A Complete Guide to Nmap – Nmap Tutorial

Nmap is a network mapper that has emerged as one of the most popular, free...

A Complete Guide to Nmap – Nmap Tutorial

Nmap is a network mapper that has emerged as one of the most popular, free network discovery tools on the market. Nmap has become one of the most popular tools for network managers to utilize while mapping their networks. The application can be used to locate live hosts on a network, and perform port scanning, ping sweeps, OS detection, and version detection, among other things.

A number of recent hacks have ve got the importance of network auditing tools like Nmap. The current Capital One hack, for example, may have been noticed sooner if system administrators had been monitoring connected devices, according to analysts. We’ll look at what Nmap is, what it can do, and how to use the most frequent commands in this article.

In this article, I am going to show you how to use Nmap with a full tutorial. Many new users install Nmap, but they have little knowledge about how to utilize it. Before we begin, we must first understand what Nmap is and what it is used for. So, without further ado, let’s get this party started.

What is Nmap?

Network Mapper is short for Network Mapper. Nmap is a network exploration and security tool that is open-source. It was built to scan vast networks quickly, but it also works well with single targets.
Nmap analyzes raw IP packets in novel ways to figure out which hosts are on the network, what services they offer (application name and version), what operating systems (and OS versions) they use, what types of packet filters/firewalls they employ, and a slew of other details.
Nmap is available For Windows, Linux, Mac OS X, Free BSD, Sun Solaris, Amiga, HP-UX, and Other Platforms.

What is Nmap used for?

There are a number of reasons why security pros prefer Nmap over other scanning tools.

To begin, Nmap allows you to easily map out a network using simple commands and configurations. Simple commands (such as checking if a host is up) and complicated scripting are also supported by the Nmap scripting engine.

Other features of Nmap include:

  • Ability to quickly recognize all devices on single or numerous networks, including servers, routers, switches, mobile devices, and so on.
  • Web servers, DNS servers, and other common applications are among the services that can be identified on a system. Nmap can also detect application versions with reasonable accuracy, which can aid in the detection of existing flaws.
  • Nmap can look up information about a device’s operating system. It can provide detailed information such as operating system versions, making it easy to develop future penetration testing methods.
  • During security auditing and vulnerability scanning, you can use Nmap to attack systems using existing scripts from the Nmap Scripting Engine.
  • Nmap has a graphical user interface called Zenmap. It helps you develop visual mappings of a network for better usability and reporting.

Recommended Guides

How To Install Nmap

The process for installing Nmap is easy but varies according to your operating system. The Windows, Mac, and Linux versions of the program can be downloaded here.

  • For Windows, Nmap comes with a custom installer (nampsetup.exe). Download and run this installer, and it automatically configures Nmap on your system.
  • On Mac, Nmap also comes with a dedicated installer. Run the Nmap-mpkg file to start this installer. On some recent versions of macOS, you might see a warning that Nmap is an “unidentified developer”, but you can ignore this warning.
  • Linux users can either compile Nmap from the source or use their chosen package manager. To use apt, for instance, you can run Nmap –version to check if Nmap is installed, and sudo apt-get install Nmap to install it.

Uses of Nmap

Nmap is a Network Mapper, as I mentioned at the beginning of this tutorial, that allows us to scan a network/host and discover open ports, close ports, check if a host is up or not, and lastly determine what operating system the host is running. We’ve tried to cover a lot in this Nmap tutorial, so it’ll be a little longer.

Before we start using Nmap, you must have basic knowledge of Networking,

Port Scanning: Before we do Port Scanning, you must be clear about what is a port,

a port is basically a way to connect to a computer, there are over 65353 ports that can be opened, closed, and filtered

if a port is open that means the computer is listening for a connection.
if a port is closed that means the computer is no longer looking for a connection in that port.

if the port is filtered then it is likely to be open or close and you should know that the system administrator hiding some sort of information.

Different Ports are used for different connections,
such as the common HTTP port is 8080, and FTP port is 21 and so on, a port can be easily identified as it comes after a colon eg:, where 8080 is the port.

TCP and UDP protocols

these are the most commonly used protocols over a network. However these are used for listening for a connection, they play different roles

TCP Protocol
It is a Connection-oriented protocol, in simple words it is used for connections that need things to be ordered specifically, for example, loading a web page.

