Utilities

nmap – Network exploration tool and security / port scanner

-T paranoid|sneaky|polite|normal|aggressive|insane	You can specify timing templates with the -T option and their number (0–5) or their name. The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5)
-A	Enable OS detection, version detection, script scanning, and traceroute
-sn (No port scan)	This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery probes.
-F (Fast (limited port) scan)	Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.

https://man7.org/linux/man-pages/man1/nmap.1.html

Tasks

Ping scan of a network

nmap -PE 192.168.99.82/24

nmap -PE 192.168.99.100-179

Zenmap profiles

Intense scan	nmap -T4 -A -v
Intense scan plus UDP	nmap -sS -sU -T4 -A -v
Intense scan, all TCP ports	nmap -p 1-65535 -T4 -A -v
Intense scan, no ping	nmap -T4 -A -v -Pn
Ping scan	nmap -sn
Quick scan	nmap -T4 -F
Quick scan plus	nmap -sV -T4 -O -F –version-light
Quick traceroute	nmap -sn –traceroute
Regular scan	nmap
Slow comprehensive scan	nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 –script “default or (discovery and safe)”