1) obtain the remote host system type and open port nmap-sS-P0-sV-Otarget here the target can be a single IP, or host name, or domain name, or subnet-sSTCPSYN scan (also known as semi-open, or stealth scan) -P0 allows you to disable ICMPpings. -sV: Enable System Version Check-O attempts to identify remote operating systems. Other options:
1) obtain the system type and open port nmap-sS-P0-sV-O target of the remote host. The target here can be a single IP address, host name, or domain name, or subnet-sS tcp syn scan (also known as semi-open or stealth scan)-P0 allows you to Disable ICMP pings. -sV: Enable System Version Check-O attempts to identify remote operating systems. Other options:
1) obtain the system type and open port of the remote host
Nmap-sS-P0-sV-O
<Target> can be a single IP address, host name, domain name, or subnet.
-SS tcp syn scan (also known as semi-open or stealth scan)
-P0 allows you to Disable ICMP pings.
-SV: Enable System Version Detection
-O attempts to identify remote operating systems
Other options:
-A: Enable the operating system fingerprint and version detection at the same time.
-V: Output Scan details.
Nmap-sS-P0-A-v <target>
2) list hosts with specified ports Enabled
Nmap-sT-p 80-oG-192.168.1. * | grep open
3) Search for all online hosts on the network
Nmap-sP 192.168.0 .*
You can also use the following command:
Nmap-sP 192.168.0.0/24
Specify subnet
4) Ping the IP address within the specified range
Nmap-sP 192.168.1.100-254
5) Search for unused IP addresses on a subnetwork
Nmap-T4-sP 192.168.2.0/24 & egrep "00: 00: 00: 00: 00"/proc/net/arp
6) scan the Conficker worm on the LAN.
Nmap-PN-T4-p139, 445-n-v-script = smb-check-vulns-script-args safe = 1 192.168.0.1-254
7) scan the malicious access point (rogue APs) on the network ).
Nmap-A-p1-85, 113,443,808 0-8100-T4-min-hostgroup 50-max-rtt-timeout 2000-initial-rtt-timeout 300-max-retries 3-host-
Timeout 20 m-max-scan-delay 1000-oA wapscan 10.0.0.0/8
8) scan host ports using bait scanning methods
Sudo nmap-sS 192.168.0.10-D 192.168.0.2
9) List reverse DNS records for a subnet
Nmap-R-sL 209.85.229.99/27 | awk '{if ($3 = "not") print "(" $2 ") no PTR "; else print $3 "is" $2} '| grep '('
10) How many Linux and Win devices are displayed on the network?
Sudo nmap-F-O 192.168.0.1-255 | grep "Running:">/tmp/OS; echo "$ (cat/tmp/OS | grep Linux | wc-l) linux device (s) "; echo
"$ (Cat/tmp/OS | grep Windows | wc-l) Window (s) device"