Network scanning is a crucial task for system administrators and security professionals. It involves discovering active devices, open ports, and services running on a network. This information is essential for network management, troubleshooting, and security assessments. In the Linux environment, several tools and commands are available to perform network scanning efficiently. This article will guide you through some of the most popular methods and tools used for network scanning on Linux.

Examples:

1. Using Nmap: Nmap (Network Mapper) is one of the most powerful and versatile network scanning tools available. It can discover hosts, services, operating systems, and even vulnerabilities.

   • Basic Host Discovery:

     nmap -sn 192.168.1.0/24

     This command performs a simple ping scan to discover live hosts in the 192.168.1.0/24 subnet.

   • Port Scanning:

     nmap -p 1-65535 192.168.1.1

     This command scans all 65535 ports on the host with IP address 192.168.1.1.

   • Service Version Detection:

     nmap -sV 192.168.1.1

     This command detects the versions of the services running on the open ports of the host.

2. Using Netcat: Netcat is a versatile networking tool that can be used for network scanning, among other tasks.

   • Port Scanning:

     nc -zv 192.168.1.1 1-1000

     This command scans ports 1 to 1000 on the host with IP address 192.168.1.1.

3. Using ARP Scan: ARP Scan is a tool for discovering hosts in a local network by sending ARP requests.

   • Basic ARP Scan:

     sudo arp-scan --interface=eth0 --localnet

     This command scans the local network on the eth0 interface to discover live hosts.

4. Using Ping Sweep with Bash Script: A simple bash script can be used to perform a ping sweep to discover live hosts in a subnet.

   • Ping Sweep Script:

     #!/bin/bash
     for ip in $(seq 1 254); do
     ping -c 1 192.168.1.$ip | grep "64 bytes" &
     done
     wait

     This script pings each IP address in the 192.168.1.0/24 subnet and prints the ones that respond.