nmap -sP ==> shows all the PCs running

T = Tcp connect

nmap -sT -p 80,443

-p = port

See if website on port 80 or 443


3 ways handshake TCP client/server:

Client 1/3 syn Server 2/3 syn ack Client 3/3 ack


-T = full open scan

-S = stealthy half open [only 2 ways handshake not 3 ways (ack missing). So firewall can or cannot detect] & connection is open.

nmap -sT (scan any single IP address). Shows all the ports open.

RST is reset = end of conversation TCP:

1-syn, 2- syn ack, 3 ack, 4-RST

Manual: man nmap

See which OS is running on a machine:

sudo nmap -O

(capital o).

sudo nmap -A

Find SSH keys distnace from HOP Os & protocols

sudo nmap -sS -D is the real PC IP address is a decoy (leurre) IP address.

So there are 2 syn send from client. 1 from decoy PC & 1 from real PC

NMAP Scripting Engine Website vuln (vulnerabilities)

Common Vulnerabilities & Exposure

Youtube NetworkChuck channel:

Download a hacked machine (KIOPTRIX) for your tests here:,8/




Social Engineering:

Twitter hack in July 2020:

2 infos from NYT & Vice




SIM Hijacking

SIM Swapping

Credential Harvester Attack (free tools) see here:

See Darknet Diary Podcast episode N°69, see here:


Media Access Control MAC

Content Addressable Memory CAM in switches. Not in hub & wifi access.

Wifi access react like hub

Wifi access Version 6 react like switch.