scanning-network-with-nmap-advanced

# Scanning Network with Nmap Advanced Techniques ## When to Use - Performing comprehensive asset discovery across large enterprise networks during authorized assessments - Enumerating service versions and configurations to identify outdated or vulnerable software - Bypassing firewall rules and IDS during authorized penetration tests using scan evasion techniques - Scripting automated vulnerability checks using the Nmap Scripting Engine (NSE) - Generating structured scan output for integration into vulnerability management pipelines **Do not use** against networks without explicit written authorization, on production systems during peak hours without approval, or to perform denial-of-service through aggressive scan timing. ## Prerequisites - Nmap 7.90+ installed (`nmap --version` to verify) - Root/sudo privileges for SYN scans, OS detection, and raw packet techniques - Written authorization specifying in-scope IP ranges and any excluded hosts - Network access to target ranges (VPN, direct connection, or jump host) - Familiarity with TCP/IP protocols and common port assignments ## Workflow ### Step 1: Host Discovery with Multiple Probes Use layered discovery to find live hosts even when ICMP is blocked: ```bash # ARP discovery for local subnet (most reliable on LAN) nmap -sn -PR 192.168.1.0/24 -oA discovery_arp # Combined ICMP + TCP + UDP probes for remote networks nmap -sn -PE -PP -PS21,22,25,80,443,445,3389,8080 -PU53,161,500 10.0.0.0/16 -oA discovery_combined # Li...