Broadcast requests are often used to reveal protocol and host details with very few packets. NSE broadcast scripts perform tasks, such as detecting dropbox listeners, sniffing hosts, and discovering DHCP, MS SQL, or NCP servers, among many other things.
This recipe describes how to use the NSE broadcast scripts to collect interesting information from a network.
Open a terminal and enter the following command:
# nmap --script broadcast -e <interface>
Note that broadcast scripts can run without setting a specific target. All the NSE scripts that found information will be included in your scan results:
# nmap --script broadcast -e eth0
Pre-scan script results:
| broadcast-dhcp-discover:
| Response 1 of 1:
| IP Offered: 192.168.0.13
| Subnet Mask: 255.255.255.0
| Router: 192.168.0.1
| Server Identifier: 192.168.0.1
|_ Domain Name Server: 200.79.231.5, 200.79.231.6
|...