CyberGalaxy

Nmap Guide

Nmap, short for Network Mapper, is one of the most popular tools used in cybersecurity. It allows security researchers and system administrators to discover devices on a network, identify open ports, detect services, and gather information about systems.

Nmap is commonly used during reconnaissance in penetration testing and security assessments.

Installing Nmap

Kali Linux

Nmap is already installed by default in Kali Linux. You can check with:

nmap --version

If for some reason it is missing, install it with:

sudo apt install nmap

Ubuntu / Debian

sudo apt update
sudo apt install nmap

After installation, confirm it works:

nmap --version

Basic Nmap Scan

The simplest scan checks the most common ports on a target host.

nmap 192.168.1.1

Example Output

Starting Nmap 7.94
Nmap scan report for 192.168.1.1
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https

What This Means

• PORT, the port number being checked.
• STATE, whether the port is open, closed, or filtered.
• SERVICE, the service commonly associated with that port.

Example interpretation:

• Port 22 open, SSH service is running.
• Port 80 open, a web server is running.
• Port 443 open, HTTPS secure web service is available.

Scanning a Network

Instead of scanning a single machine, you can scan an entire network range.

nmap 192.168.1.0/24

This scans all devices between 192.168.1.1 and 192.168.1.254.

Nmap will show which hosts are online and may also list open ports for each device.

Detect Service Versions

You can try to identify the exact software running on open ports.

nmap -sV 192.168.1.1

Example Output

PORT     STATE SERVICE VERSION
80/tcp   open  http    Apache httpd 2.4.41
22/tcp   open  ssh     OpenSSH 8.2

This reveals more detailed information about the services running on the target.

Operating System Detection

Nmap can attempt to guess the operating system of a machine.

sudo nmap -O 192.168.1.1

Example result:

OS details: Linux 4.x or 5.x

This helps identify whether the system is likely running Linux, Windows, or another OS.

Aggressive Scan

An aggressive scan combines several techniques into a single command.

nmap -A 192.168.1.1

This enables:

• OS detection
• Service version detection
• Nmap scripting engine scans
• Traceroute

This scan gathers much more information but takes longer to complete.

Scanning Specific Ports

You can choose exactly which ports to scan.

nmap -p 80,443,22 192.168.1.1

This scans only ports 80, 443, and 22.

Important Note

Only scan systems you own or have permission to test. Unauthorized scanning can violate laws or network policies.

Conclusion

Nmap is an essential tool for anyone learning cybersecurity. It allows you to discover hosts, identify services, and gather information about networks.

Future guides on CyberGalaxy will explore advanced Nmap features, including scripting, stealth scanning, and vulnerability discovery.