UDP Protocol
UDP Protocols are Connectionless protocol that doesn’t assure the delivery of packets at the end, the most commonly used for Live Video Transforming.

Here is a quick overview of various types of Protocols

Various TCP/IP protocols

Application layer: FTP, HTTP, SNMP, BOOTP, DHCP
Transport layer: TCP, UDP, ICMP, IGMP

Network layer: ARP, IP, RARP
Datalink layer: SLIP, PPPNow Let’s use some Nmap commands for Port Scanning.

Nmap Command

The following section explains the usage of category-wise NMAP diverse commands with examples as follows –

Basic Scanning Commands

Discovery Options

Advanced Scanning Options

Port Scanning Options

Version Detection

Firewall Evasion Techniques

Troubleshooting And Debugging

NMAP Scripting Engine

Nmap Tutorial and Examples

Once you’ve installed Nmap, the best way of learning how to use it is to perform some basic network scans.

How To Run a Ping Scan

One of the most basic functions of Nmap is to identify active hosts on your network. Nmap does this by using a ping scan. This identifies all of the IP addresses that are currently online without sending any packets to these hosts.

To run a ping scan, run the following command:

# nmap -sp

This command then returns a list of hosts on your network and the total number of assigned IP addresses. If you spot any hosts or IP addresses on this list that you cannot account for, you can then run further commands (see below) to investigate them further.

How To Run A Host Scan

A more powerful way to scan your networks is to use Nmap to perform a host scan. Unlike a ping scan, a host scan actively sends ARP request packets to all the hosts connected to your network. Each host then responds to this packet with another ARP packet containing its status and MAC address.

To run a host scan, use the following command:

# nmap -sp 

This returns information on every host, their latency, their MAC address, and also any description associated with this address. This can be a powerful way of spotting suspicious hosts connected to your network.

If you see anything unusual in this list, you can then run a DNS query on a specific host, by using:

# namp -sL 

This returns a list of names associated with the scanned IP. This description provides information on what the IP is actually for.

How To Use Nmap in Kali Linux

Using Nmap in Kali Linux can be done in an identical way to running the program on any other flavor of Linux.

However, there are several advantages to utilizing Kali for Nmap scans. The Nmap suite, which includes a sophisticated GUI and results viewer (Zenmap), a powerful data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet creation and response analysis tool (Kali), is now included in most modern Kali distros (Nping).

Nmap FAQ

The commands above cover most of the basic functionality of Nmap. You might still have some questions though, so let’s run through the most common ones.

Q.1 How do I run a Nmap Scan?

Please read the above article. We have mentioned Most of the Nmap commands, and how to use those Commands to run different types of scans.

Q.2 Why is port scanning dangerous?

An attacker can use a port scan to locate open ports. When an attacker discovers an open port with a listening service running, he or she can scan it for vulnerabilities.
What is the difference between Nmap and Wireshark?

Q.3 What is the difference between Nmap and Wireshark?

Nmap lets you scan Host/IP for open ports and learn about the host’s services and operating system. Wireshark is a network packet capture and analysis tool.

Q.4 What Are Some Nmap Alternatives?

Although there are numerous alternatives to Nmap, most of them are focused on delivering particular, specialist features that the common system administrator does not require on a regular basis. For example, MASSCAN is considerably faster than Nmap but gives less information. Umit, on the other hand, allows you to run many scans at the same time.

In reality, however, Nmap provides all the functionality and speed that the average user requires, especially when used alongside other similarly popular tools like NetCat (which can be used to manage and control network traffic) and ZenMap (which provides a GUI for Nmap)

Q.5 How Does Nmap Work?

Nmap is a network traffic scanning tool that improves on earlier network auditing tools to perform speedy and thorough scans of network traffic. It operates by identifying active hosts and IPs on a network using IP packets, then analyzing these packets to offer information on each host and IP, as well as the operating systems they are running.

Q.6 Is Nmap Legal?

Yes. If used properly, Nmap helps protect your network from hackers, because it allows you to quickly spot any security vulnerabilities in your systems.

Another question is whether port scanning on remote servers is legal. This field of law is complicated and varies by territory. If you use Nmap to scan external ports, your ISP may ban you, so make sure you understand the legal ramifications of doing so before you start using it more broadly.