Linux – How to scan using nmap and Zenmap all hostnames that begin with a particular string

linuxnetwork-monitoringnetworkingnmapwindows

I have a number of nodes on a couple of networks whose hostnames all start with org. Some examples are:

orgwebsvr1
orgwebsvr2
orgwebsvr3
orgdbsvrmysql
orgdbsvrmssql
orgdbsvrosql

With nmap, I know that I can scan multiple targets using the IP or an external list. But I want to discover all the devices on a network that start with org. Is there such a way to write that using nmap?

Thank you.

Best Answer

Assuming the hosts all have valid DNS entries, you can do a list scan querying the DNS for each host on your target network, then filter the output to a file and use it as target for a second nmap scan:

nmap -sL 192.168.0.0/24 | awk '{print $5}' | grep ^org > ~/targets.txt; nmap -iL ~/targets.txt

Related Solutions

Nmap find all alive hostnames and IPs in LAN

nmap versions lower than 5.30BETA1:

nmap -sP 192.168.1.*

newer nmap versions:

nmap -sn 192.168.1.*

This gives me hostnames along with IP adresses, and only pings the hosts to discover them. This will only give you the hostnames if you run it as root.

EDIT: As of Nmap 5.30BETA1 [2010-03-29] -sP has been replaced with -sn as the preferred way to do ping scans, while skipping port scanning, just like the comments indicate:

Previously the -PN and -sP options were recommended. This establishes a more regular syntax for some options that disable phases of a scan:

-n no reverse DNS

-Pn no host discovery

-sn no port scan

While using Nmap and sweep the network with a ping

Even though 10.0.0.0 is defined as a Class-A network, you can still define smaller networks inside it.

So 10.0.0.0/24 is used to define a smaller network ranging from 10.0.0.0 to 10.0.0.255. As example, /23 could also have been used to define a network ranging form 10.0.0.0 to 10.0.1.255, etc.

I would suggest you look into the CIDR calculator at the following URL (http://www.subnet-calculator.com/cidr.php)

As a side note, in your command, you are not asking NMAP to ping an IP... you are asking that he scan a defined range. You could also point it toward a single IP, but NMAP will most likely translate it as $ip/32.

Best Answer

Related Solutions

Nmap find all alive hostnames and IPs in LAN

While using Nmap and sweep the network with a ping

Related Topic