—NMAP
Ping sweep a subnet
Nmap -sn 172.16.0.0/24
Send multiple source IP address’s also with yours
This will throw off IDS or IPS because it doesn’t know who the real attacker is
Nmap 192.168.1.1 -D 1.1.1.1 2.2.2.2
Determine the OS Type
-sS = use TCP
-P0 = Use all protocols
-sV = Detect then OS
-o = Required to detect the OS
Nmap -sS -P0 -sV -O 192.168.1.1
Scan the top 20 ports of a host
Nmap —top-ports 20 <IP>
Who is running port 80 filter
nmap -sT -p80 <IP>
Doing a Verbose NMAP Scan
nmap -v <IP>
Using a script within NMAP
nmap –script=<NAME> <IP>
nmap —script-help discovery