From: Alcides (alcides.hercules@gmail.com)
Date: Wed Aug 08 2007 - 05:55:13 EDT
Hi Nikhil,
You can try "scanrand" scanner. It is a fast network scanner that can
scan single hosts to very large networks efficiently. "scanrand" can do
stateless TCP scanning, which sets it apart from the other network scanners.
An example could be :
root@tsunami#scanrand -b10M 192.168.1.1-254:22,80,139,443,445....etc
This can just an another way of what you want to do, without using nmap.
Best wishes!
Nikhil Wagholikar wrote:
> Hello List,
>
> I need some suggestions and inputs from all Pen-testers around the
> world on this issue.
>
> I have been alloted a set of IP Address Pool for pen-testing. So my
> first task is to find out live IP Addresses out of the given Pool of
> IP Addresses (Class A & Class B). I know, that normal ping (ICMP)
> won't help me, because now-a-days firewalls can be configured to drop
> ICMP requests. So if I ping (ICMP) the hosts to find live IP Address,
> it won't help me.
>
> Performing a full port scan for the whole IP Address Pool range is
> also not recommended solution, since my whole and sole target is just
> to find Live IP Addresses out of given Pool of IP Addresses i.e.
> either UP or DOWN thats it!!
>
> Now second thought that comes to my mind is TCP Ping. Nmap has a very
> beautiful option built into it i.e. -sP or -PT or -PS. But by default
> it tries to connect to port 80 if no port is specified along with it.
> If the remote IP Address doesn't have HTTP/HTTPS service running on
> it, but has some other service (like FTP, SMTP etc) running on it,
> then even this option would fail. Besides this, if suppose SMTP is
> configured on port 26 instead of traditional port 25, then it would
> add a twist to this situation. Hence specifying well known ports along
> with -PT or -PS option is also not a effective method of discovering
> live hosts from given IP Address Pool. Added to this, specifying large
> number of well known ports along with this options (-PT. -PS), leads
> Nmap to exit abruptly by throwing Buffer Overflow related error.
>
> Can anyone kindly guide me, as to how to find live IP Addresses from a
> given Pool of IP Addresses (Range of IP Addresses) with as less false
> positive results as possible and as quickly as possible? Is there any
> tool out (no matter shareware or freeware), which focuses on finding
> live IP Addresses from Pool of IP Addresses?
>
> --
> Nikhil Wagholikar
> Information Security Analyst
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:00 EDT