How to scan a network for responsive hosts using Kali Linux.

To scan a network for hosts using Kali Linux, the netdiscover command will come in handy. Just give it an IP address and it will find all hosts within that range. I am scanning for all hosts within the range of 172.29.59.1 to 172.29.59.254.

root@kali:~/Documents# netdiscover -r 172.29.59.0/24
 
Currently scanning: Finished!   |   Screen View: Unique Hosts
 
 10 Captured ARP Req/Rep packets, from 6 hosts.   Total size: 600                                                              
 _____________________________________________________________________________
   IP            At MAC Address      Count  Len   MAC Vendor
 -----------------------------------------------------------------------------
 172.29.59.108   f4:b7:e2:c9:1b:e3    01    060   Unknown vendor
 172.29.59.15    28:b2:bd:0b:00:b8    03    180   Unknown vendor
 172.29.59.112   54:ea:a8:5e:d3:05    01    060   Unknown vendor
 172.29.59.88    04:54:53:0f:c4:b0    02    120   Unknown vendor
 172.29.59.1     00:26:f1:f5:03:00    02    120   Unknown vendor
 172.29.59.87    04:db:56:4a:f4:b4    01    060   Unknown vendor

Then you may pick a host to scan for open ports.

There is another way using nmap. This scan will return all responsive hosts on the network.

