Network Scanning and Enumeration
Automated Way
Using enum4linux
Network Enumeration Tool
Host Discovery - to find other hosts/machines in the network
Using netdisocver
Used to scan for live hosts on the network
Using nmap
Ping Sweep [ Scanning Network for Live Hosts ]
nmap -sP 192.168.18.1/24
ARP Scan [ Scanning for Live Hosts without port scan in same subnet ]
nmap -sn -PR 192.168.18.0-255 or nmap -sn -PR 192.168.18.1/24
UDP ping scan
nmap -sn -PU 192.168.18.110
ICMP echo ping scan
nmap -sn -PE 192.168.18.1-255
Mask ping scan ( use if ICMP is blocked )
nmap -sn -PM 192.168.18.1-255
ICMP timestamp scan
nmap -sn -PP 192.168.18.1-255
TCP SYN Ping scan
nmap -sn -PS 192.168.18.1-255
IP Protocol scan ( uses different protocols to test connectivity )
nmap -sn -PP 192.168.18.1-255
Using Angry IP Scanner
Preference → Pinging Method → Combined UDP + TCP
Display → only live hosts
Start
Service Discovery - To identify open ports and services running on target
Using nmap
All Open Ports
nmap -p- 192.168.18.1
Specific Port
nmap -p <PORT> 192.168.18.1
Service + Version
nmap -sS -sV 192.168.18.1
Scripts + Version
nmap -sC -sV 192.168.18.1
Using hping3
-S- TCP Stealth Scan
OS Discovery - Identify the OS running on the target
Using nmap
Services + OS Discovery
Using nmap nse scripts
Banner Grabbing
Based the ttl value present the ping response.
ping 192.168.18.110
Linux
64
5840
FreeBSD
64
65535
OpenBSD
255
16384
Windows
128
65,535 bytes to 1 GB
Cisco Routers
255
4128
Solaris
255
8760
AIX
255
16384
Aggressive Scanning
Comprehensive Scanning
Last updated
Was this helpful?