Scanning a network with ARP rather than ICMP is one method of keeping a lower profile, as ARP requests are less likely to be monitored.
It’s fairly easy to set up such a scanner using the Scapy module:
#!/usr/bin/env python3
# Scans the given IP range on the given network using ARP
# rather than ICMP to help bypass potential alerting.
from scapy.all import *
interface = "eth0"
ip_range = "10.10.X.X/24"
broadcastMac = "ff:ff:ff:ff:ff:ff"
packet = Ether(dst = broadcastMac) / ARP(pdst = ip_range)
ans, unans = srp(packet, timeout = 2, iface = interface, inter = 0.1)
for send, receive in ans:
print(receive.sprintf(r"%Ether.src% - %ARP.psrc%"))Note that the r here isn’t a mistake — rather it specifies a “raw string” (the use of which, incidentally, requires Python 3.6+).