You're reading from Nmap Network Exploration and Security Auditing Cookbook, Third Edition Network discovery and security scanning at your fingertips

Product type Paperback

Published in Sep 2021

Publisher Packt

ISBN-13 9781838649357

Length 436 pages

Edition 3rd Edition

Languages

C++

Tools

Nmap

Concepts

Network Security

Author (1):

Paulino Calderon

View More author details

Table of Contents (22) Chapters

Preface

1. Chapter 1: Nmap Fundamentals

2. Chapter 2: Getting Familiar with Nmap's Family FREE CHAPTER

3. Chapter 3: Network Scanning

4. Chapter 4: Reconnaissance Tasks

5. Chapter 5: Scanning Web Servers

6. Chapter 6: Scanning Databases

7. Chapter 7: Scanning Mail Servers

8. Chapter 8: Scanning Windows Systems

9. Chapter 9: Scanning ICS/SCADA Systems

10. Chapter 10: Scanning Mainframes

11. Chapter 11: Optimizing Scans

12. Chapter 12: Generating Scan Reports

13. Chapter 13: Writing Your Own NSE Scripts

14. Chapter 14: Exploiting Vulnerabilities with the Nmap Scripting Engine

15. Other Books You May Enjoy

Appendix A: HTTP, HTTP Pipelining, and Web Crawling Configuration Options

HTTP user agent

1. Appendix Β: Brute-Force Password Auditing Options

Brute modes

2. Appendix C: NSE Debugging

3. Appendix D: Additional Output Options

4. Appendix Ε: Introduction to Lua

5. Appendix F: References and Additional Reading

Why subscribe?

Performing advanced ping scans

In this chapter, you have learned about all the different ping scanning techniques supported by Nmap. We have been using these techniques independently across different scenarios, but one of the strengths of Nmap is the ability to combine them. Discovery scans can yield better results by expanding the set of probes sent to the network, but it is up to us to optimally combine the scanning techniques and probe ports. This recipe will go through the process of launching advanced ping scans.

How to do it...

Open your terminal and enter the following command:

# nmap -sn --send-ip -PS21,22,23,25,80,445,443,3389,8080 -PA80,443,8080 - PO1,2,4,6 -PU631,161,137,123 <target>

You should see a list of hosts that responded to any of the probes:

# nmap --send-ip -sn -PS21,22,23,25,80,445,443,3389,8080 -PA80,443,8080 - PO1,2,4,6 -PU631,161,137,123 192.168.1.1/24
Nmap scan report for 192.168.1.67 Host is up (0.093s latency).
MAC Address: 78:31:C1...