Nmap: Network Scanning

June 20, 2025 · 2 min read

Nmap (Network Mapper) is a powerful open-source tool for network discovery, security auditing, and penetration testing. In this post, we'll explore advanced Nmap usage, practical commands, and real-world scenarios.

1. Basic Host Discovery

Scan a single host to check if it's up:

nmap -sn 192.168.1.10  # Ping scan (no port scan)

Scan an entire subnet:

nmap -sn 192.168.1.0/24  # Discover all live hosts in the subnet

2. Port Scanning Techniques

Scan the top 1000 TCP ports (default):

nmap 192.168.1.10

Scan all 65535 TCP ports:

nmap -p- 192.168.1.10  # Full port scan

Stealth SYN scan (default, requires root):

sudo nmap -sS 192.168.1.10  # Stealthy, less likely to be logged

UDP scan (slower, less reliable):

sudo nmap -sU 192.168.1.10  # Scan UDP ports

3. Service and Version Detection

Detect running services and versions:

nmap -sV 192.168.1.10  # Service/version detection

Aggressive scan (OS, version, script, traceroute):

nmap -A 192.168.1.10  # All-in-one scan

4. OS Detection

nmap -O 192.168.1.10  # Attempt to detect OS

5. Output Formats

Save results in different formats:

nmap -oN scan.txt 192.168.1.10    # Normal output
nmap -oX scan.xml 192.168.1.10    # XML output
nmap -oG scan.gnmap 192.168.1.10  # Grepable output

6. Scriptable Interaction (NSE)

Nmap Scripting Engine (NSE) automates tasks like vulnerability detection:

nmap --script vuln 192.168.1.10  # Run vulnerability scripts
nmap --script http-enum 192.168.1.10  # Enumerate web server directories

7. Firewall Evasion and Spoofing

Fragment packets to bypass simple firewalls:

sudo nmap -f 192.168.1.10

Spoof source IP (for research, not illegal use!):

sudo nmap -S 10.0.0.99 192.168.1.10

Randomize scan order:

nmap --randomize-hosts -p 80,443 192.168.1.0/24

8. Scan Multiple Targets

nmap -iL targets.txt  # Scan hosts listed in a file

9. Exclude Hosts

nmap 192.168.1.0/24 --exclude 192.168.1.1,192.168.1.2

10. Useful Tips

Always scan with permission.
Use -T4 for faster scans, -T0 for stealth.
Combine options for tailored results.
Read the Nmap documentation for more advanced features.

Nmap is an essential tool for network engineers, sysadmins, and security professionals. Mastering its options unlocks deep insights into your network's security posture.

1. Basic Host Discovery​

2. Port Scanning Techniques​

3. Service and Version Detection​

4. OS Detection​

5. Output Formats​

6. Scriptable Interaction (NSE)​

7. Firewall Evasion and Spoofing​

8. Scan Multiple Targets​

9. Exclude Hosts​

10. Useful Tips​