How Nmap Works?
Table of Contents
What is Nmap?
Use Cases of Nmap
How Does Nmap Work?
Nmap Commands List
What is Nmap?
Nmap (Network Mapper) is a powerful and widely used open-source network scanning tool used for network exploration, security auditing, and vulnerability assessment. Nmap’s capabilities encompass host discovery, revealing the presence of devices, unveiling open ports, discerning operating systems, and scrutinizing the network services running on these systems. It offers a range of scanning techniques, such as TCP SYN scan, TCP connect scan, UDP scan, and others. It provides detailed information about network devices, including their IP addresses, MAC addresses, and other relevant data. Network administrators, security experts, and ethical hackers all rely on Nmap for meticulous network mapping and security.
Use Cases of Nmap
Nmap has several use cases in network security and administration. Some of the common use cases of Nmap include:
- Network inventory and mapping
- Security auditing and monitoring
- Network troubleshooting and diagnostics
- Firewall and network configuration verification
- Port scanning to identify open ports and services
- Vulnerability assessment and penetration testing
- Operating system detection to determine the target’s OS
- Investigating network anomalies and suspicious activities
- Service version detection to identify software and its versions
How Does Nmap Work?
Here is an overview of how Nmap works:
1. Host Discovery: Nmap begins by determining which hosts are active on the network by sending ICMP echo requests (ping) or scanning specific ports.
2. DNS Lookups: Once Nmap has identified active hosts, it can optionally perform reverse DNS lookups to map IP addresses to domain names. It can provide more meaningful and human-readable information in the scan results.
3. Port Scanning: After that, Nmap performs port scanning to determine which ports on the target hosts are open, closed, or filtered.
4. Service and Version Detection: After identifying open ports, Nmap tries to determine the type of services or applications running on those ports. It probes open ports to gather information about the versions of services running on those ports.
5. OS Detection: Nmap can also perform operating system detection. It sends specific packets and analyzes the responses to determine the OS of the target host.
6. Scripting and Vulnerability Scanning: Nmap supports scripting using the Nmap Scripting Engine (NSE), allowing for advanced scanning and vulnerability detection.
7. Reporting: Finally, Nmap provides detailed reports on discovered hosts, open ports, operating systems, identified services, and potential vulnerabilities.
Nmap Commands List
“nmap targetIP” is the most basic Nmap command that performs a basic scan on the target IP address, probing the most common ports to determine their open, closed, or filtered status. Some of the most important and commonly used Nmap commands are listed below:
| Flag | Use | Commands |
| -sn | Perform a simple ping scan to discover active hosts on the network. | nmap -sn <targetIP> |
| -R or –dns-servers | Perform reverse DNS lookups on the discovered IP addresses. | nmap –R <targetIP> |
| -p | Scan a specific port on the target host. | nmap -p <port> <targetIP> |
| -p- | Scan all ports on the target host. | nmap -p- <targetIP> |
| -F | Scan the most common 100 ports on the target host. | nmap -F <targetIP> |
| -sV | Detects services and their versions on open ports. | nmap -sV <targetIP> |
| -O | Attempt to detect the operating system of the target host. | nmap -O <targetIP> |
| –script vuln | Scan for known vulnerabilities using NSE scripts. |
nmap –script vuln <targetIP> |
| -sC | Use default NSE scripts to scan for common vulnerabilities and gather additional information. | nmap -sC <targetIP> |
| -A | Enable aggressive scanning, which includes OS detection, version detection, script scanning, and traceroute. | nmap -A <targetIP> |
| -oN | Save the scan results in normal format to a specified output file. | nmap -oN <output.txt> <targetIP> |
| -oX | Save the scan results in XML format to a specified output file. | nmap -oX <output.xml> <targetIP> |
| -sS | Perform a TCP SYN stealth scan to avoid detection. | nmap -sS <targetIP> |
How Can InfosecTrain Help?
Enroll in InfosecTrain‘s Certified Ethical Hacker (CEH) certification training program that covers Nmap comprehensively. Our experienced instructors with expertise in Nmap will provide valuable insights, best practices, hands-on practice, and real-world examples to enhance your learning experience. We offer a step-by-step approach, covering the fundamentals and advanced techniques to help you understand Nmap tools comprehensively.
TRAINING CALENDAR of Upcoming Batches For CEH v12
| Start Date | End Date | Start - End Time | Batch Type | Training Mode | Batch Status | |
|---|---|---|---|---|---|---|
| 05-May-2024 | 22-Jun-2024 | 19:00 - 23:00 IST | Weekend | Online | [ Open ] | |
| 02-Jun-2024 | 13-Jul-2024 | 09:00 - 13:00 IST | Weekend | Online | [ Open ] |
Ruchi Bisht
Contact Us
1800-843-7890 (India) 