root@kali:~/Documents# nmap -sP 172.29.59.1-254
 
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-07 10:39 AEDT
Nmap scan report for 172.29.59.1
Host is up (0.0067s latency).
MAC Address: 00:26:F1:F5:03:00 (ProCurve Networking by HP)
Nmap scan report for 172.29.59.4
Host is up (0.0060s latency).
MAC Address: 00:0B:86:0C:4D:00 (Aruba Networks)
Nmap scan report for 172.29.59.11
Host is up (0.061s latency).
MAC Address: 7C:6D:62:74:92:7E (Apple)
Nmap scan report for 172.29.59.12
Host is up (0.13s latency).
MAC Address: 04:54:53:0F:CC:3B (Apple)
Nmap scan report for 172.29.59.13
Host is up (0.069s latency).
MAC Address: 00:1F:5B:C3:F3:C4 (Apple)
Nmap scan report for 172.29.59.14
Host is up (0.034s latency).
MAC Address: 88:1F:A1:B7:87:67 (Apple)
Nmap scan report for 172.29.59.15
Host is up (0.0059s latency).
MAC Address: 28:B2:BD:0B:00:B8 (Intel Corporate)
Nmap scan report for 172.29.59.19
Host is up (0.0049s latency).
MAC Address: 04:54:53:0F:C3:1A (Apple)
Nmap scan report for 172.29.59.20
Host is up (0.12s latency).
MAC Address: 04:54:53:0F:C3:20 (Apple)
Nmap scan report for 172.29.59.22
Host is up (0.034s latency).
MAC Address: 04:54:53:0F:C4:B2 (Apple)
Nmap scan report for 172.29.59.31
Host is up (0.0050s latency).
MAC Address: 10:0B:A9:9B:90:F8 (Intel Corporate)
Nmap scan report for 172.29.59.36
Host is up (0.0024s latency).
MAC Address: 1C:4B:D6:75:87:FB (AzureWave)
Nmap scan report for 172.29.59.39
Host is up (0.39s latency).
MAC Address: C0:BD:D1:A1:28:5A (Samsung Electro Mechanics co.)
Nmap scan report for 172.29.59.40
Host is up (0.074s latency).
MAC Address: 3C:15:C2:1D:4E:84 (Apple)
Nmap scan report for 172.29.59.42
Host is up (0.56s latency).
MAC Address: AC:3C:0B:78:35:7F (Apple)
Nmap scan report for 172.29.59.46
Host is up (0.034s latency).
MAC Address: 00:23:4D:32:64:E1 (Hon Hai Precision Ind. Co.)
Nmap scan report for 172.29.59.47
Host is up (0.0030s latency).
MAC Address: A0:A8:CD:23:1F:C7 (Intel Corporate)
Nmap scan report for 172.29.59.50
Host is up (0.0046s latency).
MAC Address: A4:67:06:8B:F3:B2 (Apple)
Nmap scan report for 172.29.59.53
Host is up (0.078s latency).
MAC Address: 18:34:51:71:AB:EF (Apple)
Nmap scan report for 172.29.59.54
Host is up (0.0078s latency).
MAC Address: 18:CF:5E:27:2C:D4 (Liteon Technology)
Nmap scan report for 172.29.59.56
Host is up (0.050s latency).
MAC Address: F0:C1:F1:2A:EB:26 (Apple)
Nmap scan report for 172.29.59.57
Host is up (0.034s latency).
MAC Address: 60:92:17:B6:AC:F9 (Apple)
Nmap scan report for 172.29.59.59
Host is up (0.11s latency).
MAC Address: 80:86:F2:1E:6C:FC (Intel Corporate)
Nmap scan report for 172.29.59.61
Host is up (0.68s latency).
MAC Address: E0:F8:47:4F:62:88 (Apple)
Nmap scan report for 172.29.59.62
Host is up (0.29s latency).
MAC Address: 60:92:17:5E:99:6E (Apple)
Nmap scan report for 172.29.59.63
Host is up (0.0027s latency).
MAC Address: 48:74:6E:78:5A:1C (Apple)
Nmap scan report for 172.29.59.65
Host is up (0.027s latency).
MAC Address: D0:22:BE:BB:A0:2F (Samsung Electro Mechanics co.)
Nmap scan report for 172.29.59.66
Host is up (0.054s latency).
MAC Address: 64:20:0C:35:A7:1D (Apple)
