# Network Scanning


ARP

# netdiscover -P -r <network> | tee <scanname>-netdiscover

ICMP

# nmap -n -sn -oA <scanname>-icmp <network>

TCP

# masscan <network> -pU:0-65535 --rate 1000 --open-only --output-format <xml|binary|grepable|list|JSON> --output-filename <scanname>-masscan
# nmap -n -p- -T4 -Pn --open -oA <scanname>-nmap <network>
# nmap -n -F -T4 -Pn --open -oA <scanname>-nmap <network>
# zmap --target-port=<port> --bandwidth=10M --seed=1234 --interface=<interface> --probe-module=tcp_synscan --output-file=<scanname>-zmap <network>

UDP

# masscan <network> -p0-65535 --rate 1000 --open-only --output-format <xml|binary|grepable|list|JSON> --output-filename <scanname>-masscan
# nmap -n -p- -T4 -sU -Pn --open -oA <scanname>-nmap <network>
# nmap -n -F -T4 -sU -Pn --open -oA <scanname>-nmap <network>
# zmap --target-port=<port> --bandwidth=10M --seed=1234 --interface=<interface> --probe-module=udp --output-file=<scanname>-zmap <network>

UDP Applications: DNS, IPMI, NETBIOS, NTP, MSDNS, MSSQL, PORTMAP, SIP, SNMPv1, UPNP

# pa=<dns_53.pkt|ipmi_623.pkt|netbios_137.pkt|ntp_123.pkt|mdns_5353.pkt|mssql_1434.pkt|portmap_53.pkt|sip_options.tpl|snmp1_161.pkt|upnp_1900.pkt>
# zmap --target-port=<port> --bandwidth=10M --seed=1234 --interface=<interface> --probe-module=udp --probe-args=$pa --output-file=<scanname>-zmap <network>

No comments: