Nmap

This is really old, but still helpful

  1. Basic scan:

     
  2. Scan multiple addresses:

     
  3. Scan entire subnet looking for valid hosts. This quick scan will also grab MAC address and perform MAC lookup to help determine what the host is.

     
  4.   Discovery:  Before a scan nmap will attempt to send an ICMP echo request.  To not send the ICMP, :

     
  5. To do only a ping scan:

     
  6. Do an ARP Ping scan:

     
  7. Port Scanning options:  Performing a Fast scan:

     
  8. Scan only specific ports:

     
  9. Scan multiple ports:

     
  10. Scan ports by name (found in /etc/services)

     
  11. Scan all ports:

     
  12. Choose between TCP and/or UDP:

     
  13. What OS is the target running?

     
  14. If the OS is unknown, have nmap attempt to guess the OS

     
  15. Service version detection

     

Here’s a quick method to identify hosts on a subnet.  Also quickly gives some other useful info such as MAC Address and the Company Code for that MAC address.  Whether host is up or down and the latency.

$ sudo nmap -sP 192.168.100.0/24

example

Nmap scan report for 192.168.1.128
Host is up (0.021s latency).
MAC Address: 00:80:77:95:32:19 (Brother Industries)
Nmap scan report for 192.168.1.129
Host is up (0.0052s latency).
MAC Address: 00:0D:4B:D2:BF:30 (Roku)
Nmap scan report for 192.168.1.130
Host is up (0.023s latency).
MAC Address: 00:0D:4B:9A:AA:81 (Roku)