P0f - OS Fingerprinting
p0f is a passive TCP/IP stack fingerprinting tool. p0f can attempt to identify the system running on machines that send network traffic to the box it is running on, or to a machine that shares a medium with the machine it is running on.
Example:
p0f -i any -p -o /tmp/sniff.log
p0f -i any -p -o /tmp/sniff.log
- The -i switch corresponds to the interface
- By setting the -p switch, we are setting the tool to run in promiscuous mode.
- We are setting the p0f tool to store the output (-o) in /tmp location inside a file named sniff.log.
NMAP - Subnet Scan
nmap -sP 172.20.20.1-255
This displays all the hosts that are up in the network within a minute.
nmap -T4 -A 172.20.20.14