Active Scanning with Nmap
Identify which hosts are alive before deeper scans.
sudo nmap <IP_RANGE> -sn -oA tnet | grep for | cut -d " " -f5
Ping-only host discovery over a network range, saves output in all formats with prefix “tnet” and extracts live IPs.
sudo nmap -sn -oA tnet -iL hosts.lst | grep for | cut -d" " -f5
Ping-only using an input file hosts.lst.
sudo nmap <target> -sn -oA host
Check if a single host is alive (ARP on local nets / ICMP fallback).
sudo nmap <target> -sn -oA host -PE --packet-trace
Force ICMP echo and show raw packets sent/received (useful for troubleshooting filtering).
sudo nmap <target> -sn -oA host -PE --reason
Show why Nmap considers the host up (ARP reply, ICMP, etc).