# Host Discovery

## Scan Network Range

```shell
 sudo nmap 10.129.2.0/24 -sn -oA tnet | grep for | cut -d" " -f5
```

{% hint style="warning" %} <mark style="color:orange;">**note:**</mark> this scanning method works only if the firewalls of the hosts allow it. Otherwise, we can use other scanning techniques to find out if the hosts are active or not.
{% endhint %}

## Scan active hosts from IP List

```bash
sudo nmap -sn -oA tnet -iL hosts.lst | grep for | cut -d" " -f5
```

{% hint style="warning" %} <mark style="color:orange;">**note:**</mark> if we are provided with hosts that need to be tested (hosts.lst) use the predefined list to scan them.
{% endhint %}

## Scan Multiple IPs

```
sudo nmap -sn 10.129.2.18 10.129.2.19 10.129.2.20
sudo nmap -sn 10.129.2.18-20
```

{% hint style="warning" %} <mark style="color:orange;">**note:**</mark> sometimes we wont need to scan the whole network.
{% endhint %}

## Check if host is up

```bash
sudo nmap -sn 10.129.2.18
```

{% hint style="warning" %} <mark style="color:orange;">**note:**</mark> if we dont use port scan (-sn) nmap defaultly sends ICMP ping scans () and not ICMP echo requests.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://digitalgarden.batamladen.com/notes/certificates/cpts/nmap/host-discovery.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.