In this section we need to think what we want to do and what is our target, we can scan for a single host or a subnet, use IPs or domains or even scan for especifique ports open using the random argument (-iR).
We have three options here pass the IP/Network by argument by file or random hosts, when there are a lot of subnetworks to scan using files can be more easy then writing tons of IPs on the command line, another option is excluding IPs from a range, so if we want to scan a network /20 we have 4096 IPs but some of them are from network addresses and broadcasting knowing this we can add all IPs to a file and then Nmap don’t scan them.
Let’s start checking the arguments lists for this section:
Scan a single IP
When scaning a single IP without parameters Nmap will make a Syn Scan and discover all open ports on the host.
Scan all network
When all network without parameters Nmap will make a Syn Scan and discover all open ports on the network.
Scan a range of IPs on the network
nmap 192.168.1.10 – 20
Sometimes we need to scan a few hosts inside a big network and avoid a few, nmap give us many options to avoid hosts being scanned one of them is use ranges values inside any IP octect (192.168.7-9.2-5).