, and Web Crawling Configuration Options 13. Brute Force Password Auditing Options 14. NSE Debugging 15. Additional Output Options 16. Introduction to Lua 17. References and Additional Reading

Scanning an IP address ranges

Very often, penetration testers and system administrators need to scan not a single machine but a range of hosts. Nmap supports IP address ranges in different formats, and it is essential that we know how to deal with them.

This recipe explains how to work with IP address ranges when scanning with Nmap.

How to do it...

  1. Open your terminal and enter the following command:
$ nmap <IP address range>  
  1. For example, to scan from 192.168.1.0 to 192.168.1.255 use the following command:
$ nmap 192.168.1.0-255  
  1. Alternatively, you can use any of the following notations:
$ nmap 192.168.*
$ nmap 192.168.0/24
$ nmap 192.168.1.0 192.168.1.1 192.168.1.2 ... 192.168.1.254 192.168.1.255

How it works...

Nmap supports several target formats that allows users to work with IP address ranges. The most common type is when we specify the target's IP or host, but it also supports the reading of targets from files, ranges, and we can even generate a list of random targets.

Any arguments that are not valid options are read as targets by Nmap. This means that we can tell Nmap to scan more than one range in a single command, as shown in the following command:

# nmap -p25,80 -O -T4 192.168.1.1/24 scanme.nmap.org/24  

There are several ways that we can handle IP ranges in Nmap:

  • Multiple host specification
  • Octet range addressing (they also support wildcards)
  • CIDR notation

To scan IP addresses 192.168.1.1, 192.168.1.2, and 192.168.1.3, the following command can be used:

$ nmap 192.168.1.1 192.168.1.2 192.168.1.3  

We can also specify octet ranges using -. For example, to scan hosts 192.168.1.1, 192.168.1.2, and 192.168.1.3, we could use the expression 192.168.1.1-3, as shown in the following command:

$ nmap 192.168.1.1-3  

Octect range notation also supports wildcards, so we could scan from 192.168.1.0 to 192.168.1.255 with the expression 192.168.1.*:

$ nmap 192.168.1.*

The CIDR notation can also be used when specifying targets. The CIDR notation consists of an IP address and a suffix. The most common network suffixes used are /8, /16, /24, and /32. To scan the 256 hosts in 192.168.1.0-255 using the CIDR notation, the following command can be used:

$ nmap 192.168.1.0/24  

There's more...

In addition, you may exclude the hosts from the ranges by specifying the parameter the --exclude option, as shown:

$ nmap 192.168.1.1-255 --exclude 192.168.1.1
$ nmap 192.168.1.1-255 --exclude 192.168.1.1,192.168.1.2

Otherwise, you can write your exclusion list in a file and read it with--exclude-file:

$ cat dontscan.txt
192.168.1.1
192.168.1.254
$ nmap --exclude-file dontscan.txt 192.168.1.1-255

CIDR notation

The Classless Inter-domain Routing (CIDR) notation (pronounced cider) is a compact method for specifying IP addresses and their routing suffixes. This notation gained popularity due to its granularity when compared with classful addressing because it allows subnet masks of variable length.

The CIDR notation is specified by an IP address and network suffix. The network or IP suffix represent the number of network bits. IPv4 addresses are 32 bit, so the network can be between 0 and 32. The most common suffixes are /8, /16, /24, and /32.

To visualize it, take a look at the following CIDR-to-Netmask conversion table:

CIDR

Netmask

/8

255.0.0.0

/16

255.255.0.0

/24

255.255.255.0

/32

255.255.255.255

For example, 192.168.1.0/24 represents the 256 IP addresses from 192.168.1.0 to 192.168.1.255. And 50.116.1.121/8 represents all the IP addresses between 50.0-255.0-255.0-255. The network suffix /32 is also valid and represents a single IP.

You have been reading a chapter from
Nmap: Network Exploration and Security Auditing Cookbook - Second Edition
Published in: May 2017
Publisher:
ISBN-13: 9781786467454
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image