Nethence Newdoc Olddoc Lab Your IP BBDock  

Warning: those guides are mostly obsolete, please have a look at the new documentation.


Network scans
Port scans
Scan ports <= 1024,
nmap target_address 
Scan really ALL ports,
nmap -p 0-65535 target_address 
Note. if it doesn't respond to ping, add,
(previously -P0 and -PN)
OS guessing
Try to find out what operating system the remote host is using,
nmap -O remote_ip
ARP scans
Proceed with an ARP scan against a subnet e.g.,
nmap -sP
Scan for existing ARP traffic,
tcpdump -n -i eth0 arp
Simple ping
Proceed with a simple ping scan against a subnet. Using the Windows ping utility inside cygwin,
vi scping.ksh
[[ ! `uname` = CYGWIN_NT-5.1 ]] && print system is not CYGWIN_NT-5.1 && exit 1
for n in `seq 1 254`; do
ping -n 1 -w 200 192.168.0.$n >/dev/null && print 192.168.0.$n
note. 200 milliseconds should be enought for the (pingable) remote hosts to respond
ready to go,
chmod +x scping.ksh

(obsolete, see the new doc)