Network
Network Scanning

Network Scanning

  • Private IPs

    Some ip ranges are reserved for private networks. They are not routable on the internet. They are:

    NetworkRangeCount
    10.0.0.0/810.0.0.010.255.255.25516,777,214
    172.16.0.0/16172.16.0.0 - 172.31.255.2551,048,574
    192.168.0.0/16192.168.0.0 - 192.168.255.25565,534

NMAP

  • nmap - Website

    nmap is a utility for network discovery.

    nmap -sC -sV -O 192.168.0.0/24 # Classic scan
nmap -sS 192.168.0.0/24        # SYN scan (faster but no service detection)

  • Large range ports

    nmap usually scans the 1000 most common ports. To scan more ports, use the -p option. This can increase the scan time, so it is best to use it on a few machines at a time.

    nmap 192.168.0.0 -p- # Scan all ports, from 1 to 65535
nmap 192.168.0.0 -p 1-1000,2000-3000 # Scan ports 1 to 1000 and 2000 to 3000

  • Nmap scripts - Website

    nmap has a lot of scripts that can be used to scan for specific vulnerabilities. They are called with the --script option.

    nmap -sV --script dns-* <ip> # Run all dns scripts

Tools

  • traceroute - Wikipedia

    See the machines that a packet goes through to reach its destination.

  • netdiscover

    netdiscover is a utility for network discovery.

    # Passive scan
netdiscover -p