Scanning Multiple Hosts and Ranges

When you need to assess the security of a large network, scanning multiple hosts efficiently is essential. Nmap provides several strategies for targeting many systems at once, whether you're dealing with a small list of IP addresses or an entire subnet. Understanding how to specify these targets in your commands allows you to quickly map out which devices are live and which ports are open, without wasting time or network resources.

To scan large networks, you must know how to express groups of hosts. Three common ways to do this are:

• CIDR (Classless Inter-Domain Routing) notation: expresses a network and its subnet mask, such as 192.168.1.0/24, which includes all addresses from 192.168.1.0 to 192.168.1.255;
• IP ranges: specify a range of addresses, such as 192.168.1.1-10, which covers 192.168.1.1 through 192.168.1.10;
• Host lists: provide multiple IPs or hostnames separated by spaces, or use a file with the -iL flag.

Each method lets you tailor your scan to the network's size and structure, making it easier to cover everything you need without unnecessary repetition.

# Scan a range of IP addresses from 192.168.1.1 to 192.168.1.10
# Command:
nmap 192.168.1.1-10

This command tells Nmap to scan all hosts with addresses from 192.168.1.1 to 192.168.1.10 for open ports. Nmap will attempt to discover which of these hosts are up and then enumerate open ports on each one. This method is especially useful when you know the hosts are in a consecutive range and want to avoid scanning unused addresses.