Nethence Documentation Lab Webmail Your IP BBDock  


Those documents are obsolete, please use the Nethence Documentation instead.

HomeUnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigsPrivate

Network scans
 
Port scans
Scan ports <= 1024,
nmap target_address 
 
Scan really ALL ports,
nmap -p 0-65535 target_address 
 
Note. if it doesn't respond to ping, add,
-Pn
(previously -P0 and -PN)
 
OS guessing
Try to find out what operating system the remote host is using,
nmap -O remote_ip
 
ARP scans
Proceed with an ARP scan against a subnet e.g.,
nmap -sP 192.168.0.0/24
 
Scan for existing ARP traffic,
tcpdump -n -i eth0 arp
 
Simple ping
Proceed with a simple ping scan against a subnet. Using the Windows ping utility inside cygwin,
vi scping.ksh
like,
#!/bin/ksh
[[ ! `uname` = CYGWIN_NT-5.1 ]] && print system is not CYGWIN_NT-5.1 && exit 1
for n in `seq 1 254`; do
ping -n 1 -w 200 192.168.0.$n >/dev/null && print 192.168.0.$n
done
note. 200 milliseconds should be enought for the (pingable) remote hosts to respond
ready to go,
chmod +x scping.ksh
./scping.ksh
 

Last update: Apr 20, 2016