Scanning with Nmap

Login Kioptrix :

john

TwoCows2

After Login

ping 8.8.8.8

In Kali :

sudo arp-scan -l

The command:

sudo arp-scan -l

Scans your local network for active devices using ARP.

Key points:

• sudo: Needed for network access.

• -l: Scans your local subnet (e.g., /24).

• Shows each device’s IP, MAC address, and vendor.

Useful for network discovery, inventory, or detecting unknown devices.

sudo netdiscover -r 192.168.1.0/24

The command:

sudo netdiscover -r 192.168.1.0/24

Finds live devices on the specified LAN range, showing IP, MAC, and vendor.Great for quick network mapping and identifying unknown devices.

Breakdown:

• sudo: Required for low-level network access.

• netdiscover: ARP-based network discovery tool.

• -r 192.168.1.0/24: Scan this IP range (CIDR format).

nmap -T4 -p- -A 192.168.1.140

The command:

nmap -T4 -p- -A 192.168.1.140

To fully map a router or host and identify services, versions, and potential vulnerabilities.

⚠️ Can be noisy — easily detected on networks. Use with permission only.

Breakdown:

• -T4: Sets faster timing (good speed, less stealth).

• -p-: Scans all 65,535 TCP ports.

• -A: Enables aggressive scan — includes:

  • OS detection

  • Version detection

  • Script scanning

  • Traceroute

sudo nmap -sU -T4 -p 1-1000 192.168.1.140

The command:

sudo nmap -sU -T4 -p 1-1000 192.168.1.140

Performs a UDP port scan on ports 1–1000 of the target 192.168.1.140.

Breakdown:

• sudo: Needed for raw packet sending (UDP scan).

• -sU: UDP scan mode.

• -T4: Faster timing (speeds up the scan).

• -p 1-1000: Scan only UDP ports 1 through 1000.

• 192.168.1.1: Target IP address (e.g., a router or host).

⚠️ Notes:

• UDP scans are slower and results may be unreliable (some ports may show open|filtered).

• Firewalls may silently drop UDP packets, making detection harder.

• Be patient — UDP scans take longer than TCP scans.