(Extraído de Wikipedia)

Scan de puertos:

Para realizar un scan de puertos completo al host 10.0.0.13 se debe ejecutar:

< sudo nmap -sU -sS -sV -O 10.0.0.13

Devuelve los datos por puerto y si reconoce la firma del software la versión del mismo.  La opción menos -O se utiliza para que nmap intente reconocer la versión del sistema operativo.  Este procedimiento toma varios minutos.

> Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-11 23:16 ARST
> Interesting ports on ns2.sismonda.com.ar (10.0.0.13):
> Not shown: 3192 closed ports
> PORT     STATE         SERVICE VERSION
> 22/tcp   open          ssh     OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
> 53/tcp   open          domain
> 80/tcp   open          http    Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch)
> 111/tcp  open          rpcbind
> 2049/tcp open          rpcbind
> 53/udp   open          domain  ISC BIND (Fake version: 9.4.2-P2)
> 68/udp   open|filtered dhcpc
> 111/udp  open          rpcbind
> 123/udp  open          ntp?
> 735/udp  open|filtered unknown
> 2049/udp open          rpcbind
> 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
> SF-Port123-UDP:V=4.62%I=7%D=1/11%Time=496A9FCF%P=i686-pc-linux-gnu%r(NTPRe
> SF:quest,30,"d\x04\x04\xec\0\0Ej\0\0%\x81\n\0\0\x01\xcd\x15\x1dd\x7f\x81M\
> SF:xd7\xc5O#Kq\xb1R\xf3\xcd\x15\x1eJ\xe7\x11_\xa9\xcd\x15\x1eJ\xe7=\xea\xb
> SF:e");
> MAC Address: 00:0C:29:68:AC:94 (VMware)
> Device type: general purpose
> Running: Linux 2.6.X
> OS details: Linux 2.6.13 - 2.6.24
> Uptime: 0.080 days (since Sun Jan 11 21:47:52 2009)
> Network Distance: 1 hop
> Service Info: OS: Linux

> OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
> Nmap done: 1 IP address (1 host up) scanned in 1539.858 seconds 

Si se desea escanear toda la red 10.0.0.0 se debe ejecutar el comando nmap con los siguientes parámetros:

sudo nmap -sU -sS -sV -O 10.0.0.0/24

Verificar si el puerto 53 tcp esta abierto en el equipo 10.0.0.1

< sudo nmap -p 53 -P0 -vv 10.0.0.1

> Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-11 19:24 ARST
> Initiating Parallel DNS resolution of 1 host. at 19:24
> Completed Parallel DNS resolution of 1 host. at 19:24, 0.00s elapsed
> Initiating Connect Scan at 19:24
> Scanning cvs.sismonda.com.ar (10.0.0.1) [1 port]
> Discovered open port 53/tcp on 10.0.0.1
> Completed Connect Scan at 19:24, 0.00s elapsed (1 total ports)
> Host cvs.sismonda.com.ar (10.0.0.1) appears to be up ... good.
> Interesting ports on cvs.sismonda.com.ar (10.0.0.1):
> PORT   STATE SERVICE
> 53/tcp open  domain
> 
> Read data files from: /usr/share/nmap
> Nmap done: 1 IP address (1 host up) scanned in 0.093 seconds

Verificar si el puerto 53 tcp esta abierto en el equipo 10.0.0.1

< sudo nmap -p 53 -P0 -sU -vv 10.0.0.1
> Starting Nmap 4.62 ( http://nmap.org ) at 2009-01-11 19:26 ARST
> Initiating ARP Ping Scan at 19:26
> Scanning 10.0.0.13 [1 port]
> Completed ARP Ping Scan at 19:26, 0.01s elapsed (1 total hosts)
> Initiating Parallel DNS resolution of 1 host. at 19:26
> Completed Parallel DNS resolution of 1 host. at 19:26, 0.01s elapsed
> Initiating UDP Scan at 19:26
> Scanning ns2.sismonda.com.ar (10.0.0.13) [1 port]
> Completed UDP Scan at 19:26, 0.21s elapsed (1 total ports)
> Host ns2.sismonda.com.ar (10.0.0.13) appears to be up ... good.
> Interesting ports on ns2.sismonda.com.ar (10.0.0.13):
> PORT   STATE         SERVICE
> 53/udp open|filtered domain
> MAC Address: 00:0C:29:68:AC:94 (VMware)
> 
> Read data files from: /usr/share/nmap
> Nmap done: 1 IP address (1 host up) scanned in 0.671 seconds
>            Raw packets sent: 3 (98B) | Rcvd: 1 (42B)