NMAP
Scanning The Network
Scanning a Host
The above command scans the system for all important ports and it is not a comprehensive scan. A few additions can be made to the above command to
--min-rate 10000 - This will ensure that nmap sends more than 10K packets per second. This is useful when the scan is too slow
-oA output.txt - This will redirect the output to a file name output.txt
-T<number> - This is used to control the speed and covertness of the scan. T0 will be slow and stealthy while T5 will be fast and obvious
-p- - This triggers a scan of all 65536 ports of the host
-p <port number> - This can be used to scan a specific port of a host. This can be modified to scan a range by including 1-1024 or a bunch of ports such as 80,443,139,445
-Pn - This does a no ping scan and is useful against systems that have disabled ping to not be visible during a scan
Scanning hosts for a certain service
This command scans the network for systems with DNS running
Fast Scan of Network
Nmap can sometimes take a long time to sweep through a network or scan a specific host. Under circumstances that you have to conduct a quick scan one of the following tools can be used, however the number of false positives and false negatives can be high.
Masscan is another tool to conduct a quick scan. This can be downloaded from github and installed. The command to run the scan,
Last updated