2

The following 2 questions have been useful for finding hosts on a target network:

However, answers in both questions assume I know the network address and mask (subnet, I guess?) in advance (192.168.0.0/24, 172.18.72.0/24, etc).

How can I find hosts on any/all connected networks without specifying the subnet in advance? I know I can list the network devices using ip address show (Arch Linux), ifconfig (*nix, OS X), or ipconfig (Windows) depending on the operating system.

Furthermore, Is there a reliable way to do it across operating systems? From Linux to OS X to Windows?

Jonathan Hartley
  • 1,106
Ehtesh Choudhury
  • 1,498

1 Answers1

0

For a cross-platform solution that will work on any system that Nmap works on, use Nmap's --iflist argument:

./nmap --iflist

Starting Nmap 6.41SVN ( http://nmap.org ) at 2013-12-18 04:55 UTC
************************INTERFACES************************
DEV     (SHORT)   IP/MASK                TYPE     UP   MTU   MAC
eth0    (eth0)    192.0.2.5/24           ethernet up   1500  F2:3C:DE:AD:BE:B8
eth0    (eth0)    2001:db8::dead:beef/64 ethernet up   1500  F2:3C:91:AE:FC:B8
eth0    (eth0)    fe80::dead:beef/64     ethernet up   1500  F2:3C:91:AE:FC:B8
lo      (lo)      127.0.0.1/8            loopback up   65536
lo      (lo)      ::1/128                loopback up   65536

**************************ROUTES**************************
DST/MASK                DEV  METRIC GATEWAY
192.0.2.0/24            eth0 0
0.0.0.0/0               eth0 100    192.0.2.1
::1/128                 lo   0
2001:db8::dead:beef/128 lo   0
fe80::dead:beef/128     lo   0
2001:db8::/64           eth0 256
fe80::/64               eth0 256
ff00::/8                eth0 256
::/0                    eth0 1024   fe80::1

At this point, it becomes a matter of parsing out the info you want. Probably you are looking for something under ROUTES, but be sure you don't scan localhost!

bonsaiviking
  • 2,028