nmap list scan

[gnorr4]

Hello everyone, sorry to post this here but I couldn't find any nmap-only forums.

I need to scan an entire internal network for hostnames, no need to know if they're up, after some research I found that nmap list scan (sL) that only does a reverse DNS lookup would be the "softest" aproach, rather than just ping shooting everything. My question is how stealthy is in fact this type of scan? It does send packets, so would this kind of traffic raise some IDS flags up coming from a single machine, or because it's not even a "scan" per se no one bats an eye?

Cheers

[rastamouse]

I think that would very much depend on how your IDS is configured. I'd suggest running the scan in a lab with wireshark and analyse the packets which are sent/received. Then you can make a judgement on how that may effect your IDS.

[gnorr4]

Great idea, thank you, nothing better than to see it with my own eyes.

[repair404]

nmap -sP 10.10.10.1/24 will scan from 10.10.10.1 to 10.10.10.255 but i want to scan the network from 10.10.1.1 to 10.10.255.255
what is the command for that

[jnpa]

in cidr it's nmap -sn 10.10.0.0/16 but you can also use ranges like 10.10.0-255.0-255

about the first post, -sL option sends reverse DNS requests for the ip's in list and then simply lists your targets, no other packets are sent, if you also specify -n flag then it won't send any packet. just keep in mind there's no scan at all when using this option it just lists your targets.

[raviankit007]

regarding NMAP i have a query
how to scan a windows machine who's printing and sharing is not enable
plz reply with syntax.... thanks in advance