So I was asked at work the other day if I could help find a missing server. I know that sounds odd but it was running some software that nobody had ever needed to use but was considered essential. They did not know the IP address or the user name or password used to gain access.
I had come across nmap in the past and never really understood how useful it could be. And then as part of my studies I learned of its amazing range of facilities. So after 5 minutes of research(dabbling). I found an invocation that would show me every single open port on every single device on the network. After filtering that down a little I had some potential devices we could try.
I am not sharing the nmap invocation because that would give away what I was looking for and possibly why.
Obviously that does not get you the access you need but perhaps that is the subject of another blog post.