I have a firewall that forwards port 2222 to a Linux machine running SSH server on port 2222. The problem is I do not know what the IP of the firewall is. So I want to scan the subnet to tell me which IP has this forwarded port.
I tried this script:
#!/bin/bash
for ((i=2; i<256; i++));
do
sudo nmap -sS -p2222 10.1.$i.0/24
done
The output of this is a lot of this:
Host is up (0.00039s latency).
PORT STATE SERVICE
2222/tcp open EtherNetIP-1
For 256x256 hosts this is what I see. I think this answer could be one of two answers:
- What should the output be? Maybe I missed it and must
grep
for it. - What is a different
nmap
scan I should use?
If the answer is still needed, I hope this will help. Nmap supports multi-host scanning, for reference see Target Specification. You can modify your command like so:
This will scan subnets from 2 to 255, like your loop did.