Faster host discovery with nmap?
I need to launch a background network device discovery process from a script on a regular basis, and it needs to be fairly fast. Currently, I launch NMAP like this:
nmap -sP 192.168.1.0/24
(I just made up the IP address, you get the idea). Anyway, the above will do a ping sweep on that class C network. The problem is that this command usually takes 30-40 seconds to complete. I would like to be able to do this much faster.
My objective is simply device/host discovery - I just want to know the IP addresses of any machines that are up on the given network. Once a scan of some sort is completed, I can use the ARP command to get the MAC addresses as well for the up machines.
So is there a faster way of doing this in nmap, or in any other free tool? I know about fing (which is faster) but I cannot embed find in a commercial product without paying an enormous license fee. So if there is a faster way of doing this in nmap or in some other free tool, that would be great.
The tool must run in the command line on Ubuntu Linux. I'm not interested in GUI tools or tools that only run on other OS's.
Answer
The first thing to do would be to add -n to your command to avoid doing reverse-DNS lookups on all the addresses. That will probably be the single largest speedup.
Second, if at all possible, run the Nmap command as root. This will enable the ARP "ping" host detection method, which is faster than the non-root method (TCP connect calls to ports 80 and 443), as well as ICMP Echo Request for non-directly-connected addresses. But do not allow regular users to set Nmap arguments or environment variables! It is not setuid-safe.
Lastly, you can try tuning the timing parameters to avoid slow timeouts. I leave this to last, because you are likely not to be able to improve much on the Nmap defaults. Start by setting -T4 or even -T5.