nmap - ethan's notes

## Scan a single IP, network, domain, range ``` nmap 192.168.1.1 ``` ``` nmap 192.168.1.0/24 ``` ``` nmap 192.168.1.1 192.168.1.2 ``` ### Find a specific MAC address ```bash sudo nmap -sn 192.168.1.0/24 | grep -B 2 "AA:BB:CC:DD:EE:FF" ``` - `-sn` specifies just a ping scan (no ports) - `sudo` is required to see MAC addresses - `-B 2` shows the IP above the MAC line ## Scan Techniques | Switch | Example | Description | | ------ | ---------------------- | ------------------------------------------------------ | | `-sS` | `nmap 192.168.1.1 -sS` | TCP SYN port scan (Default) | | `-sT` | `nmap 192.168.1.1 -sT` | TCP connect port scan (Default without root privilege) | | `-sU` | `nmap 192.168.1.1 -sU` | UDP port scan | | `-sA` | `nmap 192.168.1.1 -sA` | TCP ACK port scan | | `-sW` | `nmap 192.168.1.1 -sW` | TCP Window port scan | | `-sM` | `nmap 192.168.1.1 -sM` | TCP Maimon port scan |