LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-04-2018, 01:16 AM   #1
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Rep: Reputation: 10
Post How to find all IP ranges via Nmap?


Hello.
In a local network with VLAN, How can I find all IP ranges?

Thank you.
 
Old 11-04-2018, 10:39 AM   #2
lougavulin
Member
 
Registered: Jul 2018
Distribution: Slackware,x86_64,current
Posts: 262

Rep: Reputation: 94
Do you want all the IP address possible or all live hosts' IP ?
Because using nmap make me think the later...
 
Old 11-05-2018, 01:01 AM   #3
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by lougavulin View Post
Do you want all the IP address possible or all live hosts' IP ?
Because using nmap make me think the later...
I mean is not "Ping Sweep", suppose a local network and you like to find all IP address ranges that used in the network.
 
Old 11-05-2018, 01:08 AM   #4
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,109

Rep: Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150
Quote:
Originally Posted by hack3rcon View Post
I mean is not "Ping Sweep", suppose a local network and you like to find all IP address ranges that used in the network.
What do you mean by "use an address range"? For example, in this case:
Code:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:77:b3:be brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.201/24 brd 192.168.1.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe77:b3be/64 scope link
       valid_lft forever preferred_lft forever
you could say I "use" two address ranges, 127.0.0.0/8 and 192.168.1.0/24. Oh and let's not forget IPv6: ::1/128 and fe80::/64. So, four ranges.

Now, you can check IP addresses of devices on your network, but I don't see a way to check IP address ranges. While you can confirm that a device has address 192.168.1.201, to know the prefix it configures you would have to log on to it.
 
Old 11-05-2018, 07:02 AM   #5
dc.901
Member
 
Registered: Aug 2018
Location: Atlanta, GA - USA
Distribution: CentOS 6-7; SuSE 8-12
Posts: 657

Rep: Reputation: 199Reputation: 199
Quote:
Originally Posted by hack3rcon View Post
I mean is not "Ping Sweep", suppose a local network and you like to find all IP address ranges that used in the network.
You ask your network admin, or look at the switch config.
You computer is only going to show you IP of whatever VLAN it is on.
 
Old 11-05-2018, 12:38 PM   #6
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.7.1908
Posts: 4,361

Rep: Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525
This:
Code:
nmap -v -sn 192.168.0.0/24 | grep -v 'host down'
where 192.168.0.0/24 is the IP range of your local network. Will show you connected hosts.
but review man nmap for other options.

You will need a target for an nmap scan...it doesn't "discover" IP ranges. See the man page for details.

Last edited by scasey; 11-05-2018 at 12:41 PM.
 
Old 11-05-2018, 03:24 PM   #7
lougavulin
Member
 
Registered: Jul 2018
Distribution: Slackware,x86_64,current
Posts: 262

Rep: Reputation: 94
Quote:
Originally Posted by scasey View Post
where 192.168.0.0/24 is the IP range of your local network. Will show you connected hosts.
Will show you connected hosts with firewall which allow the respond. Desktop do not have to respond for instance.

Quote:
Originally Posted by scasey View Post
This:
Code:
nmap -v -sn 192.168.0.0/24 | grep -v 'host down'
If you want to exclude 'host down' results (with the grep), this is simpler :

Code:
nmap -sn 192.168.0.0/24
 
Old 11-06-2018, 01:27 AM   #8
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by berndbausch View Post
What do you mean by "use an address range"? For example, in this case:
Code:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:77:b3:be brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.201/24 brd 192.168.1.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe77:b3be/64 scope link
       valid_lft forever preferred_lft forever
you could say I "use" two address ranges, 127.0.0.0/8 and 192.168.1.0/24. Oh and let's not forget IPv6: ::1/128 and fe80::/64. So, four ranges.

Now, you can check IP addresses of devices on your network, but I don't see a way to check IP address ranges. While you can confirm that a device has address 192.168.1.201, to know the prefix it configures you would have to log on to it.
I mean is you work at a company that each floor has its own VLAN. Your floor IP address range is "192.168.X.X" but how you can find the other floors IP address ranges?
 
Old 11-06-2018, 02:28 AM   #9
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,109

Rep: Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150
If you can connect a PC to a VLAN, you can observe the traffic with a tool like tcpdump or wireshark and conclude what addresses are used.

You may get an address and the netmask or prefix from a DHCP server.

I don’t know if nmap has a function for detecting address ranges.
 
Old 11-06-2018, 07:41 AM   #10
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by berndbausch View Post
If you can connect a PC to a VLAN, you can observe the traffic with a tool like tcpdump or wireshark and conclude what addresses are used.

You may get an address and the netmask or prefix from a DHCP server.

I donít know if nmap has a function for detecting address ranges.
Any other tool?
 
Old 11-06-2018, 11:02 AM   #11
dc.901
Member
 
Registered: Aug 2018
Location: Atlanta, GA - USA
Distribution: CentOS 6-7; SuSE 8-12
Posts: 657

Rep: Reputation: 199Reputation: 199
Quote:
Originally Posted by hack3rcon View Post
I mean is you work at a company that each floor has its own VLAN. Your floor IP address range is "192.168.X.X" but how you can find the other floors IP address ranges?
You will need to monitor traffic at the router.
Am curious, is this an interview question? Why do you want to know this?
 
Old 11-06-2018, 06:47 PM   #12
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: A few
Posts: 4,109

Rep: Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150Reputation: 1150
Quote:
Originally Posted by hack3rcon View Post
Any other tool?
Probably, but rather than asking for any other tool, why don't you tell us what you expect from the tool, in addition to what tcpdump and a DHCP client can achieve?

Otherwise, people continue to throw out tools, and you just continue to reply "any other tool". What is the termination condition of this loop?
 
Old 11-08-2018, 07:58 AM   #13
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Ask your SysAdmin.
The biggest tool around.

What's in use, what's assigned and what responds.

Have fun.
 
1 members found this post helpful.
Old 11-12-2018, 05:21 AM   #14
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by berndbausch View Post
Probably, but rather than asking for any other tool, why don't you tell us what you expect from the tool, in addition to what tcpdump and a DHCP client can achieve?

Otherwise, people continue to throw out tools, and you just continue to reply "any other tool". What is the termination condition of this loop?
I'm in a new local network and I want to find all IP ranges that using here.
 
Old 11-12-2018, 12:35 PM   #15
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.7.1908
Posts: 4,361

Rep: Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525Reputation: 1525
Quote:
Originally Posted by hack3rcon View Post
I'm in a new local network and I want to find all IP ranges that using here.
+1 for asking your SysAdmin/IT department.
If it were my LAN, such hacking without asking would be grounds for dismissal. Just sayin'
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap - find open UDP ports loadedmind Red Hat 3 09-13-2013 05:42 AM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 10:10 AM
Strange nmap results when scanning IP Ranges NuxIT Linux - Security 2 01-19-2007 03:30 AM
can't find vert/horiz sync ranges! kanko Linux - Hardware 1 09-17-2006 06:57 AM
how to find zombies for idle scan using Nmap b0nd Linux - Networking 2 01-29-2006 06:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration