Network Scanning Cyber Security: Nmap

Network Scanning Cyber Security: Nmap

The Swiss Army Knife of Network Auditing

Nmap (Network Mapper) is an open-source tool used for network discovery and vulnerability scanning. It sends specially crafted packets to a target host and analyzes the responses to understand what is happening on that network.
Security professionals and ethical hackers use Nmap to discover active devices, identify open ports, and map out network topology.

How Nmap Works

At its core, Nmap operates by probing a target and listening for replies. It uses the responses to determine:

  • Host Detection: Is the machine alive or dead?
  • Port Scanning: Which ports are open, closed, or filtered by a firewall?
  • Service/Version Detection: What application is listening on that port (e.g., Apache 2.4.41)?
  • OS Detection: What operating system is the target running?

Essential Nmap Scans & Commands

Here are the most common scanning techniques used in the field:

Scan TypeCommandDescriptionPros/Cons
Ping Scannmap -snDiscovers live hosts without scanning ports.Fast, but misses hidden hosts behind firewalls.
SYN Scan (Stealth)nmap -sSDefault scan. Half-opens a TCP connection (never completes the 3-way handshake).Fast and relatively quiet, but requires root privileges.
TCP Connect Scannmap -sTCompletes the 3-way handshake. Used when root access isn’t available.Easily logged by firewalls and target systems.
UDP Scannmap -sUScans for UDP services (like DNS, DHCP, SNMP).Crucial for full audits, but notoriously slow.
Service & OS Detectionnmap -sV -OGrabs banners to identify the exact service version and OS.Highly informative, but highly intrusive.
Aggressive Scannmap -ACombines OS detection, service versioning, script scanning, and traceroute.Loud and aggressive, but gives you a complete picture quickly.

Understanding Port States

When Nmap finishes a scan, it will label ports with one of these key states:

  • Open: An application is actively accepting connections on this port. This is a potential entry point for an attacker.
  • Closed: The port is accessible, but no application is listening on it.
  • Filtered: Nmap cannot determine if the port is open or closed because a firewall or network filter is blocking the probes.

The Nmap Scripting Engine (NSE)

Nmap isn’t just for finding ports—it can also exploit them. The Nmap Scripting Engine (NSE) allows users to write and share scripts to automate network tasks.
NSE scripts are categorized into groups like:

  • safe: Won’t crash the target.
  • discovery: Retrieves more deep network info.
  • vuln: Checks for specific known vulnerabilities.
  • exploit: Attempts to actively exploit a vulnerability.

Example: Running nmap –script vulnwill automatically check the target against a database of known vulnerabilities.

What specific aspect of Nmap are you looking to explore further—are you trying to secure a personal network, preparing for a certification, or troubleshooting a specific command?

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *