Network Scanning and Enumeration
Last updated
Last updated
Network Enumeration Tool
Used to scan for live hosts on the network
Description | Command |
---|---|
Ping Sweep [ Scanning Network for Live Hosts ] |
|
ARP Scan [ Scanning for Live Hosts without port scan in same subnet ] |
|
UDP ping scan |
|
ICMP echo ping scan |
|
Mask ping scan ( use if ICMP is blocked ) |
|
ICMP timestamp scan |
|
TCP SYN Ping scan |
|
IP Protocol scan ( uses different protocols to test connectivity ) |
|
Preference → Pinging Method → Combined UDP + TCP
Display → only live hosts
Start
Description | Command |
---|---|
All Open Ports |
|
Specific Port |
|
Service + Version |
|
Scripts + Version |
|
-S
- TCP Stealth Scan
Services + OS Discovery
Using nmap nse scripts
Based the ttl
value present the ping response.
ping 192.168.18.110
Operating System | Time To Live ( ttl ) | TCP Window Size |
---|---|---|
Linux | 64 | 5840 |
FreeBSD | 64 | 65535 |
OpenBSD | 255 | 16384 |
Windows | 128 | 65,535 bytes to 1 GB |
Cisco Routers | 255 | 4128 |
Solaris | 255 | 8760 |
AIX | 255 | 16384 |