What is Nmap : How we use it basic to advanced ( part 1)

How do I run a Nmap scan

Network scanning is the backbone of ethical hacking and cybersecurity. Whether you’re defending a corporate network or learning penetration testing, Nmap (Network Mapper) is the Swiss Army knife you need in your toolkit. This guide will walk you through Nmap’s most powerful commands, how to use them, and how to protect your own network from malicious scans.

Disclaimer: This guide is for educational purposes only. Unauthorized scanning is illegal. Always obtain explicit permission before scanning any network.

What is Nmap?

Nmap is a free, open-source tool for network discovery and security auditing. It helps you:

• Discover devices on a network.
• Identify open ports and services.
• Detect operating systems and software versions.
• Find vulnerabilities and misconfigurations.

Used by cybersecurity professionals, system admins, and ethical hackers, Nmap is both a defensive and offensive tool—depending on who’s using it.

Basic Nmap Commands

We can start with some fundamental commands every one should know:

1. How we Scan a Single IP Address

nmap 192.168.1.1

What It will do: Scans the target IP for open ports and services.
its Output: Lists open ports (e.g., 80/tcp open http).

2. To Scan a Range of IP

nmap 192.168.1.1-100  

What it will do: Scans IP addresses from 192.168.1.1 to 192.168.1.100.

3. Scan a Subnet

nmap 192.168.1.0/24

What it does: Scans all 254 IPs in the 192.168.1.0 subnet.

4. Scan Specific Ports

nmap -p 80,443,22 192.168.1.1

What it will do: Scans only ports 80 (HTTP), 443 (HTTPS), and 22 (SSH).

5. This command will scan ip fast

nmap -F 192.168.1.1

What it will do: Scans the 100 most common ports quickly.

now we will discuss some more important commnads

1. Detect OS and Services

nmap -A 192.168.1.1

What it will do: Aggressive scan. Detects OS (-O), service versions (-sV), and runs scripts (--script).

2. Service Version Detection

nmap -sV 192.168.1.1

What it does: Identifies software versions running on open ports (e.g., Apache 2.4.29).

3. Stealth Scan (SYN Scan)

nmap -sS 192.168.1.1

What it does: Sends SYN packets to check for open ports without completing the TCP handshake. Less likely to be logged.

4. UDP Scan

nmap -sU 192.168.1.1

What it does: Scans UDP ports (e.g., DNS, DHCP). Slower than TCP scans.

5. Save Results to a File

nmap -oN scan_results.txt 192.168.1.1

What it does: Saves the scan output to scan_results.txt.

Other formats:
-oX: XML format (for tools like Metasploit).
-oG: Grepable format (for parsing with scripts).

Some Advanced Nmap Commands

This mainly For penetration testers and advanced users.

1. How we scan vulnerability with NSE Scripts

Nmap Scripting Engine also called NSE allows you to run pre-built or custom scripts.

nmap --script vuln 192.168.1.1

What it does: Runs vulnerability detection scripts (e.g., checks for Heartbleed, SMB vulnerabilities).

Some Popular Script Categories Try to use all this:

vuln: Detect vulnerabilities.
http-enum: Enumerate web directories.
dns-brute: Brute-force DNS subdomains.

2. Brute-Force Attacks

Use Nmap to test weak passwords on services like SSH, FTP, or HTTP.

nmap --script ssh-brute --script-args userdb=users.txt,passdb=passwords.txt 192.168.1.1  

What it does: Tries username/password combinations from users.txt and passwords.txt to brute-force SSH.

3. Evade Firewalls with Fragmented Packets

nmap -f 192.168.1.1

What it does: Splits packets into smaller fragments to bypass firewall detection.

4. Decoy Scan (Spoof IP Addresses) basically it hides your ip

nmap -D RND:5 192.168.1.1

What it does: Hides your IP by generating 5 random decoy IPs in the scan.

5. Timing and Performance

Control scan speed to avoid detection:

nmap -T0 192.168.1.1 # Paranoid (slowest)
nmap -T4 192.168.1.1 # Aggressive (fastest)  

Use Case: Use -T0 for stealth, -T4 for quick internal scans.

Real-World Use Cases

1. Penetration Testing

if : Suppose you are hired to test a company’s network security.

do this:

Use nmap -A to map the network.
Run nmap --script vuln to find vulnerabilities.
Exploit weaknesses (ethically!) and report findings.

2. Network Inventory

if : A company wants a list of all devices on its network.

nmap -sn 192.168.1.0/24

What it does: Ping scan to list live hosts without port scanning.

3. Troubleshooting Connectivity

what you do when a web server isn’t responding.?
do this:

nmap -p 80,443 192.168.1.1

its outcome: Check if ports 80/443 are open or blocked.

How you can protect Your Network from Nmap Scans (I will do a single blog for this topic only)

1) Firewalls: Block unnecessary ports.

2) Port Security: Close unused ports (e.g., Telnet on port 23).

3) Intrusion Detection Systems (IDS): Tools like Snort or Suricata can detect and block Nmap                                                                   scans.

4) Rate Limiting: Limit the number of packets a single IP can send.

Ethical Hacking Best Practices

• Permission: Always get written consent before scanning.
• Lab Environment: Use virtual machines (e.g., Kali Linux and Metasploitable).
• Disclosure: Report vulnerabilities responsibly.

Frequently Asked Questions (FAQs)

1. How is Nmap Used?

Nmap is Mainly used for:

• Network Discovery: Find devices connected to a network as we discussed it above.
• Port Scanning: Identify open ports and services (e.g., HTTP on port 80).
• OS Detection: Guess the operating system of a target device.
• scanning something is vulnerable or not : Detect outdated software or misconfigurations.

for example: Ethical hackers use Nmap to map networks during penetration testing.

2. How Do I Start Nmap?

Step-by-Step:

Install Nmap:

if you using Kali Linux: the its preinstalled. Just open the terminal.
if you using windows or Mac then : Download from nmap.org.

Open Terminal/Command Prompt:

Type nmap to see the help menu.

Run Your First Scan:

nmap 192.168.1.1

3. How Do I Scan an IP with Nmap?

Basic IP Scan:

nmap [IP Address]  

Example:

nmap 192.168.1.1

Output:
Lists open ports (e.g., 80/tcp open http).
and u can read our blog above for more idea

My Pro Tip: Always get permission before scanning external networks!

4. Is Nmap Illegal?

Legal: If you scan networks you own or have explicit permission to test.
Illegal: Unauthorized scanning of networks you don’t own.
Ethical Hackers: Use virtual labs (e.g., Kali Linux + Metasploitable).

5. Can Nmap Bypass Firewalls?

Yes! Use these tricks:

Stealth Scan: nmap -sS 192.168.1.1 (SYN scan, harder to detect).
Fragmented Packets: nmap -f 192.168.1.1 (splits packets to evade detection).

6. How to Scan UDP Ports with Nmap?

nmap -sU 192.168.1.1

Use Case: Check DNS (port 53) or DHCP (port 67).

7. How to Save Nmap Scan Results?

Save scans in different formats:

Normal: nmap -oN scan.txt 192.168.1.1
XML: nmap -oX scan.xml 192.168.1.1 (for tools like Metasploit).

8. What Are Nmap Scripts?

Nmap Scripting Engine (NSE) automates tasks like vulnerability detection:
nmap --script vuln 192.168.1.1
Popular Scripts: http-enum, ssh-brute, dns-brute.