Discovering hosts with broadcast ping scans
Broadcast pings send ICMP echo requests to the local broadcast address, and even if they do not work all the time, they are a nice way of discovering hosts in a network without sending probes directly to the hosts.
This recipe describes how to discover new hosts with a broadcast ping using Nmap NSE.
How to do it...
Open your terminal and type the following command:
# nmap --script broadcast-ping
You should see a list of hosts that responded to the broadcast ping:
Pre-scan script results: | broadcast-ping: |Â Â Â Â Â IP: 192.168.0.8Â Â MAC: 78:31:c1:c1:9c:0a |_Â Â Â Â Use --script-args=newtargets to add the results as targets WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 3.37 seconds
How it works...
A broadcast ping works by sending an ICMP echo request to the local 255.255.255.255
broadcast address and then waiting...