Nmap scan report for 172.29.59.67
Host is up (0.064s latency).
MAC Address: C8:BC:C8:E8:D2:1D (Apple)
Nmap scan report for 172.29.59.70
Host is up (0.42s latency).
MAC Address: 40:A6:D9:E1:77:56 (Apple)
Nmap scan report for 172.29.59.72
Host is up (0.0089s latency).
MAC Address: 04:54:53:0F:C2:F4 (Apple)
Nmap scan report for 172.29.59.73
Host is up (0.16s latency).
MAC Address: 04:54:53:0F:C8:65 (Apple)
Nmap scan report for 172.29.59.74
Host is up (0.16s latency).
MAC Address: 04:54:53:0F:C2:FA (Apple)
Nmap scan report for 172.29.59.79
Host is up (0.045s latency).
MAC Address: 60:92:17:D8:C1:41 (Apple)
Nmap scan report for 172.29.59.80
Host is up (0.50s latency).
MAC Address: A8:88:08:EC:7E:57 (Apple)
Nmap scan report for 172.29.59.81
Host is up (0.034s latency).
MAC Address: CC:3A:61:87:65:FD (Samsung Electro Mechanics CO.)
Nmap scan report for 172.29.59.85
Host is up (0.46s latency).
MAC Address: C8:85:50:13:EE:C8 (Apple)
Nmap scan report for 172.29.59.86
Host is up (0.17s latency).
MAC Address: 8C:FA:BA:7E:21:47 (Apple)
Nmap scan report for 172.29.59.87
Host is up (0.11s latency).
MAC Address: 04:DB:56:4A:F4:B4 (Apple)
Nmap scan report for 172.29.59.92
Host is up (0.0023s latency).
MAC Address: AC:81:12:09:09:1B (Gemtek Technology Co.)
Nmap scan report for 172.29.59.95
Host is up (0.11s latency).
MAC Address: F0:C1:F1:1A:04:08 (Apple)
Nmap scan report for 172.29.59.96
Host is up (0.054s latency).
MAC Address: EC:85:2F:7B:C3:8C (Apple)
Nmap scan report for 172.29.59.98
Host is up (0.13s latency).
MAC Address: 18:20:32:D2:17:41 (Apple)
Nmap scan report for 172.29.59.99
Host is up (0.10s latency).
MAC Address: 60:F8:1D:DC:14:1C (Apple)
Nmap scan report for 172.29.59.100
Host is up (0.60s latency).
MAC Address: F0:D1:A9:87:75:DB (Apple)
Nmap scan report for 172.29.59.105
Host is up (0.0023s latency).
MAC Address: 7C:D1:C3:75:13:A6 (Apple)
Nmap scan report for 172.29.59.106
Host is up (0.15s latency).
MAC Address: D8:D1:CB:EC:FC:63 (Apple)
Nmap scan report for 172.29.59.107
Host is up (3.7s latency).
MAC Address: 64:9A:BE:10:ED:4E (Apple)
Nmap scan report for 172.29.59.108
Host is up (0.00023s latency).
MAC Address: F4:B7:E2:C9:1B:E3 (Hon Hai Precision Ind. Co.)
Nmap scan report for 172.29.59.110
Host is up (0.033s latency).
MAC Address: 60:AF:6D:87:2C:41 (Samsung Electronics Co.)
Nmap scan report for 172.29.59.112
Host is up (0.066s latency).
MAC Address: 54:EA:A8:5E:D3:05 (Apple)
Nmap scan report for 172.29.59.113
Host is up (0.37s latency).
MAC Address: 54:EA:A8:4E:87:D0 (Apple)
Nmap scan report for 172.29.59.114
Host is up (0.85s latency).
MAC Address: 4C:7C:5F:E2:BB:4A (Apple)
Nmap scan report for 172.29.59.115
Host is up (0.19s latency).
MAC Address: 88:C9:D0:FF:A4:00 (LG Electronics)
Nmap scan report for 172.29.59.120
Host is up (0.46s latency).
MAC Address: F4:F1:5A:8C:3C:9D (Apple)
Nmap scan report for 172.29.59.122
Host is up (0.56s latency).
MAC Address: 90:B9:31:C2:1B:4B (Apple)
Nmap scan report for 172.29.59.156
Host is up (0.45s latency).
MAC Address: E0:66:78:C9:13:E2 (Apple)
Nmap scan report for 172.29.59.116
Host is up.
Nmap done: 254 IP addresses (58 hosts up) scanned in 28.57 seconds

