An example of how to use nmap


This came from the K12LTSP list, and was in regard to the W32.Norvarg virus:

Just a quick tip for you guys that have Windows machines to worry about on your network that might be infected with this new worm. The one-liner:

"nmap -v -p 3127-3198 192.168.0-128.* -oG nmap.txt > /dev/null && cat nmap.txt | grep open"

will scan for and identify the IP's of any infected machines for you, if you replace your network information for the dummy information in the example above. I've been running this on my network every couple of hours. So far only one infected host! yay! Oh, and it will also hit on any squid boxes you have running as well since squid defaults to listening on port 3128. Since we are only scanning a few ports it's fast too, takes about 90 seconds to scan all my networks, which consist of 6 class C subnets. Hope someone finds this useful!

And then someone else provided some streamlining:

Not bad ... except for the gratuitous abuse of a cat :-)
Ver 0.2, no need for the cat, it's just an extra process:

nmap -v -p 3127-3198 192.168.0-128.* -oG nmap.txt && grep open < nmap.txt

Ver 0.3, bug fix: the use of && makes the grep conditional on the return status of nmap. You want the grep to happen in any case:

nmap -v -p 3127-3198 192.168.0-128.* -oG nmap.txt; grep open < nmap.txt

Ver 0.4, make the output contemporaneous with the scan and remove the need for an intermediate file:

nmap -v -p 3127-3198 192.168.0-128.* -oG - | grep open

Ver 0.5, quote the * just in case someone has a file with a name that starts with "192.168.0-128."

nmap -v -p 3127-3198 192.168.0-128.'*' -oG - | grep open

01/28/2004