Initial scanning

nmap -sC -sV -sS target

-sS → find open ports fast -sV → identify real services -sC → get useful info immediately

-sS finds which TCP ports are open/closed/filtered using SYN packets -sV connects to open ports and identifies the actual service + version (via probes/banners) -sC runs default scripts against discovered services to extract useful info

---

sudo nmap 10.129.2.0/24 -sn -oA tnet | grep for | cut -d" " -f5

10.129.2.4 10.129.2.10 10.129.2.11 ...

host discovery, list of live IPs only

find live IPs and deep scan only those