Difference between revisions of "Nmap"
From Steak Wiki
Jump to navigationJump to search| (One intermediate revision by the same user not shown) | |||
| Line 19: | Line 19: | ||
$ nmap -sT -p1-1000 192.168.1.0/24 | $ nmap -sT -p1-1000 192.168.1.0/24 | ||
$ nmap -sU -p1-1000 192.168.1.0/24 | $ nmap -sU -p1-1000 192.168.1.0/24 | ||
| + | |||
| + | port / service detection (searches first 1000 ports, can take minute or two) | ||
| + | $ nmap -sV ipaddress | ||
| + | |||
| + | man page has other info | ||
| + | |||
| + | See also tcpdump. | ||
| + | |||
</small> | </small> | ||
| − | |||
| − | |||
Latest revision as of 23:04, 24 October 2025
Nmap is the defacto standard port / network scanner. It is good.
There is a book available for nmap. I think there's a mostly complete pdf available online.
Ping Lan Address Range and Report who is Active
$ nmap -sP 192.168.1.0/24
Get DHCP Servers in LAN
$ sudo nmap --script broadcast-dhcp-discover -e eth0
Basic searches
The second thing to remember with nmap and searches. -T is tcp. -U is udp. -P is a ping (check that host is alive) test. So remembering these three simple switches, gives you the following commands
$ nmap -sP 192.168.1.0/24 $ nmap -sT -p1-1000 192.168.1.0/24 $ nmap -sU -p1-1000 192.168.1.0/24
port / service detection (searches first 1000 ports, can take minute or two)
$ nmap -sV ipaddress
man page has other info
See also tcpdump.
