Re: fast nmap scan of XP boxes?
From: Daniel Miessler (daniel_at_dmiessler.com)
Date: 10/29/05
- Previous message: Andy Meyers: "Sniffing on a switch"
- Next in thread: Juan B: "Re: fast nmap scan of XP boxes?"
- Reply: Juan B: "Re: fast nmap scan of XP boxes?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Oct 2005 22:14:56 -0400 To: Michael Weber <mweber@alliednational.com>
On Aug 12, 2005, at 1:58 PM, Michael Weber wrote:
> I am using nmap to create a list of targets that I will then use other
> tools to test. My problem is how can I do a fast scan of a large
> (class
> B) network of systems running XP, most with firewalling turned on?
> Will
> nmap -sP still find the systems if ping does not?
I have something just for you; I use it constantly during assessments
just for this purpose:
nmap -vv -n -sP -PS21,22,23,25,53,80,110,135,139,143,445,1433,1521
$target | grep appears | grep up | cut -d" " -f2 > $outfile
What this does is "ping" the host via not just ICMP, but also via TCP
connections on the ports listed. :) It makes great lists and, as you
know, it saves tons of time when you import a list of active hosts
instead of just feeding a network.
Hope you like it. :) Oh, and here's my Nmap "Primer" which has a
couple other decent nuggets:
http://dmiessler.com/study/nmap
-- Daniel R. Miessler M: daniel@dmiessler.com W: http://dmiessler.com G: 0x316BC712
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Andy Meyers: "Sniffing on a switch"
- Next in thread: Juan B: "Re: fast nmap scan of XP boxes?"
- Reply: Juan B: "Re: fast nmap scan of XP boxes?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
