this is obsolete doc -- see instead

Network scans 


Port scans 

Scan ports <= 1024, 

  nmap target_address 


Scan really ALL ports, 

  nmap -p 0-65535 target_address 


Note. if it doesn't respond to ping, add, 


(previously -P0 and -PN) 


OS guessing 

Try to find out what operating system the remote host is using, 

nmap -O remote_ip


ARP scans 

Proceed with an ARP scan against a subnet e.g., 

nmap -sP


Scan for existing ARP traffic, 

tcpdump -n -i eth0 arp


Simple ping 

Proceed with a simple ping scan against a subnet. Using the Windows ping utility inside cygwin, 

vi scping.ksh


[[ ! `uname` = CYGWIN_NT-5.1 ]] && print system is not CYGWIN_NT-5.1 && exit 1
for n in `seq 1 254`; do
        ping -n 1 -w 200 192.168.0.$n >/dev/null && print 192.168.0.$n

note. 200 milliseconds should be enought for the (pingable) remote hosts to respond 

ready to go, 

chmod +x scping.ksh