Network Service Discovery

Secondary Categories: 02-Information Gathering

Ping Sweep

# Perform a ping sweep with Nmap
nmap -sn $subnet/24 -oA PingSweepHosts

TCP Scanning

# Exclude hosts from scans with Nmap by specifying IPs
nmap -sV -F --exclude 127.0.0.2,127.0.0.4 127.0.0.1/24
 
# Scan for services and utilize nmap's built-in scripts using a file containing the targets
nmap -sV -sC -iL targets.txt -oA adv-scan

ARP Scanning

ARP is a protocol used to resolve a MAC address for the NIC that has been configured with an IP Address. ARP request are sent in cleartext, meaning that anyone on the broadcast domain can observe and record them.

# Active scanning
arp-scan -I eth0 $subnet
 
# Passive reconaissance 
netdiscover -i eth0 -r $subnet -p

Resources:

Title	URL
Eyewitness	https://github.com/FortyNorthSecurity/EyeWitness
GoWitness	https://github.com/sensepost/gowitness

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Network Service Discovery

Ping Sweep

TCP Scanning

ARP Scanning

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer