-1

I have a firewall that forwards port 2222 to a Linux machine running SSH server on port 2222. The problem is I do not know what the IP of the firewall is. So I want to scan the subnet to tell me which IP has this forwarded port.

I tried this script:

#!/bin/bash

for ((i=2; i<256; i++));
do

        sudo nmap -sS -p2222 10.1.$i.0/24
done

The output of this is a lot of this:

Host is up (0.00039s latency).
PORT     STATE SERVICE
2222/tcp open  EtherNetIP-1

For 256x256 hosts this is what I see. I think this answer could be one of two answers:

  1. What should the output be? Maybe I missed it and must grep for it.
  2. What is a different nmap scan I should use?
stone.212
  • 277
  • 1
  • 2
  • 12

1 Answers1

2

If the answer is still needed, I hope this will help. Nmap supports multi-host scanning, for reference see Target Specification. You can modify your command like so:

sudo nmap -sS -p2222 10.1.2-255.0/24

This will scan subnets from 2 to 255, like your loop did.

Stuggi
  • 3,506
  • 4
  • 19
  • 36
ItsMe
  • 21
  • 2