Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover Host and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides features for probing computer networks such as host discovery, service and operating system detection, and other in-depth system information. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other information. Nmap is also capable of adapting to network conditions including latency and network congestion during a scan.

In this tutorial, we are going to explore how to use Nmap to scan a network. To start off, here’s a brief overview of what Nmap is mainly used for. Among other things, Nmap will scan our target network and:

Display a list of connected clients

List open ports and available services

Gather information about client systems

Now let’s get started with stripping the network 🙂

Below you will find several different uses and scan parameters of Nmap. First, make sure you are connected to the network that you want to scan. Having done that, you may now proceed with the different scans.

Simple Scan

This method is used to scan the entire network and list all of the connected clients.

  1. Open a terminal

  2. Type “nmap -sS [host ip address]/24”

Replace [host ip address] with your router’s IP address Example: “nmap -sS 192.168.0.1/24”

Client Scan

This method is used to scan a specific client.

  1. Open a terminal

  2. Type “nmap -sS

Replace

with the ip address of the client Example: “nmap -sS 192.168.0.5”

OS Scan

This method is used to list a client’s operating system information in the scan results.

  1. Open a terminal

  2. Type “nmap -sS

-O”

Replace

with the ip address of the client Example: “nmap -sS 192.168.0.5 -O”

System Scan

This method is used to list information associated with a client’s system.

  1. Open a terminal

  2. Type “nmap -sS

-A”

Replace

with the ip address of the client Example: “nmap -sS 192.168.0.5 -A”

Service Scan This method is used to display a list detailed information about services running on a client’s system.

  1. Open a terminal

  2. Type “nmap -sS

-sV”

Replace

with the ip address of the client Example: “nmap -sS 192.168.0.5 -sV”

Port Scan

This method is used to check the status of a specific port

  1. Open a terminal

  2. Type “nmap -sS

-p [port]”

Replace

with the ip address of the client Replace [port] with the port number you want to check

Example: “nmap -sS 192.168.0.5 -p 22”

Port Range Scan

This method is used to check the status of a specific port range.

  1. Open a terminal

  2. Type “nmap -sS

-p [port range] Replace

with the ip address of the client Replace [port range] with the port range you want to check

Example: “nmap -sS 192.168.0.5 -p 22-80”

Now that you know a thing or two about Nmap, I recommend combining the different scan parameters to generate consolidated scan results. This will improve the efficiency of your scans and help you generate detailed, more complete scan reports. As always, PenTesting is about doing and not just reading, so experiment with various parameters, try as many as you can and be sure to checkout the inbuilt help menu of Nmap for even more options.

As an example, you could scan the entire network for detailed information about clients, systems, services, and ports by using the following command: “nmap -sS [host ip address]/24 -O -A -sV”



Want to be a real hacker? Sign Up!



go to top