# nmap

This uses the `nmap` tool to perform a detailed TCP port scan on the IP range `192.168.0.0/24`.

`sudo nmap -sS -p- -PE -PP -PS80,443 -PA3389 -PU40125 -A -T4 -oA tcpscan-%D 192.168.0.0/24`

- `sudo`: Runs the command with administrative privileges.
- `nmap`: The command-line tool used for network exploration and security auditing.
- `-sS`: Performs a TCP SYN scan, which is the default scan type for privileged users.
- `-p-`: Scans all 65,535 TCP ports.
- `-PE`: Sends ICMP echo requests (ping) to discover live hosts.
- `-PP`: Sends ICMP timestamp requests to discover live hosts.
- `-PS80,443`: Sends TCP SYN packets to ports 80 and 443 (default web server) to discover open ports.
- `-PA3389`: Sends TCP ACK packets to port 3389 (default RDP) to discover open ports.
- `-PU40125`: Sends UDP packets to port 40125 (unlikely to be in use) to discover open ports (some services such as the `chargen` protocol respond to empty UDP packets).
- `-A`: Enables aggressive scanning options, including OS detection, version detection, script scanning, and traceroute.
- `-T4`: Sets the timing template to "Aggressive" to speed up the scan (otherwise it can take quite a while, even on a /24 network).
- `-oA tcpscan-%D`: Specifies the output file name format. `%D` is a placeholder for the current date and time.
- `192.168.0.0/24`: Specifies the IP range to scan, in this case, all IP addresses from `192.168.0.0` to `192.168.0.255`.

For a simpler verbose scan,

`sudo nmap -v -A -sS -p- -O target`

- `sudo`: Runs the command with administrative privileges.
- `nmap`: The command-line tool used for network exploration and security auditing.
- `-v`: Enables **verbose output**, providing more detailed information during the scan.
- `-A`: Enables **aggressive scanning** options, including OS detection, version detection, script scanning, and traceroute.
- `-sS`: Performs a **TCP SYN** scan, which is the default scan type for privileged users.
- `-p-`: Scans **all 65,535 TCP ports**.
- `-O`: Enables **OS detection**, which attempts to determine the operating system running on the target.
- `target`: Specifies the target IP address, DNS name, or CIDR range to scan.