And this is an even faster variant of that command. This scanned 256 IP addresses in 6.2 seconds.

root@kali:~/Documents# nmap -T5 -sP 172.29.59.0/24
 
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-07 10:44 AEDT
Nmap scan report for 172.29.59.1
Host is up (0.0055s latency).
MAC Address: 00:26:F1:F5:03:00 (ProCurve Networking by HP)
Nmap scan report for 172.29.59.4
Host is up (0.0020s latency).
MAC Address: 00:0B:86:0C:4D:00 (Aruba Networks)
Nmap scan report for 172.29.59.11
Host is up (0.073s latency).
MAC Address: 7C:6D:62:74:92:7E (Apple)
Nmap scan report for 172.29.59.12
Host is up (0.14s latency).
MAC Address: 04:54:53:0F:CC:3B (Apple)
Nmap scan report for 172.29.59.13
Host is up (0.023s latency).
MAC Address: 00:1F:5B:C3:F3:C4 (Apple)
Nmap scan report for 172.29.59.14
Host is up (0.040s latency).
MAC Address: 88:1F:A1:B7:87:67 (Apple)
Nmap scan report for 172.29.59.15
Host is up (0.0040s latency).
MAC Address: 28:B2:BD:0B:00:B8 (Intel Corporate)
Nmap scan report for 172.29.59.19
Host is up (0.17s latency).
MAC Address: 04:54:53:0F:C3:1A (Apple)
Nmap scan report for 172.29.59.20
Host is up (0.20s latency).
MAC Address: 04:54:53:0F:C3:20 (Apple)
Nmap scan report for 172.29.59.22
Host is up (0.039s latency).
MAC Address: 04:54:53:0F:C4:B2 (Apple)
Nmap scan report for 172.29.59.31
Host is up (0.0033s latency).
MAC Address: 10:0B:A9:9B:90:F8 (Intel Corporate)
Nmap scan report for 172.29.59.36
Host is up (0.0061s latency).
MAC Address: 1C:4B:D6:75:87:FB (AzureWave)
Nmap scan report for 172.29.59.39
Host is up (0.21s latency).
MAC Address: C0:BD:D1:A1:28:5A (Samsung Electro Mechanics co.)
Nmap scan report for 172.29.59.40
Host is up (1.8s latency).
MAC Address: 3C:15:C2:1D:4E:84 (Apple)
Nmap scan report for 172.29.59.42
Host is up (0.33s latency).
MAC Address: AC:3C:0B:78:35:7F (Apple)
Nmap scan report for 172.29.59.46
Host is up (0.022s latency).
MAC Address: 00:23:4D:32:64:E1 (Hon Hai Precision Ind. Co.)
Nmap scan report for 172.29.59.47
Host is up (0.0028s latency).
MAC Address: A0:A8:CD:23:1F:C7 (Intel Corporate)
Nmap scan report for 172.29.59.50
Host is up (0.11s latency).
MAC Address: A4:67:06:8B:F3:B2 (Apple)
Nmap scan report for 172.29.59.52
Host is up (0.11s latency).
MAC Address: 28:E1:4C:DE:66:52 (Apple)
Nmap scan report for 172.29.59.53
Host is up (0.067s latency).
MAC Address: 18:34:51:71:AB:EF (Apple)
Nmap scan report for 172.29.59.54
Host is up (0.0059s latency).
MAC Address: 18:CF:5E:27:2C:D4 (Liteon Technology)
Nmap scan report for 172.29.59.56
Host is up (0.079s latency).
MAC Address: F0:C1:F1:2A:EB:26 (Apple)
Nmap scan report for 172.29.59.57
Host is up (0.17s latency).
MAC Address: 60:92:17:B6:AC:F9 (Apple)
Nmap scan report for 172.29.59.60
Host is up (0.060s latency).
MAC Address: BC:6C:21:5B:2C:D8 (Unknown)
Nmap scan report for 172.29.59.61
Host is up (0.069s latency).
MAC Address: E0:F8:47:4F:62:88 (Apple)
Nmap scan report for 172.29.59.62
Host is up (1.9s latency).
MAC Address: 60:92:17:5E:99:6E (Apple)
Nmap scan report for 172.29.59.63
Host is up (1.1s latency).
MAC Address: 48:74:6E:78:5A:1C (Apple)
Nmap scan report for 172.29.59.65
Host is up (0.13s latency).
MAC Address: D0:22:BE:BB:A0:2F (Samsung Electro Mechanics co.)
Nmap scan report for 172.29.59.66
Host is up (0.25s latency).
MAC Address: 64:20:0C:35:A7:1D (Apple)
Nmap scan report for 172.29.59.67
