this is obsolete doc -- see http://doc.nethence.com/ instead

Network scans 

Port scans 

Scan ports <= 1024, 

  nmap target_address 

Scan really ALL ports, 

  nmap -p 0-65535 target_address 

Note. if it doesn't respond to ping, add, 

-Pn

(previously -P0 and -PN) 

OS guessing 

Try to find out what operating system the remote host is using, 

nmap -O remote_ip

ARP scans 

Proceed with an ARP scan against a subnet e.g., 

nmap -sP 192.168.0.0/24

Scan for existing ARP traffic, 

tcpdump -n -i eth0 arp

Simple ping 

Proceed with a simple ping scan against a subnet. Using the Windows ping utility inside cygwin, 

vi scping.ksh

like, 

#!/bin/ksh

[[ ! `uname` = CYGWIN_NT-5.1 ]] && print system is not CYGWIN_NT-5.1 && exit 1

for n in `seq 1 254`; do

        ping -n 1 -w 200 192.168.0.$n >/dev/null && print 192.168.0.$n

done

note. 200 milliseconds should be enought for the (pingable) remote hosts to respond 

ready to go, 

chmod +x scping.ksh

./scping.ksh