# Network Scanning > **Skill Level**: Beginner to Intermediate\ > **Prerequisites**: Basic networking, TCP/IP ## IP resolution ```bash # https://github.com/Josue87/resolveDomains resolveDomains -d subdomains.txt # Expected output: # subdomain1.target.com -> 192.168.1.10 # subdomain2.target.com -> 192.168.1.11 ``` ## Netdiscover ```bash netdiscover -i eth0 netdiscover -r 10.11.1.1/24 # Expected output: # _____________________________________________________________________________ # IP At MAC Address Count Len MAC Vendor / Hostname # ----------------------------------------------------------------------------- # 10.11.1.1 00:50:56:aa:bb:cc 1 60 VMware, Inc. # 10.11.1.5 00:0c:29:dd:ee:ff 1 60 VMware, Inc. ``` ## Nmap ```bash # Host discovery (ping sweep) nmap -sn 10.11.1.1/24 nmap -sn 10.11.1.1-253 nmap -sn 10.11.1.* # Expected output: # Nmap scan report for 10.11.1.5 # Host is up (0.00052s latency). # Nmap scan report for 10.11.1.10 # Host is up (0.00031s latency). # Nmap done: 256 IP addresses (15 hosts up) scanned in 2.43 seconds ``` ## NetBios ```bash nbtscan -r 10.11.1.1/24 # Expected output: # IP address NetBIOS Name Server User MAC address # ------------------------------------------------------------------------------ # 10.11.1.5 WORKSTATION1 00:0c:29:aa:bb:cc # 10.11.1.10 DC01 00:0c:29:dd:ee:ff ``` ## Ping Sweep - Bash ```bash for i in {1..254} ;do (ping -c 1 172.21.10.$i | grep "bytes from" &) ;done # Expected output: # 64 bytes from 172.21.10.1: icmp_seq=1 ttl=64 time=0.5 ms # 64 bytes from 172.21.10.5: icmp_seq=1 ttl=64 time=1.2 ms ``` ## Ping Sweep - Windows ```bash for /L %i in (1,1,255) do @ping -n 1 -w 200 172.21.10.%i > nul && echo 192.168.1.%i is up. # Expected output: # 192.168.1.1 is up. # 192.168.1.5 is up. ```