Port Scanning-Nmap Tutorial

This is the second episode of a series article about second step of ethical hacking/penetration testing, as we have deeply talked about the importance of port scanning and on the previous article we have discussed some about Nmap.
Click here to read to read the first related article.
This article will talk about the practical aspect of Nmap, how to perform a quick scan to know about the open ports and services?

Nmap was originally command line tool that has been developed for only Unix/Linux based operating system but now its windows version is also available and ease to use.You can download the Nmap installer for windows and for Linux open terminal and type sudo apt-get install nmap 
Ok now we are going to start with simple scan, for nmap help
$ nmap –help
For a quick and simple scan use.

$ nmap 192.168.1.1

Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-08 23:06 PKT
Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
Not shown: 997 filtered ports
PORT   STATE SERVICE
21/tcp open  ftp
23/tcp open  telnet
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 6.22 seconds



Is it simple scan? Yes it is a simple scan that let you know about the open ports in any machine, now if want to scan a whole network than you have to type this with subnet.

$ nmap 192.168.1.1/24      or    $ nmap 192.168.1.*


  • Nmap – Interesting options
    • -f fragments packets
    • -D Launches decoy scans for concealment
    • -I IDENT Scan – finds owners of processes (on Unix systems)
    • -b FTP Bounce
  • Port Scan Types
    • TCP Connect scan
    • TCP SYN scan
    • TCP FIN scan
    • TCP Xmas Tree scan (FIN, URG, and PUSH)
    • TCP Null scan
    • TCP ACK scan
    • UDP scan
p { margin-bottom: 

Nmap works on the basic scanning types like:
  • TCP connect() scanning
  • TCP SYN scanning
  • TCP FIN scanning 
  • Fragmentation scanning 
  • TCP reverse ident scanning 
  • FTP bounce attack 
  • UDP ICMP port unreachable scanning 
  • UDP recvfrom() and write() scanning 
  • ICMP echo scanning
Operating system detection or OS fingerprnting is the important part of scanning you should know about the operating system of target machine to launch an available exploit on it. Nmap provides you know about running operating system although you can find it by using banner grabbing but why doing to much job. Use -O for operating system.

$ nmap -O 192.168.1.1

Scanning and Enumeration- Second Step Of Ethical Hacking

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...