nmap，端口扫描，获取ssh服务器的ip地址

arp - a         // 同一个网段，如果用虚拟机桥接则不行
ifconfig -a     //old 
ip addr         //ip a ：iproute2 suite
sudo nmap -sS 192.168.1.*   //或者sudo nmap -sS -p 22 192.168.1.0/24; if you ip address is in 192.168.1.1-255. -sP 渗透内网之后判断当前网络哪些主机在线； -p 22 端口号，ssh默认端口为22 ; -sS为TCP SYN 扫描 (又称半开放,或隐身扫描)：
    e.g. :  sudo nmap -p 22 --open -sV 10.0.0.0/24
    nmap : the executable name
    -p 22 : specifies the port to test
    --open : suppress output for clients that are not listening
    -sV : display the version string reported by the scanned server
    -sP : Check which hosts are live and up in Network, with this option nmap skips port detection and other things, its fast.
    -sS : stealthy Scan
    -PS : TCP ACK (PA) and TCP Syn (PS);or just -PA
    10.0.0.0/24 : the target network, could have been 192.168.0.0/24
    (/24 specifies a subnet of 255.255.255.0, look up slash notation)

sudo nmap -sn 192.168.1.*       // Ping scan, diable port scan，快速找到主机。

sudo nmap -sS -p22 --open 192.168.1.*       //syntax: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans；-p 指定端口，--open显示打开的端口；快速找打开22端口的主机，ssh登陆用。