Network Scanning with Nmap
1 Global Definition
Nmap (Network Mapper) is an open-source tool used to discover hosts, services, and vulnerabilities on a computer network. It is a fundamental utility in penetration testing, enabling professionals to map the attack surface and identify potential entry points.
1.1 Key Features
Host Discovery
Identify live systems on a network.
nmap -sn 192.168.1.0/24- Find active IP addresses
- Useful for reconnaissance
Port Scanning
Check which network ports are open or closed.
- TCP and UDP scans
- Detects exposed services
- Example:
nmap -p 1-1000 target.com
Service & Version Detection
Identify applications running on open ports.
nmap -sV target.com- Detects service version
- Helps find vulnerable software
Operating System Detection
Guess the OS of target systems.
nmap -O target.com- Fingerprinting based on responses
- Accuracy may vary
1.2 Scanning Techniques
- SYN Scan:
nmap -sS target.com - Connect Scan:
nmap -sT target.com - UDP Scan:
nmap -sU target.com - Idle Scan:
nmap -sI zombie_host target.com
1.3 Nmap Scripting Engine (NSE)
Nmap includes a scripting engine that automates vulnerability detection, exploitation, and network discovery tasks.
- Run scripts with
nmap --script vuln target.com - Categories: vuln, safe, exploit
- Extendable with custom Lua scripts
1.4 Security Considerations
- Scanning without permission is illegal
- Intrusive scans may trigger IDS or IPS
- Use stealth scans in controlled environments
- Always document findings responsibly
1.5 Why It Matters
Network scanning with Nmap is a core skill for penetration testers and defenders. It provides visibility into the structure of a network, identifies exposed services, and helps prioritize security fixes. Used responsibly, it strengthens overall cyber resilience.