LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   How to find all IP ranges via Nmap? (https://www.linuxquestions.org/questions/linux-software-2/how-to-find-all-ip-ranges-via-nmap-4175641731/)

hack3rcon 11-04-2018 01:16 AM
How to find all IP ranges via Nmap?
 
Hello.
In a local network with VLAN, How can I find all IP ranges?

Thank you.

lougavulin 11-04-2018 09:39 AM
Do you want all the IP address possible or all live hosts' IP ?
Because using nmap make me think the later...

hack3rcon 11-05-2018 12:01 AM
Quote:
Originally Posted by lougavulin (Post 5922722)
Do you want all the IP address possible or all live hosts' IP ?
Because using nmap make me think the later...
I mean is not "Ping Sweep", suppose a local network and you like to find all IP address ranges that used in the network.

berndbausch 11-05-2018 12:08 AM
Quote:
Originally Posted by hack3rcon (Post 5922918)
I mean is not "Ping Sweep", suppose a local network and you like to find all IP address ranges that used in the network.
What do you mean by "use an address range"? For example, in this case:
Code:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:77:b3:be brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.201/24 brd 192.168.1.255 scope global ens3
      valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe77:b3be/64 scope link
      valid_lft forever preferred_lft forever
you could say I "use" two address ranges, 127.0.0.0/8 and 192.168.1.0/24. Oh and let's not forget IPv6: ::1/128 and fe80::/64. So, four ranges.

Now, you can check IP addresses of devices on your network, but I don't see a way to check IP address ranges. While you can confirm that a device has address 192.168.1.201, to know the prefix it configures you would have to log on to it.

dc.901 11-05-2018 06:02 AM
Quote:
Originally Posted by hack3rcon (Post 5922918)
I mean is not "Ping Sweep", suppose a local network and you like to find all IP address ranges that used in the network.
You ask your network admin, or look at the switch config.
You computer is only going to show you IP of whatever VLAN it is on.

scasey 11-05-2018 11:38 AM
This:
Code:
nmap -v -sn 192.168.0.0/24 | grep -v 'host down'
where 192.168.0.0/24 is the IP range of your local network. Will show you connected hosts.
but review man nmap for other options.

You will need a target for an nmap scan...it doesn't "discover" IP ranges. See the man page for details.

lougavulin 11-05-2018 02:24 PM
Quote:
Originally Posted by scasey (Post 5923064)
where 192.168.0.0/24 is the IP range of your local network. Will show you connected hosts.
Will show you connected hosts with firewall which allow the respond. Desktop do not have to respond for instance.

Quote:
Originally Posted by scasey (Post 5923064)
This:
Code:
nmap -v -sn 192.168.0.0/24 | grep -v 'host down'
If you want to exclude 'host down' results (with the grep), this is simpler :

Code:
nmap -sn 192.168.0.0/24

hack3rcon 11-06-2018 12:27 AM
Quote:
Originally Posted by berndbausch (Post 5922921)
What do you mean by "use an address range"? For example, in this case:
Code:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:77:b3:be brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.201/24 brd 192.168.1.255 scope global ens3
      valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe77:b3be/64 scope link
      valid_lft forever preferred_lft forever
you could say I "use" two address ranges, 127.0.0.0/8 and 192.168.1.0/24. Oh and let's not forget IPv6: ::1/128 and fe80::/64. So, four ranges.

Now, you can check IP addresses of devices on your network, but I don't see a way to check IP address ranges. While you can confirm that a device has address 192.168.1.201, to know the prefix it configures you would have to log on to it.
I mean is you work at a company that each floor has its own VLAN. Your floor IP address range is "192.168.X.X" but how you can find the other floors IP address ranges?

berndbausch 11-06-2018 01:28 AM
If you can connect a PC to a VLAN, you can observe the traffic with a tool like tcpdump or wireshark and conclude what addresses are used.

You may get an address and the netmask or prefix from a DHCP server.

I don’t know if nmap has a function for detecting address ranges.

hack3rcon 11-06-2018 06:41 AM
Quote:
Originally Posted by berndbausch (Post 5923256)
If you can connect a PC to a VLAN, you can observe the traffic with a tool like tcpdump or wireshark and conclude what addresses are used.

You may get an address and the netmask or prefix from a DHCP server.

I don’t know if nmap has a function for detecting address ranges.
Any other tool?

dc.901 11-06-2018 10:02 AM
Quote:
Originally Posted by hack3rcon (Post 5923241)
I mean is you work at a company that each floor has its own VLAN. Your floor IP address range is "192.168.X.X" but how you can find the other floors IP address ranges?
You will need to monitor traffic at the router.
Am curious, is this an interview question? Why do you want to know this?

berndbausch 11-06-2018 05:47 PM
Quote:
Originally Posted by hack3rcon (Post 5923339)
Any other tool?
Probably, but rather than asking for any other tool, why don't you tell us what you expect from the tool, in addition to what tcpdump and a DHCP client can achieve?

Otherwise, people continue to throw out tools, and you just continue to reply "any other tool". What is the termination condition of this loop?

Habitual 11-08-2018 06:58 AM
Ask your SysAdmin.
The biggest tool around. ;)

What's in use, what's assigned and what responds.

Have fun.

hack3rcon 11-12-2018 04:21 AM
Quote:
Originally Posted by berndbausch (Post 5923506)
Probably, but rather than asking for any other tool, why don't you tell us what you expect from the tool, in addition to what tcpdump and a DHCP client can achieve?

Otherwise, people continue to throw out tools, and you just continue to reply "any other tool". What is the termination condition of this loop?
I'm in a new local network and I want to find all IP ranges that using here.

scasey 11-12-2018 11:35 AM
Quote:
Originally Posted by hack3rcon (Post 5925229)
I'm in a new local network and I want to find all IP ranges that using here.
+1 for asking your SysAdmin/IT department.
If it were my LAN, such hacking without asking would be grounds for dismissal. Just sayin'


All times are GMT -5. The time now is 02:09 AM.