You can always try the TCP ping stuff in nmap, typically most devices (at least the ones you might care about) have management ports. so scan for things like 22, 23, 80, 443, 139, 445, 3389 and the like. commonly used ports that would be present on a device you'd expect to see.
this wont get you everything, but if your scanner has decent access it should get you a large chunk of the regular devices on a network. it can be done pretty quickly in nmap too. Look at the -PS/PA/PU/PY switches. Zate On Tue, Feb 15, 2011 at 10:25 AM, Kevin Shaw <[email protected]>wrote: > Nmap uses more than ICMP ping requests to determine the hosts on a > network http://nmap.org/book/man-host-discovery.html. Also, you may > use your tool of choice *without* using a network discovery method; > for example scanning for NETBIOS, SMB, web, etc. or arbitrarily > portscanning every single address. If you are just trying to conduct > an assessment; DNS records, host files, or similar means should be a > way for you to assess the entire system. Do you have an accurate and > complete inventory? I would only use an arbitrary scanning method > (again no pings, arp, etc.) if I am validating an inventory or looking > for rogue devices. It can take a very long time to scan 65K+ ports > even on a half dozen IP addresses let alone an entire Class C - but > you may have to do that for rogue device detection to catch an > attempted hidden listening high number port. > > On Tue, Feb 15, 2011 at 12:51 AM, Subba Rao <[email protected]> wrote: > > I have a few questions on Vulnerability assessment. > > > > How can network assets in an Enterprise network be discovered if the > > ICMP is turned off on the network? > > > > Does NMap depend on the ICMP protocol for mapping the network assets? > > > > How do the commercial vulnerability scanners discover the assets? > > > > Thank you in advance. > > > > Subba Rao > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
