Nmap
First of all, we need to know what exist on the network nmap run a ping scan:
nmap -sn 10.0.0.0/24
The above command will test whether all machines in the 10.0.0.0/24 subnet are alive (10.0.0.0–10.0.0.255). You may need to change this for your network.
Once I have chosen a host, the first thing I always do is:
nmap -A -oA nmap $targetip
This will scan the 1024 most common ports, run OS detection, run default nmap scripts, and save the results in a number of formats in the current directory.
Scanning more deeply:
nmap -v -p- -sT $targetip
This will scan all 65535 ports on $targetip with a full connect scan. This scan will probably take a very long time. The -v stands for verbose, so that when a new port is discovered, it will print it out straight away instead of having to wait until the end of the scan, scanning this many ports over the internet takes a long time. I would often leave the scan running overnight.
More to come on the NMAP