Network Scanning
Host Discovery¶
ARP¶
Quickly discover live hosts on same the subnet as the NIC.
sudo nmap -sn -PR -n -T4 <cidr> -oG nmap_live_hosts_arp
TCP/UDP/ICMP¶
Quickly discover live hosts including on routed subnets.
sudo nmap -sn -n -T4 -PE -PP -PS80,135,139,389,443,445,464,636,3268,3269,3389,5985,5986,22 -PA80,443,445 -PU53,123,137,161 -iL scope.txt -oG nmap_live_hosts_l2
Quick Service Scan¶
Quickly discover running services.
sudo nmap -sS -sV --version-light -Pn -n -T4 --top-ports 200 --open -iL scope.txt -oA nmap_quick_profile_tcp
Comprehensive Service Scan¶
Identify all open TCP ports and common UDP.
TCP & UDP¶
Scan all 65,535 TCP and common UDP ports and perform light service discovery
sudo nmap -sS -sU -sV --version-intensity 0 -Pn -n -T4 -p T:1-65535,U:53,67-69,111,123,135,137-139,161-162,445,500,514,520,631,996-999,1434,1701,1900,3283,4500,5353,49152-49154 --max-retries 2 --open -iL scope.txt
TCP Only¶
Scan all 65,535 TCP ports and perform light service discovery
sudo nmap -sS -sV --version-intensity 0 -Pn -n -T4 -p- --max-retries 2 --open -iL scope.txt -oA nmap_comprehensive_tcp
UDP Only¶
Scan common UDP ports and perform light service discovery
sudo nmap -sU -sV --version-intensity 0 -Pn -n -T3 -p 53,67-68,69,88,111,123,137-138,161-162,389,464,500,520,631,1434,1701,1812-1813,1900,2049,3389,3702,4500,5004-5005,5060,5353,5355,11211,4789 --max-retries 2 --open -iL scope.txt -oA nmap_comprehensive_udp