nmap V. 1.51 usage: ./nmap [options] [hostname[/mask] . . .]
options (none are required, most can be combined):
   -t tcp connect() port scan
   -s tcp SYN stealth port scan (must be root)
   -U Uriel Maimon (P49-15) style FIN stealth scan.
   -P ping "scan". Find which hosts on specified network(s) are up.
   -b <ftp_relay_host> ftp "bounce attack" port scan
   -u UDP port scan, will use MUCH better version if you are root
   -l Do the lamer UDP scan even if root.  Less accurate.
   -f use tiny fragmented packets for SYN or FIN scan.
   -D Don't ping hosts (needed to scan www.microsoft.com and others)
   -i Get identd (rfc 1413) info on listening TCP processes.
   -p <range> ports: ex: '-p 23' will only try port 23 of the host(s)
                  '-p 20-30,63000-' scans 20-30 and 63000-65535 default: 1-1024
   -F fast scan. Only scans ports in /etc/services, a la strobe(1).
   -n Don't DNS resolve anything unless we have to (makes ping scans faster)
   -L <num> Number of pings to perform in parallel.  Your default is: 52
   -o <logfile> Output scan logs to <logfile>.
   -R Try to resolve all hosts, even down ones (can take a lot of time)
   -r do NOT randomize target port scanning order.
   -S If you want to specify the source address of SYN or FYN scan.
   -T <seconds> Set the ping and tcp connect() timeout.
   -v Verbose.  Its use is recommended.  Use twice for greater effect.
   -h help, print this junk.  Also see http://www.dhp.com/~fyodor/nmap/
   -V Print version number and exit.
   -w <n> delay.  n microsecond delay. Not recommended unless needed.
   -M <n> maximum number of parallel sockets.  Larger isn't always better.
   -q quash argv to something benign, currently set to "pine". (deprecated)
Hostnames specified as internet hostname or IP address.  Optional '/mask' specifies subnet. cert.org/24 or 192.88.209.5/24 or 192.88.209.0-255 scan CERT's Class C.
