nmap -sP 10.81.100.0/24 ==> shows all the PCs running
T = Tcp connect
nmap -sT -p 80,443 10.81.100.0/24
-p = port
See if website on port 80 or 443
3 ways handshake TCP client/server:
Client 1/3 syn Server 2/3 syn ack Client 3/3 ack
-T = full open scan
-S = stealthy half open [only 2 ways handshake not 3 ways (ack missing). So firewall can or cannot detect] & connection is open.
nmap -sT 10.81.102.122 (scan any single IP address). Shows all the ports open.
RST is reset = end of conversation TCP:
1-syn, 2- syn ack, 3 ack, 4-RST
Manual: man nmap
See which OS is running on a machine:
sudo nmap -O 10.81.102.122
sudo nmap -A 10.81.102.122
Find SSH keys distnace from HOP Os & protocols
sudo nmap -sS -D 10.81.102.128 10.81.102.122
10.81.102.122 is the real PC IP address
10.81.102.128 is a decoy (leurre) IP address.
So there are 2 syn send from client. 1 from decoy PC & 1 from real PC
NMAP Scripting Engine Website vuln (vulnerabilities)
Common Vulnerabilities & Exposure
Youtube NetworkChuck channel:
Download a hacked machine (KIOPTRIX) for your tests here:
Twitter hack in July 2020:
2 infos from NYT & Vice
Credential Harvester Attack (free tools) see here:
See Darknet Diary Podcast episode N°69, see here:
Media Access Control MAC
Content Addressable Memory CAM in switches. Not in hub & wifi access.
Wifi access react like hub
Wifi access Version 6 react like switch.