fping - send ICMP ECHO_REQUEST packets to multiple network hosts
fping -I eth1 -g 192.168.31.0/24 -a
Launch fping without "Host Unreachable" errors
fping -I eth1 -g 192.168.31.0/24 -a 2>/dev/null
nmap - Network exploration tool and security/port scanner
nmap -sn 192.168.31.0/24
# Ping Scan
- Discover all the devices on a target network using a ping sweep (ping scan) with Nmap.
-sn option - Ping Scan (ping sweep), disable port scan. It finds the responding hosts. -sn consist of:
an ICMP echo request
a TCP SYN to port 443
a TCP ACK to port 80
an ICMP default timestamp
-sn must be run as sudo
# Check your network IP subnet
ip -br -c a
lo UNKNOWN 127.0.0.1/8 ::1/128
eth0 DOWN
eth1 UP 192.168.31.128/24 fe80::20c:29ff:fe3a:6a12/64
# Current local subnet network is 192.168.31.0/24
sudo nmap -sn 192.168.31.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-20 15:46 CET
Nmap scan report for 192.168.31.2 # Default Gateway IP
Host is up (0.00021s latency).
MAC Address: 00:50:56:F3:CD:3F (VMware) # MAC Address of the manufacturer
Nmap scan report for 192.168.31.133 # Ubuntu VM IP
Host is up (0.00013s latency).
MAC Address: 00:0C:29:C9:89:DE (VMware)
Nmap scan report for 192.168.31.254 # Vmware DHCP server IP
Host is up (0.00013s latency).
MAC Address: 00:50:56:E7:B4:64 (VMware)
Nmap scan report for 192.168.31.128 # current Kali VM IP
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.01 seconds
# Only 4 devices are up
netdiscover -h
Netdiscover 0.10 [Active/passive ARP reconnaissance tool]
Written by: Jaime Penalba <jpenalbae@gmail.com>
Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-F filter] [-s time] [-c count] [-n node] [-dfPLNS]
-i device: your network device
-r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
-l file: scan the list of ranges contained into the given file
-p passive mode: do not send anything, only sniff
-m file: scan a list of known MACs and host names
-F filter: customize pcap filter expression (default: "arp")
-s time: time to sleep between each ARP request (milliseconds)
-c count: number of times to send each ARP request (for nets with packet loss)
-n node: last source IP octet used for scanning (from 2 to 253)
-d ignore home config files for autoscan and fast mode
-f enable fastmode scan, saves a lot of time, recommended for auto
-P print results in a format suitable for parsing by another program and stop after active scan
-L similar to -P but continue listening after the active scan is completed
-N Do not print header. Only valid when -P or -L is enabled.
-S enable sleep time suppression between each request (hardcore mode)
If -r, -l or -p are not enabled, netdiscover will scan for common LAN addresses.
netdiscover -i eth1 -r 192.168.31.0/24
nmap cheatsheet
nmap different scanning techniques
SWITCH
EXAMPLE
DESCRIPTION
-sS
nmap 192.168.1.1 -sS
TCP SYN port scan (Default)
-sT
nmap 192.168.1.1 -sT
TCP connect port scan (Default without root privilege)
