Install nmap
sudo apt-get install nmap
ubuntu
yum install nmap
red hat/centos
SINGLE HOST
nmap targethost # results as a "normal user" are less detailed than using root sudo nmap targethostname
Starting Nmap 5.21 ( http://nmap.org ) at 2012-01-31 15:02 PST Nmap scan report for 10.10.10.77 Host is up (0.013s latency). Not shown: 998 closed ports PORT STATE SERVICE 548/tcp open afp 49175/tcp open unknown MAC Address: 58:B0:35:69:F0:34 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 8.02 seconds
nmap -p21-22,25,80,443 targethostname # only scan certain ports
nmap -A -T4 -F 10.10.10.201 # version detection of a specific host
NETWORK SCANNING
nmap -sn 10.10.10.1/24 # no port scan
[root@vm2 qemu]# nmap -sn 10.10.10.1/24
Starting Nmap 5.51 ( http://nmap.org ) at 2013-02-05 18:56 AST Nmap scan report for 10.10.10.2 Host is up (0.00037s latency). MAC Address: E8:B7:48:FD:3B:64 (Unknown) Nmap scan report for 10.10.10.100 Host is up. Nmap scan report for 10.10.10.254 Host is up (0.00013s latency). MAC Address: E8:B7:48:FD:38:E8 (Unknown) Nmap done: 256 IP addresses (3 hosts up) scanned in 7.59 seconds
nmap -sS -O 10.10.10.100/24 # stealth SYN scan and OS check
TCP connect() Scan [-sT] = TCP connection attempts
SYN Stealth Scan [-sS] = sends a SYN packet to detect filetered ports
Ping Scan [-sP] or UDP Scan [-sU] may simplify matters...
IP Protocol Scans [-sO] will shorten your search if you know what you're looking for
ping and arp cache can tell you the MAC address (if it's not spoofed) a quick internet search confirms: 58-B0-35 = apple
http://nmap.org/book/man-briefoptions.html http://www.cyberciti.biz/networking/nmap-command-examples-tutorials http://www.tecmint.com/nmap-command-examples