# Got tired of fighting with nmap

## deis

I'm trying to scan a range of local networks with nmap, but whenever I scan for a wider network, i.e. with more than 4096 (?) hosts (e.g. 10.10.0-255.1-254), I can't make nmap print the addresses of the hosts that are alive. It just tells me a number of hosts that are up (e.g. 5 up) without giving out their IPs. The actual nmap command is like follows (running as root):

nmap  -p80 --open -PS80 -v2 -T4  <target network range>

If I substitute the network range with a certain IP or a smaller network range (i.e. with less than a certain number of nodes), nmap prints out the IPs of the hosts that are alive and have port 80 open. I tried different output options (-oN, -oG) but to no avail for bigger networks altogether...

Is it done on purpose and how to overcome this limitation (without splitting the range into smaller segments)? I'm using nmap 7.12

----------

## eccerr0r

It almost seems that on the local subnet it can use a certain type of connection, and when you go outside you have to use the gateway/router and it may be filterring.   Then again it seems like there might be a bug somewhere in nmap... dunno.  Weird indeed.  Don't know what your subnet size is but it might be tripping up nmap...

----------

## deis

Never mind, I switched to masscan and it works flawlessly (and faster at that)

----------

## JeroenMathon

Also another tool which i recommend is Angry ip scanner.

http://angryip.org

It is a very powerful tool for scanning massive networks.

----------

