Cyber With KT
  • About Me
  • 🗃️Courses
    • TCM
      • Practical Ethical Hacking (TCM)
        • Intro
          • Technical Skills Needed
          • Soft Skills Needed
        • Networking Refresher
          • IP Addresses
          • MAC Addresses
          • TCP, UDP, and the Three-Way Handshake
          • Common Ports and Protocols
          • The OSI Model
          • Subnetting
        • Setting Up Our Lab
          • Configuring VirtualBox
        • Introduction to Linux
          • Sudo Overview
          • Navigating the File System
          • Users and Privileges
          • Common Network Commands
          • Installing and Updating Tools
          • Installing gedit
          • Viewing, Creating, and Editing Files
          • Scripting with Bash
          • Creating a basic IP sweep script with BASH.
        • Introduction to Python
          • Strings
          • Maths
          • Variables and Methods
          • Functions
          • Boolean Expressions
          • Relational and Boolean Operators
          • Conditional Statements
          • List
        • Information Gathering (Reconnaissance)
          • Passive Reconnaissance
          • Identifying Our Target
          • Discovering Email Addresses
          • Hunting Breached Credentials with DeHashed
          • Hunting Subdomains Part 1
          • Hunting Subdomains Part 2
          • Identifying Website Technologies
          • Information Gathering with Burp Suite
          • Google Fu
          • Utilizing Social Media
        • Scanning & Enumeration
          • Installing Kioptrix
          • Scanning with Nmap
          • Enumerating HTTP and HTTPS I
          • Enumerating HTTP and HTTPS II
    • Cybrary
      • Offensive Penetration Testing
        • M01 : Setting the Foundation for Success
          • Understanding the Penetration Test Report
          • Penetration Test Report Demo
          • Note Taking and Mind Mapping
          • Finding Resources to Prepare for the Offensive Penetration Testing
        • M02: Kali Linux Basics
          • Setting up the Kali Linux VM
          • Overview of Tools in Kali Linux
          • Understanding the Command Line
          • The who, what, when, where, and how of the Linux command line
          • Windows Commands
        • M03: Understanding Network Protocols
          • Scanning Network Protocols
          • Scanning with Nmap
          • Scanning with Masscan
          • Scanning with Netcat
          • Using Wireshark
          • Wireshark and Encrypted Traffic
          • Weaponizing Wireshark
        • Important Things
  • 📚Concepts
    • Networking & Protocols
      • IP Addresses
  • 🏁Challenges/CTFs
  • 🚩Walkthrough/Writeups
    • TryHackMe
      • 🟩Easy Rooms
      • 🟧Medium Rooms
      • 🟥Hard Rooms
    • HackTheBox
      • 🟩Easy Machines
      • 🟧Medium Machines
      • 🟥Hard Machines
  • 🛠️Tools & Commands
    • Scanning & Enumeration
      • Nmap
    • Web Application Tools
      • Burp Suite
    • Exploitation Tools
    • Privilege Escalation
    • Password Attacks
  • 💎Projects
    • Browser-Based Vulnerability Scanner
  • 📱Content Creation
    • LinkedIn Post Ideas
    • Blog/YouTube Script Drafts
  • 📝Cheat Sheets
    • Nmap Cheatsheet
    • Linux Commands
    • Burp Suite Shortcuts
    • Regex for Security
    • Payloads (XSS, SQLi, LFI, etc.)
  • 🔍OSINT Tools & Notes
    • Tools (theHarvester, Spiderfoot, etc.)
    • People Search Techniques
    • Metadata Analysis
    • Real-life Case Studies
  • 🐞Bug Bounty
  • 💡Research & Experiments
  • Templates & Reporting
  • Interview & Certification Prep
Powered by GitBook
On this page
  • Login Kioptrix :
  • In Kali :
  1. Courses
  2. TCM
  3. Practical Ethical Hacking (TCM)
  4. Scanning & Enumeration

Scanning with Nmap

PreviousInstalling KioptrixNextEnumerating HTTP and HTTPS I

Last updated 11 hours ago

Login Kioptrix :

john

TwoCows2

After Login

ping 8.8.8.8

In Kali :

sudo arp-scan -l

The command:

sudo arp-scan -l

Scans your local network for active devices using ARP.

Key points:

  • sudo: Needed for network access.

  • -l: Scans your local subnet (e.g., /24).

  • Shows each device’s IP, MAC address, and vendor.

Useful for network discovery, inventory, or detecting unknown devices.

sudo netdiscover -r 192.168.1.0/24

The command:

sudo netdiscover -r 192.168.1.0/24

Finds live devices on the specified LAN range, showing IP, MAC, and vendor.Great for quick network mapping and identifying unknown devices.

Breakdown:

  • sudo: Required for low-level network access.

  • netdiscover: ARP-based network discovery tool.

  • -r 192.168.1.0/24: Scan this IP range (CIDR format).

nmap -T4 -p- -A 192.168.1.140

The command:

nmap -T4 -p- -A 192.168.1.140

To fully map a router or host and identify services, versions, and potential vulnerabilities.

⚠️ Can be noisy — easily detected on networks. Use with permission only.

Breakdown:

  • -T4: Sets faster timing (good speed, less stealth).

  • -p-: Scans all 65,535 TCP ports.

  • -A: Enables aggressive scan — includes:

    • OS detection

    • Version detection

    • Script scanning

    • Traceroute

sudo nmap -sU -T4 -p 1-1000 192.168.1.140

The command:

sudo nmap -sU -T4 -p 1-1000 192.168.1.140

Performs a UDP port scan on ports 1–1000 of the target 192.168.1.140.

Breakdown:

  • sudo: Needed for raw packet sending (UDP scan).

  • -sU: UDP scan mode.

  • -T4: Faster timing (speeds up the scan).

  • -p 1-1000: Scan only UDP ports 1 through 1000.

  • 192.168.1.1: Target IP address (e.g., a router or host).

⚠️ Notes:

  • UDP scans are slower and results may be unreliable (some ports may show open|filtered).

  • Firewalls may silently drop UDP packets, making detection harder.

  • Be patient — UDP scans take longer than TCP scans.

🗃️