AI Block Lab - Cyber Security
Cyber Security
Nmap Port Scanning Guide
Nmap (Network Mapper) is one of the most powerful and widely used tools for network discovery
and security auditing. It allows administrators, security professionals, and developers to scan
networks, detect open ports, identify running services, and discover potential vulnerabilities.
What is Port Scanning?
Port scanning is the process of probing a server or host to identify open ports and services
available on that system. Each open port may represent a service such as HTTP (80), HTTPS (443),
SSH (22), or FTP (21).
Installing Nmap
On Debian/Ubuntu systems, you can install Nmap using:
sudo apt update
sudo apt install nmap
Basic Port Scan
To scan a single host for open ports:
nmap 192.168.1.1
This command scans the most common 1000 TCP ports on the target.
Host Discovery Only (-sn)
The -sn option tells Nmap to perform host discovery only, without scanning ports. This is often referred to as a "ping scan".
nmap -sn 192.168.1.0/24
This command checks which hosts are online in the specified network range and skips port scanning entirely.
Nmap uses various techniques for host discovery, including ICMP echo requests (ping), TCP SYN probes, and ARP requests (on local networks).
When to Use -sn
- To quickly identify active hosts in a network
- Before performing a full port scan
- To reduce scan time and network load
- When you only need a list of live systems
Scan Specific Ports
You can scan specific ports using the -p option:
nmap -p 22,80,443 192.168.1.1
Scan a Range of Ports
nmap -p 1-65535 192.168.1.1
This scans all available TCP ports.
Scan Multiple Hosts
nmap 192.168.1.1 192.168.1.2
nmap 192.168.1.0/24
Service and Version Detection
To detect running services and their versions:
nmap -sV 192.168.1.1
OS Detection
nmap -O 192.168.1.1
Stealth Scan (SYN Scan)
sudo nmap -sS 192.168.1.1
This is a stealthier scan that does not complete full TCP connections.
TCP Connect Scan (-sT)
The -sT option performs a full TCP connect scan. Unlike the SYN scan (-sS),
this method completes the entire TCP three-way handshake (SYN → SYN/ACK → ACK) with the target host.
nmap -sT 192.168.1.1
This scan type is useful when you do not have root privileges, as it relies on the operating system's
networking functions rather than raw packet crafting.
However, because it completes full connections, it is more easily detected and logged by firewalls
and intrusion detection systems compared to stealth scans.
When to Use -sT
- When running Nmap without root or sudo privileges
- When SYN scan (-sS) is not permitted or blocked
- For reliable results in restricted environments
UDP Scan
sudo nmap -sU 192.168.1.1
Aggressive Scan
nmap -A 192.168.1.1
Enables OS detection, version detection, script scanning, and traceroute.
Saving Results
nmap -oN output.txt 192.168.1.1
Conclusion
Nmap is an essential tool for anyone working with networks or cybersecurity.
By mastering its features, you can quickly identify open ports, detect services,
and assess the security posture of your infrastructure.