Useful nmap testing commands

Nothing new here .  Just wanted to share some commands I are useful when performing network or direct systems testing using the nmap tool. The commands below will all display scan results in console while also saving to file.


Discover live hosts: 

nmap -n -sn -PE -oA live_hosts

Discover open TCP ports:

nmap -sS -vv -p- -oA tcp_ports_65535
nmap -sS -vv -p- -Pn –reason –open -oA tcp_ports_65535
nmap -sS -vv -p- -Pn –reason –max-rate 1 –open -oA tcp_ports_65535


Discover open UDP ports:

nmap -sU -vv -p- -oA udp_ports_65535


Discover services running on open UDP ports:

nmap -sU -sV -vv -A -O -p[port1],[port2] -oA open_udp_ports

Scan for most common 1000 TCP ports:

nmap -sS -sV -vv -A -O –top-ports 1000 –reason –open -oA tcp_ports_1000

Scan for most common 1000 UDP ports:

nmap -sU -sV -vv -A -O –top-ports 1000 –reason –open -oA udp_ports_1000


Tech Short: Debug VPN in Checkpoint R77.30

The following tech short will provide a list of commands used to enable debugging in Checkpoint’s R77.30 Firewall. To start you must  SSH into firewall host (or active member).

To turn on VPN debug from the expert mode:

# vpn debug trunc

At this point you want to test your VPN connection and verify that IKE Phases. This can be done with the following commands:

# vpn tu (option 1 and 2), you may need to reset tunnel to test. This is done by using (option 7)

To tune off the VPN debug the following commands should be issued:

# vpn debug off

# vpn debug ike off


When completed retrieve the logs vpnd.elg and ike.elg – located under $FWDIR/log

Checkpoint has an IKEView tool which is located on their site, and used to review the logs, else using a tool such as Notepad++ for analysis is helpful.

Tech Short: PowerShell: Networking Diagnostics

Listen ‘tracert’ its not you, its me…  I am not ending my long term relationship with the diagnostic tools which I have used for many years now.  I am just exploring others, and in doing so going on a “break”.

I recently starting using PowerShell more often and wondered is there a tool which can do what ‘tracert‘ does and maybe more.

This is where the PowerShell command  Test-NetConnection comes into the picture.

It does many of the functions of tracert which an out-put which at this point I favor far more.

Here are some examples:

Here is an example of using Test-NetConnection to test connectivity to

ComputerName :
RemoteAddress :
InterfaceAlias : Wi-Fi
SourceAddress :
PingSucceeded : True
PingReplyDetails (RTT) : 80 ms


Same test as above using the –TraceRoute flag return the list of hosts on the path to the specified target

ComputerName :
RemoteAddress :
InterfaceAlias : Wi-Fi
SourceAddress :
PingSucceeded : True
PingReplyDetails (RTT) : 82 ms
TraceRoute :

As you can see form the examples its a very useful tool in PowerShell, also giving you information about which network interface you are testing from.

What I have also found out is there is an alias for  Test-NetConnection. To use this all you need to do is simply type ‘tnr‘ following by the command syntax.

For more info on using Test-NetConnection type: Help Test-NetConnection in the PowerShell command prompt – Results may looking similar to what I have shown below:




 I hope you enjoyed this techshort, thanks for visiting – jermal


Retrieve MX records using nslookup

One of my new kids on the block asked me a question tonight; “Jermal, how do I get the mx record of a domain?”

To retrieve mx record information we need to use a tool called nslookup which is available in Windows and Linux

The quick syntax use is


Example of its usage

And what it looks like in




What’s Going on with TrueCrypt

As Bruce Schneier wrote “TrueCrypt WTF”

I am curious about the status of TrueCrypt one of my favorite tools. There seems to be many summaries about this story .

You can find them:

Here on Slashdot

Here on Hacker News

Here on Reddit

I am waiting for more details, lets see what plays out.