0

ok so i heard nmap is illegal in some countries, similar to going around and checking the door handle around the neighborhood to see if intrusion is possible.

if i use nmap like 

 nmap -0 -sS 192.168.1.1/24

am i scanning the entire network from my isp for everything in .1.1/24 range or am i just scanning within my gateway which is 192.168.1.1

i ran this 192.168.1.1/24 but then stopped myself and ran a nmap -sS -O 192.168.1.1XX/24 on my ip and it came up everything that was on my network

2 Answers2

3
nmap -O -sS 192.168.1.1/24

192.168.1.1/24 Means that you are scanning the network 192.168.1.0 with a netmask of 255.255.255.0. That is what the /24 at the end means, it is also called CIDR notation. That means that only the IPs from 192.168.1.1 thru 192.168.1.254 are scanned. Nothing outside of your network will be scanned at all.

I use the Online IP Subnet Calculator all the time to see what IP addresses belong to what range. Look at the Mask Bits and that is what the /24 at the end means.

http://www.subnet-calculator.com/

Site with CIDR notation: http://www.subnet-calculator.com/cidr.php

Terrance
  • 41,612
  • 7
  • 124
  • 183
0

First of all, you need to learn terminology to read nmap properly.

The 192.168.1.0 is network ID. It refers to your local network, and every interface (this is also important - you can have multiple interfaces on same machine) that connects to that network will have address that start with 192.168.0.xxx.It's not scanning outside of your router, so you're not scanning your ISP (and I recommend that you avoid doing that).

Depending on the configuration of your router, network can contain different number of hosts. If you say /24 means you have 256 hosts on the network (this is because each IP address when converted to binary will be 32 bits in length, and we can vary last 8 bits, so those first 24 bits are not changing). When you perform scan like that, nmap also will confirm how many hosts it scanned:

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (3 hosts up) scanned in 202.14 seconds

nmap doesn't actually know your network configuration. Use ip addr to find out which exact CIDR-style addressing to use. For example, I have:

$ ip -4 -o addr show                                                                                                     
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
3: wlan7    inet 192.168.0.101/24 brd 192.168.0.255 scope global dynamic wlan7\       valid_lft 63435sec preferred_lft 63435sec

Second, you have two examples there. Once ending with .0 and one ending with .1xx. As far as nmap is concerned , it's the same thing. From man nmap:

For example, 192.168.10.0/24 would scan the 256 hosts between 192.168.10.0 (binary: 11000000 10101000 00001010 00000000) and 192.168.10.255 (binary: 11000000 10101000 00001010 11111111), inclusive. 192.168.10.40/24 would scan exactly the same targets.

Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497