- Using
Netdiscover:
sudo netdiscover -p -i interface_name{eth0}
-p : Passive mode.
Keep in mind that while passive network scanners help to maintain a level of stealth on a network, they don’t always detect live systems as compared to performing active scanning techniques. For instance, a targeted system may not be generating network traffic for many reasons. If a penetration tester is performing passive scanning only, there’s a possibility the targeted host may not be identified.

NMAPping sweep:
nmap -sn 192.168.83.0/24

- Nmap’s ping sweep does not send ICMP probes to the target; rather, it leverages TCP messages to determine whether specific ports are open on the targeted system. Therefore, if ICMP is restricted on a network, there’s a likelihood that TCP messages are permitted.
- Using
nbtscan, the machines that can respond toNetBioslike windows based machines, we can identify them on the network:
sudo nbtscan 192.168.83.0/24
sudo nbtscan 192.168.83.138-141

- let’s use Nmap to perform a port scan of the top 1,000 ports
nmap 192.168.83.140

- We can use the
NMAP's-Aoption along with controlling the speed using-Toption:
nmap -A -T4 192.168.83.140