seela logo

Ethical Hacker

Pentest

Network scanning with NMAP: the complete course

This course will help you acquire the methodology needed to recognize a network as part of an intrusion test. To do this, we'll introduce you to the Nmap tool, detailing how it works and the various options it offers.

190 min

4.7/5

4,7/5

nmap logo

Contents

📡 Introduction

Before directly attacking a machine, a server or a service, it is necessary to know the network architecture as well as the active ports and services. This will define the recognition phase of an attack or a test strategy to evaluate the security level of our network.

For this purpose, it is possible to use Nmap.

Nmap (Network Mapper) is a port scanner, designed in particular to detect open (active) ports and services, the operating system of a remote computer, and to provide information about the security of a network. Its source code is available under the GNU GPL license, and can be used as a command line or graphical interface version (Zmap).

nmap logo

💡 Using Nmap

Nmap will send requests to IP addresses and/or ports to map the network of the target. The expected result is, for example, the status of the port(s), the associated services or protocols, and any other useful information for the future.

The network scan can be done in 2 ways:
  • Active
  • Passive with a sniffer.

active scan is launched by the attacker himself who will judge, according to the results, if he should refine his research and proceed with other scans. The passive method generally consists of analyzing network traffic, which is more discreet, but more time consuming for an attacker to find what he is looking for. Thus, in the context of a penetration test, limited in time, it is preferable to to use an active scan.

Beware, the more virulent or deep a scan is, the more likely it is to be detected by an intrusion detection system (IDS).

Before directly attacking a machine, a server or a service, it is necessary to know the network architecture as well as the active ports and services. This will define the recognition phase of an attack or a test strategy to evaluate the security level of our network.

For this purpose, it is possible to use Nmap.

Nmap (Network Mapper) is a port scanner, designed in particular to detect open (active) ports and services, the operating system of a remote computer, and to provide information about the security of a network. Its source code is available under the GNU GPL license, and can be used as a command line or graphical interface version (Zmap).

🕹️ Basic controls

Scanning a network

Nmap 192.168.132.0/24

This command allows us to determine the presence of 3 machines on the target network, their IP and MAC addresses, active ports and services and other useful information.

We also see that they are virtual machines (VMware).

capture course nmap

Scan a machine

Nmap 192.168.132.0

Here we find the same information as in the previous command, for a single machine. In the case of a company network with hundreds of machines, the first command may be difficult to use.

capture nmap

Option -A allows to get a more detailed scan, and option -sV can give interesting information like the software version on a given port.

capture nmap

Want to go further with NMAP?

Start your cybersecurity training!

Launch your career in cybersecurity and train for the job that fits you. Our online platform allows you to train at your own pace for a quick and efficient increase in skills.

100% online

Theory & Practice

Customized by level

🧑‍💼 How is NMAP used in the professional world?

Using NMAP in a business context can be extremely beneficial for companies looking to secure their networks. Imagine a company wishing to assess the security of its internal network. With NMAP, a system administrator or security auditor can scan the network for active services, open ports and vulnerable machines.

One of NMAP's key features is its ability to perform port scans. Using different types of scans, such as the TCP SYN scan or the TCP connect scan, NMAP can identify services running on specific ports. This makes it possible to detect unwanted or unauthorized services that could open the door to potential attacks.

NMAP can also be used to map the network, identifying active hosts, their operating systems, versions of running services, as well as firewall filters and intrusion detection devices. This information provides valuable visibility into the network infrastructure, helping security professionals to take proactive measures to strengthen defense against threats.

💼 In which professions is NMAP useful?

In the field of cybersecurity, various professions use NMAP to accomplish their daily tasks. One such profession is the Ethical Hacker. Ethical Hackers are security professionals who use tools such as NMAP to identify a system's vulnerabilities and test its resistance to attack.

Ethical Hackers use NMAP to perform port scans and network probes to discover potential weaknesses in a system. They can also use NMAP to perform vulnerability assessments, search for security holes and identify possible entry points for external attacks.

In addition to Ethical Hackers, system administrators, network security managers and incident response teams also rely on NMAP to protect IT systems against external and internal threats. This versatile tool provides a clear view of network vulnerabilities and facilitates informed decision-making to strengthen overall security.

Nmap (Network Mapper) is a widely used open-source network discovery and security tool. It enables cybersecurity professionals to explore and scan networks for active hosts, open services, potential vulnerabilities and security configurations.

Nmap offers a wide range of features, including active host detection, port scanning, service and version identification, OS detection, network mapping, vulnerability discovery, packet analysis, and customization of scans to specific needs.

Nmap uses network scanning techniques to send packets to target hosts and analyze the responses received. It uses various scanning methods such as TCP SYN scan, UDP scan, TCP connected scan, stealth scan, etc. to obtain information on open services and operating systems.

Nmap is a legal tool when used within an authorized and ethical framework, such as security testing, vulnerability discovery or network administration. It is important to comply with current laws and policies, and to obtain the necessary authorizations before scanning networks.

Nmap is compatible with most commonly used operating systems, including Windows, Linux, macOS, FreeBSD, Solaris, and other Unix systems.

Although Nmap is one of the most popular tools, there are also other network scanning tools such as ZMap, Masscan, Nessus, OpenVAS, and Angry IP Scanner. Each tool has its own features and benefits, and the choice depends on the user's specific needs.

Start your cybersecurity training

Training

Career

Cybersecurity

100% online

Breathe new life into your career with our cybersecurity training courses

icon lockcadenas

Content reserved for subscribers

Register for the full course and start your cybersecurity training!

  • Over 700 hours of content available
  • 6 training paths
  • Certification courses
  • 100% online and autonomous

Mail

information@seela.io