The other day I needed to rapidly scan a range of IP addresses for hosts that responded to ICMP echo requests. I also needed the responding IP addresses to be in a simple list format (with a single IP per line).
While there are many ways to do this I needed something quick (only had about 3 mins). Now I’m not sure exactly why, but doing this from my Kali VM (virtualbox) generated some false positives and basically told me the entire range responded. I was able to accomplish what I needed using the following:
nmap -sn -n -PE 192.168.0.0/24 | grep report | cut -d ' ' -f 5
The Nmap options are as follows:
-sn Do NOT perform a port scan
-n Do NOT perform name resolution
-PE Send a single ICMP echo request to each target
The rest of the command should be fairly self explanatory and this is a sample of the output
root@kali~# nmap -sn -n -PE 192.168.0.0/24 | grep report | cut -d ' ' -f 5
192.168.0.1
192.168.0.4
192.168.0.8
192.168.0.200
Simple, quick, clean, and reasonably non-disruptive / stealthy.
I hope someone else finds this useful if they are ever in a similar situation.