I am looking to find all the hosts that are online in a set of networks.
I would like to find all hosts that are online in the entire network of 170.10.. (there are ~64K possible hosts). The network I am trying to scan is an internal local network.
I used nmap tool. But it takes about 50 mins, which is way too long. Out of the 64K hosts, there are possible only about 20-40 hosts online. But the problem is they may be in any (or in one or more) network out of the possible 256 networks.
I am looking for a way to quickly figure out this. I don't think using ping command will help either as pinging 64K hosts is not going to be any faster.
I am looking for any alternate solution, perhaps broadcasting ICMP packets directly to all 256 networks or something similar.
Any ideas/suggestions? Thanks.
Best Answer
short answer:
nmap -sn -T5 --min-parallelism 100 subnet/mask -oG output.file.txt; grep -v Down output.file.txt
explanation: nmap alone should be able to scan much faster. We'll start by limiting nmap to do ping scans with
-sP
(newer versions replaced -sP with -sn)From
man nmap
:Time for a little experiment with just running more ping scans parallel
--max-parallelism
and throwing caution about being detected in the wind-T5
:nmap without any options:
nmap with timing options:
Quite the improvement.
For a /16 subnet scan, like OP asked:
To throw @Dan's suggestion in the mix too, I got bored after hitting 5 minutes with fping still running :-)