The Penguin's Practical Network Troubleshooting Guide - page 4
Start with Cable Testing
It is amazing how many different uses
nmap has. Just when you think you know it inside out, out pop more interesting and useful features. This command scans a subnet to see what hosts are up:
# nmap -sP 192.168.1.* Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-27 14:54 PDT Host 192.168.1.0 seems to be a subnet broadcast address (returned 2 extra pings). Host windbag.alrac.net (192.168.1.10) appears to be up. Host uberpc.alrac.net (192.168.1.11) appears to be up. MAC Address: 00:10:0A:54:61:DA (Unknown) Host stinkpad.alrac.net (192.168.1.12) appears to be up. MAC Address: 00:1A:E2:4A:8B:DD (Wistron) Host 192.168.1.255 seems to be a subnet broadcast address (returned 2 extra pings). Nmap finished: 256 IP addresses (3 hosts up) scanned in 7.005 seconds
Want to map your entire network and see what services are running?
# nmap -O 192.168.1.* Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-04-27 22:06 PDT Interesting ports on windbag.alrac.net (192.168.1.10): (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) Uptime 1.567 days (since Wed Apr 26 08:30:31 2006) [output snipped] Nmap finished: 256 IP addresses (3 hosts up) scanned in 8.341 seconds
There are a whole lot of open services here. The
nmap to try to identity the operating systems.