Network Enumeration

Scan Network using nmap -sn to disable port scan

sudo nmap 10.129.2.0/24 -sn -oA tnet | grep for | cut -d" " -f5

-iL to perform defined scans

sudo nmap -sn -oA tnet -iL hosts.lst | grep for | cut -d" " -f5

Other flags

-PE

Performs the ping scan by using 'ICMP Echo requests' against the target.

--packet-trace

Shows all packets sent and received

--reason

Displays the reason for specific result.

--disable-arp-ping

Use ICMP instead of ARP

--reason

Displays the reason a port is in a particular state.

-n

Disables DNS resolution

--stats-every=5s

Shows the progress of the scan every 5 seconds.

-A

Enables OS detection and Version detection, Script scanning and Traceroute.

-sT

TCP connect scan (3-way handshake)

-sU

UDP scan

TTL Values of different OS

Default TTL (Time To Live) Values of Different OS - Subin's Blog (subinsb.com)

Port Status

State

Description

open

This indicates that the connection to the scanned port has been established. These connections can be TCP connections, UDP datagramsas well as SCTP associations.

closed

When the port is shown as closed, the TCP protocol indicates that the packet we received back contains an RSTflag. This scanning method can also be used to determine if our target is alive or not.

filtered

Nmap cannot correctly identify whether the scanned port is open or closed because either no response is returned from the target for the port or we get an error code from the target.

unfiltered

This state of a port only occurs during the TCP-ACKscan and means that the port is accessible, but it cannot be determined whether it is open or closed.

open|filtered

If we do not get a response for a specific port, Nmapwill set it to that state. This indicates that a firewall or packet filter may protect the port.

closed|filtered

This state only occurs in the IP ID idlescans and indicates that it was impossible to determine if the scanned port is closed or filtered by a firewall.

Additional Flags

--min-parallelism

which frequency

--max-rtt-timeout

which timeout (100ms for example)

--min-rate

number of packets sent simultaneously

--max-retries

number of retries (default is 10)

-T Flags

Value

Meaning

Paranoid

Sneaky

Polite

Normal

Aggressive

Insane

PreviousDomain Enumeration NextUser Enumeration

Last updated 2 years ago

hashtagScan Network using nmap -sn to disable port scan

hashtag-iL to perform defined scans

hashtagOther flags

hashtagTTL Values of different OS

hashtagPort Status

hashtagAdditional Flags

hashtag-T Flags