It is just a quick survival guide to NMAP commands without investigating the rabbit hole of live host discovery, port scanning and firewall evasion techniques.
Live host discovery
Basic ARP scan to look around the network (-sn = disable port scan, -PR = only ARP scan):
nmap -PR -sn 192.168.100.0/24ICMP scans can be run with the -PP -PE and -PM options.
A little bit more aggressive host discovery scan with script running and traceroute. It’s very loud!
sudo nmap -A -v -T5 192.168.100.0/24Port scans
TCP SYN scan is considered stealthy:
sudo nmap -sS 192.168.100.101
sudo nmap -sS -Pn -T5 -p- -v 192.168.100.104TCP connect scan is louder:
sudo nmap -sT 192.168.100.101The -sN -sF -sX are NULL, FIN and Xmas scans are stealthy.
If you have anything to share then please visit my Tom’s IT Cafe Discord Server!
Tom's IT Cafe 