Network Scanning and Enumeration
Last updated
Last updated
Network Enumeration Tool
Used to scan for live hosts on the network
Preference → Pinging Method → Combined UDP + TCP
Display → only live hosts
Start
-S - TCP Stealth Scan
Services + OS Discovery
Using nmap nse scripts
Based the ttl value present the ping response.
ping 192.168.18.110
| Description | Command |
|---|---|
| Description | Command |
|---|---|
| Operating System | Time To Live ( ttl ) | TCP Window Size |
|---|---|---|
Ping Sweep [ Scanning Network for Live Hosts ]
nmap -sP 192.168.18.1/24
ARP Scan [ Scanning for Live Hosts without port scan in same subnet ]
nmap -sn -PR 192.168.18.0-255 or nmap -sn -PR 192.168.18.1/24
UDP ping scan
nmap -sn -PU 192.168.18.110
ICMP echo ping scan
nmap -sn -PE 192.168.18.1-255
Mask ping scan ( use if ICMP is blocked )
nmap -sn -PM 192.168.18.1-255
ICMP timestamp scan
nmap -sn -PP 192.168.18.1-255
TCP SYN Ping scan
nmap -sn -PS 192.168.18.1-255
IP Protocol scan ( uses different protocols to test connectivity )
nmap -sn -PP 192.168.18.1-255
All Open Ports
nmap -p- 192.168.18.1
Specific Port
nmap -p <PORT> 192.168.18.1
Service + Version
nmap -sS -sV 192.168.18.1
Scripts + Version
nmap -sC -sV 192.168.18.1
Linux
64
5840
FreeBSD
64
65535
OpenBSD
255
16384
Windows
128
65,535 bytes to 1 GB
Cisco Routers
255
4128
Solaris
255
8760
AIX
255
16384
