recon/network_enumeration

Identify Live Hosts

Command

Description

nmap -sn <IP_RANGE>

Ping scan for live hosts in IP range without port scanning

for i in {1..254} ;do (ping -c 1 xxx.xxx.xx.$i | grep "bytes from" &) ;done

Single ping to each IP in /24 subnet, shows active hosts on Unix.

for /L %i in (1,1,255) do @ping -n 1 -w 200 xxx.xxx.xxx.%i > nul && echo xxx.xxx.xxx.%i is up.

Single ping to each IP in /24 subnet, shows active hosts on Windows.

Ping

ping <TARGET>

Use ping to check if target is active and reachable.
TTL helps detect OS:
- Linux/Unix: TTL ~64
- Windows: TTL ~128

Keep in mind that sometimes ping may be disabled on certain hosts. This means you might not receive a response to your ping requests, but the host is still active. In these cases, it's important to scan more deeply using other tools or methods to discover running services.

Previousrecon/nmap Nextrecon/port_enumeration

Last updated 10 months ago