Nmap (Network Mapper) is a free and open-source network scanning tool used for network

discovery and security auditing. It is designed to scan large networks rapidly, although it
works fine against single hosts. Nmap uses raw IP packets to determine:

 What hosts are available on the network.

 What services (application name and version) those hosts are offering.
 What operating systems (and OS versions) they are running.
 What type of packet filters/firewalls are in use.
 And many other characteristics.

Nmap is widely used by network administrators to monitor host or service uptime, manage
service upgrade schedules, and perform network inventory. It is also a favourite tool of
penetration testers and hackers for reconnaissance and vulnerability assessment.

Key Features of Nmap

1. Host Discovery: Identifies devices on a network.

2. Port Scanning: Enumerates open ports on target hosts.
3. Version Detection: Determines the version of services running on open ports.
4. OS Detection: Attempts to determine the operating system of the target host.
5. Scriptable Interaction: Uses the Nmap Scripting Engine (NSE) to automate a wide
variety of networking tasks.
6. Output Formats: Supports various output formats, including interactive, XML, and
grepable formats.

Ping scan - One of the most basic functions of Nmap is to identify active hosts on your
network. Nmap does this by using a ping scan. This identifies all of the IP addresses that are
currently online without sending any packers to these hosts.

SYN stealth scan - SYN scan is the default and most popular scan option for good reason. It
can be performed quickly, scanning thousands of ports per second on a fast network not
hampered by intrusive firewalls.(Port open , closed or filtered)

A filter port indicates that a firewall, filter, or other network issue is blocking the port.

NSE - The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible
features. It allows users to write (and share) simple scripts (using the Lua programming
language ) to automate a wide variety of networking tasks. Those scripts are executed in
parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing
and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.

Parallel DNS resolution Normally reverse DNS is only performed against responsive
(online) hosts. By default, Nmap resolves IP addresses by sending queries directly to the
name servers configured on your host and then listening for responses. Many requests (often
dozens) are performed in parallel to improve performance.

Traceroute - to trace the route from the scanning machine to the target host: to track in real-
time the pathway taken by a packet on an IP network from source to destination, reporting the
IP addresses of all the routers it pinged in between. Traceroute also records the time taken for
each hop the packet makes during its route to the destination.

Common Operations of Nmap

1. Basic Scan
o Command: nmap <target>
o Description: Scans the target IP address or hostname for open ports and
services.
o Example: nmap 192.168.1.1
2. Ping Scan
o Command: nmap -sn <target>
o Description: Performs a ping scan to determine which hosts are up without
port scanning.
o Example: nmap -sn 192.168.1.0/24
3. Port Range Scan
o Command: nmap -p <port_range> <target>
o Description: Scans a specific range of ports on the target.
o Example: nmap -p 1-100 192.168.1.1
4. Service Version Detection
o Command: nmap -sV <target>
o Description: Detects the version of services running on open ports.
o Example: nmap -sV 192.168.1.1
5. OS Detection
o Command: nmap -O <target>
o Description: Attempts to determine the operating system of the target host.
o Example: nmap -O 192.168.1.1
6. Aggressive Scan
o Command: nmap -A <target>
o Description: Enables OS detection, version detection, script scanning, and
traceroute.
o Example: nmap -A 192.168.1.1
7. Script Scan
o Command: nmap --script <script_name> <target>
o Description: Runs a specific NSE script against the target.
 o Example: nmap --script http-title 192.168.1.1
8. Output to File
o Command: nmap -oN <output_file> <target>
o Description: Saves the scan results to a text file.
o Example: nmap -oN scan_results.txt 192.168.1.1
9. XML Output
o Command: nmap -oX <output_file> <target>
o Description: Saves the scan results in XML format.
o Example: nmap -oX scan_results.xml 192.168.1.1
10. UDP Scan
o Command: nmap -sU <target>
o Description: Scans for open UDP ports on the target.
o Example: nmap -sU 192.168.1.1
11. Stealth Scan (SYN Scan)
o Command: nmap -sS <target>
o Description: Performs a stealthy SYN scan to determine open ports.
o Example: nmap -sS 192.168.1.1
12. Comprehensive Scan
o Command: nmap -T4 -A -v <target>
o Description: Performs a comprehensive scan with aggressive timing, OS
detection, version detection, and verbose output.
o Example: nmap -T4 -A -v 192.168.1.1