enumeration

nmap -sT -A -p- -nvvv ip.addy

garbage: nmap -A -Np ip.addy.#.#

nick's version:

nmap

-sT - scan technique Connect()

-sC - runs all the default NMAP scripts <=================-A does this

-sV - Probe open ports to determine service/version info <=================-A does this

-A - Enable OS detection, version detection, script scanning, and traceroute

-O - Enable OS detection <=================-A does this

-p-

-oA full_tcp_31

-nvvv

10.11.1.31

nmap

-sS - TCP SYN, potentially better?????? <=====can end up taking about 4 years to complete because it is trying to be silent

-A - Enable OS detection, version detection, script scanning, and traceroute

-nvvv - Don’t resolve hostnames and port numbers, extra verbose

from my comp:

nmap -A -p- -nvvv 10.11.1.220

vs

nmap -sT -sC -sV -A -O -p- -nvvv 10.11.1.220

nmap -A -Np ip.addy.#.#

SEE IP FOLDERS

instructions

nmap -v -oG nmapoutput -p 53 10.11.1.0/24

cat nmapoutput | grep open

Host: 10.11.1.220 () Ports: 53/open/tcp//domain///

Host: 10.11.1.221 () Ports: 53/open/tcp//domain///

dnsrecon -r 10.11.1.0/24 -n 10.11.1.220