1. Using Netdiscover:
sudo netdiscover -p -i interface_name{eth0}

-p : Passive mode. Keep in mind that while passive network scanners help to maintain a level of stealth on a network, they don’t always detect live systems as compared to performing active scanning techniques. For instance, a targeted system may not be generating network traffic for many reasons. If a penetration tester is performing passive scanning only, there’s a possibility the targeted host may not be identified. lh_1

  1. NMAP ping sweep:
nmap -sn 192.168.83.0/24

lh_2

  • Nmap’s ping sweep does not send ICMP probes to the target; rather, it leverages TCP messages to determine whether specific ports are open on the targeted system. Therefore, if ICMP is restricted on a network, there’s a likelihood that TCP messages are permitted.
  1. Using nbtscan , the machines that can respond to NetBios like windows based machines, we can identify them on the network:
sudo nbtscan 192.168.83.0/24
sudo nbtscan 192.168.83.138-141

lh_3

  1. let’s use Nmap to perform a port scan of the top 1,000 ports
nmap 192.168.83.140

lh_4

  1. We can use the NMAP's -A option along with controlling the speed using -T option:
nmap -A -T4 192.168.83.140