NMAP Package



  • hello
    anyone can tell me why I can't use nmap -sP to my vlans is that some kind of rule blocking nmap because I can discover hosts on the LAN 192.168.0.0/24 but my vlans are in 10.0.0.0/16 or I have route /24 to /16 on the L3 switch or pfsense

    Thank you


  • Rebel Alliance Global Moderator

    Is there a rule? You haven't posted your rules.

    Where are you running nmap from? Since you mention packaqge I assume pfsense. There is no rule out of the box that would block pfsense from running nmap into a network its connected to.

    Remember rules are evaluated as traffic enters and interface from the network its connected to. There is no rules out of the box that prevents pfsense from talking to a network its attached too.

    Your going to have to give some more details if you want help figuring out why you can not do what your trying to do.



  • @johnpoz My physical interfaces are em0 WAN em1 LAN I've created a few vlans on em1 VLAN 10 em1.10 VLAN 20 em1.20 and so on. I use the Diagnostics-Command Prompt where I can enter a custom commands i.e nmap -sP 10.0.0.0/16 I installed a SUDO package as well to try sudo nmap 10.0.0.0/16
    Does not show anything in fact I am getting TIME OUT on the browser but when I try on the em1 i.e LAN nmap -sP 192.168.80.0/24 I am getting all host on that interface and on my other 2 locations I am getting the same problem since I've segmented my networks into a VLANS


  • Rebel Alliance Global Moderator

    You do understand that /16 is HUGE compared to a /24 right... So trying to scan that whole subnet could for sure timeout..



  • @johnpoz I understand then how do I scan to make sure all hosts are up. using a ranges that I have host on them or somehow extend the time on the nmap if that possable !!!


  • Rebel Alliance Global Moderator

    What exactly are you trying to find out? Why an the F would you be using a /16 is beyond me.. You actually have 65K some hosts? ;) A /16 is not a mask you would ever use on a device - its a mask you would use as a summary route, or a firewall rule..

    You want to use nmap to check is something is on? Not the right tool to be honest, nor would I be using the gui.. You do understand you can just look in your arp table - if the device has talked pfsense at all in like 20 minutes it will be listed in your arp table.

    So lets say namp came back in like 10 seconds with a list.. What would you then do with this list? What is the end goal here? nmap not really a network monitoring tool.. Its an information gathering tool..

    Are you looking for a tool to tell you what hosts are up?



  • @johnpoz YES Arp table is not a real time it need time to expired I found that if I scan range like nmap -sP 10.0.10.1-250 I can find if the host is currently online, but I will go with some monitoring software in the near future so it is ok just needed some temporally solution until I find the right software for monitoring my whole network

    Thank you


  • Rebel Alliance Global Moderator

    I like domotz, not free.. But it alerts me when my son's are at the house because their phones connect to my network and when they leave ;)

    Thera are many monitoring tools.. All comes down to what your looking to monitor, that they just are online?

    But if your going to be doing anything that scans.. Your going to want to adjust your mask to have a more realistic sized segment.. Scanning even a /24 is large when you have only a handful of devices. I keep meaning to trim mine down because domotz arps the whole segment.. /28 would be large enough for any specific segment..

    My project for tmrw ;)



  • @johnpoz No I don't do that kind of segmentation :)
    What I mean is let say I have VLAN 10 - 10.10.0.0/16 interface I will give the servers range : 10.10.80.x hosts 10.10.50.x and so on also 10.x.0.0 where x will be the vlan+location I don't believe that my network is done by the book but I like it this way and that's all I can do for now actually. But how do you segmenting your network if you have so many different stuff I have to create an lots of interfaces to separate them the way I do. I've been with /24 mask for a very long time but my network expend to 3 locations the only small segmentation I have is for a OPENVPN REMOTE ACCESS /30 because I don't need more then 1 user to connect at the time.


  • Rebel Alliance Global Moderator

    yeah good luck scanning a /16 - again a /16 is not a network segment that would ever be used. Its a summary route, its a firewall rule to allow or block downstream.

    If you want your to use 10.10.80 and 10.10.50 sure go ahead - but those should be different /24s not all under 1 /16 - how do you expect to firewall between them? You just have 1 big flat network all on the same layer 2 without any segmentation for control or security.



  • @johnpoz Hello

    I don't want to control traffic between them this is all MGMT interface
    What you propose is to segment this network on /24. Use L3 switch to control them and firewall
    I don't understand. What do you do in this case.


  • Rebel Alliance Global Moderator

    no you do not need a L3 switch.. pfsense - ie the firewall is a router.



  • @johnpoz ok but for each subnet I have to create an interface here in where I am LOC 3 I dont have much equipment but in my office location I have lots of stuff and I am currently ONE MAN SHOW and I intend to stay that way That's why I want to have less groups to worried about in fact there is no production network on my locations most of the interfaces are working offline controlled from a single interface each controlling interface is connected to to the other with openvpn tunnel As you can see I am not doing this by the book I am not a network admin I just trying to learn as much as I need to keep my stuff up and running.


  • Rebel Alliance Global Moderator

    How many devices do you have - total number? 10, 20, 100?? 1000?

    The ip space of /24 allows 254 devices. If you do not have any where close to this number then just use a /24

    Trying to scan 254 possible hosts doesn't take long... But a /16 has POSSIBLE 65,534 of them - that is going to take a SHIT TON of time to scan.. waiting to see if it answers - especially if you do a no ping sweep.

    If you want to use nmap as some tool to find out what is online - using a /16 is just plain not going to be viable in any realistic amount of time.

    If all you want is a FLAT network - then use a realistic network size based upon the number of devices you or might grow to in a few years. a /23 would give you 510 IPs to work with.



  • @johnpoz It is more like how many different devices I don't have 1000 devices but I need to group them some how so I can remember them but they all need the same rules I don't see a reason except scanning them to put them on different smaller subnets as I said I am using nmap to scan a range of IPs similar to what you proposing just they are in the same subnet ether way I have to scan them separately right?


  • Rebel Alliance Global Moderator

    Scan you different groups mask then.. And again nmap is not the correct tool to check if what is currently online in you network.. Arp ping would be better tool

    Group them then 192.168.10-20 is printers, 21-30 is servers, etc. Use of a /16 so you can "group" specific IPs is pretty pointless.

    If what your looking for is what is online then use a networking monitoring software..