After a quick ping scan, we can leverage our methodology to reveal the open ports and services as well. We will also use the Nmap script to probe each service, using the following commands:
- TCP scan - intranet:
nmap -sS -sV -sC -sV --version-all -O --osscan-guess -T4 --reason --open -p- -Pn -v [IP address / range]
- UDP scan - intranet:
nmap -sU --top-ports 1000 -Pn -v [IP address / range]
- TCP scan - from the internet (outside boundary):
nmap -sS -T2 --top-ports 1000 -Pn -v [IP address / range]
- UDP scan - from the internet (outside boundary):
nmap -sU --top-ports 100 -Pn -v [IP address / range]
Check out Appendix A for a cheat sheet of Nmap.