Host is up (0.082s latency).
MAC Address: C8:BC:C8:E8:D2:1D (Apple)
Nmap scan report for 172.29.59.70
Host is up (0.084s latency).
MAC Address: 40:A6:D9:E1:77:56 (Apple)
Nmap scan report for 172.29.59.72
Host is up (0.19s latency).
MAC Address: 04:54:53:0F:C2:F4 (Apple)
Nmap scan report for 172.29.59.73
Host is up (0.21s latency).
MAC Address: 04:54:53:0F:C8:65 (Apple)
Nmap scan report for 172.29.59.74
Host is up (0.14s latency).
MAC Address: 04:54:53:0F:C2:FA (Apple)
Nmap scan report for 172.29.59.79
Host is up (0.0073s latency).
MAC Address: 60:92:17:D8:C1:41 (Apple)
Nmap scan report for 172.29.59.80
Host is up (1.4s latency).
MAC Address: A8:88:08:EC:7E:57 (Apple)
Nmap scan report for 172.29.59.81
Host is up (0.10s latency).
MAC Address: CC:3A:61:87:65:FD (Samsung Electro Mechanics CO.)
Nmap scan report for 172.29.59.85
Host is up (0.28s latency).
MAC Address: C8:85:50:13:EE:C8 (Apple)
Nmap scan report for 172.29.59.86
Host is up (0.28s latency).
MAC Address: 8C:FA:BA:7E:21:47 (Apple)
Nmap scan report for 172.29.59.87
Host is up (0.69s latency).
MAC Address: 04:DB:56:4A:F4:B4 (Apple)
Nmap scan report for 172.29.59.92
Host is up (0.0028s latency).
MAC Address: AC:81:12:09:09:1B (Gemtek Technology Co.)
Nmap scan report for 172.29.59.96
Host is up (0.14s latency).
MAC Address: EC:85:2F:7B:C3:8C (Apple)
Nmap scan report for 172.29.59.98
Host is up (0.13s latency).
MAC Address: 18:20:32:D2:17:41 (Apple)
Nmap scan report for 172.29.59.99
Host is up (0.24s latency).
MAC Address: 60:F8:1D:DC:14:1C (Apple)
Nmap scan report for 172.29.59.100
Host is up (1.3s latency).
MAC Address: F0:D1:A9:87:75:DB (Apple)
Nmap scan report for 172.29.59.102
Host is up (0.065s latency).
MAC Address: 24:FD:52:E4:70:83 (Liteon Technology)
Nmap scan report for 172.29.59.105
Host is up (0.054s latency).
MAC Address: 7C:D1:C3:75:13:A6 (Apple)
Nmap scan report for 172.29.59.106
Host is up (0.79s latency).
MAC Address: D8:D1:CB:EC:FC:63 (Apple)
Nmap scan report for 172.29.59.107
Host is up (0.78s latency).
MAC Address: 64:9A:BE:10:ED:4E (Apple)
Nmap scan report for 172.29.59.108
Host is up (0.00031s latency).
MAC Address: F4:B7:E2:C9:1B:E3 (Hon Hai Precision Ind. Co.)
Nmap scan report for 172.29.59.110
Host is up (0.042s latency).
MAC Address: 60:AF:6D:87:2C:41 (Samsung Electronics Co.)
Nmap scan report for 172.29.59.112
Host is up (0.084s latency).
MAC Address: 54:EA:A8:5E:D3:05 (Apple)
Nmap scan report for 172.29.59.113
Host is up (0.13s latency).
MAC Address: 54:EA:A8:4E:87:D0 (Apple)
Nmap scan report for 172.29.59.114
Host is up (0.094s latency).
MAC Address: 4C:7C:5F:E2:BB:4A (Apple)
Nmap scan report for 172.29.59.115
Host is up (0.14s latency).
MAC Address: 88:C9:D0:FF:A4:00 (LG Electronics)
Nmap scan report for 172.29.59.117
Host is up (0.11s latency).
MAC Address: 90:FD:61:09:11:6D (Apple)
Nmap scan report for 172.29.59.120
Host is up (0.072s latency).
MAC Address: F4:F1:5A:8C:3C:9D (Apple)
Nmap scan report for 172.29.59.122
Host is up (0.90s latency).
MAC Address: 90:B9:31:C2:1B:4B (Apple)
Nmap scan report for 172.29.59.156
Host is up (0.041s latency).
MAC Address: E0:66:78:C9:13:E2 (Apple)
Nmap scan report for 172.29.59.116
Host is up.
Nmap done: 256 IP addresses (60 hosts up) scanned in 6.27 seconds

No comments have been made. Use this form to start the conversation :)

Leave a Reply