Network Enumeration

Basic Network Scanning

 nmap -sn -Pn -n 10.10.10.0/24

• -sn: Disable port scanning (ping scan).

• -Pn: Skip host discovery.

• -n: Disable DNS resolution.

---

Port Scanning

nmap -p- -p22,25,80,443 -F -sS -sU -sV 10.10.10.0/24

• -p-: Scan all 65,535 ports.

• -p22,25,80,443: Scan specified ports.

• -F: Scan top 100 ports.

• -sS: TCP SYN scan.

• -sU: UDP scan.

• -sV: Service version detection.

---

Service Detection

nmap -sC -sV --script default -p80,443 10.10.10.0/24

• -sC: Default script scan.

• -sV: Detect service versions.

• --script default: Use default Nmap scripts.

---

Operating System Detection

nmap -O -A 10.10.10.0/24

• -O: OS detection.

• -A: Aggressive mode (includes OS detection, service detection, and traceroute).

---

Performance Optimization

nmap -T4 --min-rate 300 --max-retries 2 --stats-every=5s 10.10.10.0/24

• -T4: Set timing template to "fast".

• --min-rate 300: Send 300 packets per second.

• --max-retries 2: Limit retries to 2.

• --stats-every=5s: Display scan stats every 5 seconds.

---

Spoofing and Decoy Scans

nmap -D RND:5 -S 10.10.10.200 -e eth0 -g 80 10.10.10.0/24

• -D RND:5: Use 5 random decoys.

• -S: Spoof source IP.

• -e eth0: Specify network interface.

• -g 80: Set source port to 80.

---

Output Format codenmap -oA results -oN results.txt -oG results.gnmap -oX results.xml 10.10.10.0/24

• -oA: Save in all formats with prefix "results".

• -oN: Save as plain text.

• -oG: Save in "grepable" format.

• -oX: Save as XML.

---

All-in-One Command

nmap -T4 -sS -sU -sC -sV -O -A -p- --script default -oA full_scan_results 10.10.10.0/24

• Combines fast timing, service detection, OS detection, script scanning, all ports, and saves the results in multiple formats.