Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover Host and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides features for probing computer networks such as host discovery, service and operating system detection, and other in-depth system information. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other information. Nmap is also capable of adapting to network conditions including latency and network congestion during a scan.
In this tutorial, we are going to explore how to use Nmap to scan a network. To start off, here’s a brief overview of what Nmap is mainly used for. Among other things, Nmap will scan our target network and:
Display a list of connected clients
List open ports and available services
Gather information about client systems
Now let’s get started with stripping the network 🙂
Below you will find several different uses and scan parameters of Nmap. First, make sure you are connected to the network that you want to scan. Having done that, you may now proceed with the different scans.
Simple Scan
This method is used to scan the entire network and list all of the connected clients.
Open a terminal
Type “nmap -sS [host ip address]/24”
Replace [host ip address] with your router’s IP address Example: “nmap -sS 192.168.0.1/24”
Client Scan
This method is used to scan a specific client.
Open a terminal
Type “nmap -sS
”
Replace
with the ip address of the client Example: “nmap -sS 192.168.0.5”
OS Scan
This method is used to list a client’s operating system information in the scan results.
Open a terminal
Type “nmap -sS
-O”
Replace
with the ip address of the client Example: “nmap -sS 192.168.0.5 -O”
System Scan
This method is used to list information associated with a client’s system.
Open a terminal
Type “nmap -sS
-A”
Replace
with the ip address of the client Example: “nmap -sS 192.168.0.5 -A”
Service Scan This method is used to display a list detailed information about services running on a client’s system.
Open a terminal
Type “nmap -sS
-sV”
Replace
with the ip address of the client Example: “nmap -sS 192.168.0.5 -sV”
Port Scan
This method is used to check the status of a specific port
Open a terminal
Type “nmap -sS
-p [port]”
Replace
with the ip address of the client Replace [port] with the port number you want to check
Example: “nmap -sS 192.168.0.5 -p 22”
Port Range Scan
This method is used to check the status of a specific port range.
Open a terminal
Type “nmap -sS
-p [port range] Replace
with the ip address of the client Replace [port range] with the port range you want to check
Example: “nmap -sS 192.168.0.5 -p 22-80”
Now that you know a thing or two about Nmap, I recommend combining the different scan parameters to generate consolidated scan results. This will improve the efficiency of your scans and help you generate detailed, more complete scan reports. As always, PenTesting is about doing and not just reading, so experiment with various parameters, try as many as you can and be sure to checkout the inbuilt help menu of Nmap for even more options.
As an example, you could scan the entire network for detailed information about clients, systems, services, and ports by using the following command: “nmap -sS [host ip address]/24 -O -A -sV”
Want to be a real hacker? Sign Up!
