Nmap tips [1] detecting surviving hosts in large network space

Url:

Nmap is a scanning tool that all security enthusiasts should be familiar with, and this article describes its use when scanning large cyberspace.

Why scan Large cyberspace? This is the case:

1. Intranet infiltration Attackers single point of breakthrough, into the intranet, the need to further expand the results, you can first scan the entire private network space, to discover which hosts are valuable, such as 10.1.1.1/8, 172.16.1.1/12, 192.168.1.1/16
2. Full Network scan

Scanning a huge network space, we are most concerned about the efficiency problem, that is, the time cost. On the premise of being quick enough, we would rather sacrifice some accuracy.

The basic idea of scanning is to ping with high concurrency:

1	Nmap -V -sn -PE -n --min-hostgroup Span class= "CRAYON-CN" >1024 --min-parallelism 1024 -ox nmap_output xml www. Lijiejie. Com/16

-SN do not scan ports, only ping hosts

-pe through ICMP echo to determine if the host is alive

-N Do not reverse resolve IP address to domain name

–min-hostgroup 1024 minimum packet set to 1024 IP addresses, when IP too much, nmap need to group, and then serial scan

–min-parallelism 1024 This parameter is critical, in order to make full use of system and network resources, we limit the number of probes to a minimum of 1024

-ox Nmap_output.xml outputs the result in XML format with a file name of Nmap_output.xml

Once the scan is complete, the XML document can be parsed to get which IP address is alive.

I tested scan WWW.LIJIEJIE.COM/16 this b segment, 65,535 IP addresses (surviving 10156), and took 112.03 seconds, as shown in:

Tip: The number of concurrent probes can be adjusted according to your network condition.

Nmap tips [1] detecting surviving hosts in large network space