NMAP Scanning

Here you will find an overview of differen NMAP commands one can use as first step in reconnaissance. Required is (obviously a terminal on either a Linux or MacOS based machine.


In today’s interconnected world, understanding the security of your network is crucial. Whether you’re a network administrator, a cybersecurity enthusiast, or simply someone interested in exploring the depths of networking, Nmap is a tool you should know about. Nmap, short for Network Mapper, is a powerful and versatile open-source network scanning tool that allows you to discover hosts, services, and vulnerabilities on a network. In this blog post, we will explore some popular Nmap commands and their use-cases, empowering you to harness the full potential of this invaluable tool.

Use-cases and their commands

  1. Basic Network Discovery: One of the fundamental tasks of Nmap is network discovery, which involves identifying hosts and their open ports on a given network. The following command provides a basic overview of the hosts on a network:
nmap -sn <target IP range>

This command, also known as a “ping scan,” sends ICMP echo requests to hosts within the specified IP range and provides a list of hosts that respond. It is useful for determining which hosts are alive and can serve as a starting point for further exploration.

  1. Port Scanning: Port scanning is a crucial step in assessing network security. Nmap offers a variety of port scanning techniques to identify open ports on a target host. Here are a few commonly used commands:a. TCP Connect Scan:
nmap -sT <target IP>

This command performs a TCP connect scan, which attempts to establish a full TCP connection with the target host on the specified ports. It is a reliable but relatively slower method.

b. SYN Scan:

nmap -sS <target IP>

The SYN scan, also known as a half-open scan, sends SYN packets to the target ports. If the port is open, it responds with a SYN/ACK packet. This method is faster than TCP Connect scan and is less likely to be logged.

c. UDP Scan:

nmap -sU <target IP> 

  1. UDP scan is used to identify open UDP ports on a target host. Unlike TCP, UDP does not establish a connection before sending data, making UDP scanning more challenging. However, it is essential to check UDP ports, as they may hide potential vulnerabilities.
  2. OS Fingerprinting: Nmap is capable of determining the operating systems running on the target hosts. This information is valuable for understanding the network environment. The following command enables OS fingerprinting:
nmap -O <target IP>

By analyzing network responses, Nmap compares them to its database of known operating system fingerprints to make an educated guess about the target’s OS. It is not always accurate, but it can provide valuable insights into the systems you are scanning.

  1. Service Version Detection: Knowing the versions of services running on target hosts is crucial for vulnerability assessment and determining the overall security posture. Nmap’s service version detection feature can provide this information:
nmap -sV <target IP>

This command sends probes to the target ports and analyzes their responses to identify the running services and their versions. It helps in identifying outdated or vulnerable services that may require patching.

  1. Scripting Engine: Nmap’s scripting engine, also known as NSE (Nmap Scripting Engine), allows you to automate and extend the capabilities of Nmap. Numerous pre-built scripts are available to perform specific tasks such as vulnerability scanning, brute-forcing, or information gathering. Here’s an example of using an NSE script:
nmap --script=<script name> <target IP>

By leveraging the vast collection of scripts, you can tailor your scans to suit specific requirements and gain deeper insights into target systems.


Nmap is a versatile and powerful network scanning tool that can be immensely valuable for network administrators, cybersecurity professionals, and enthusiasts alike. In this blog post, we explored some of the essential Nmap commands and their use-cases, ranging from basic network discovery to OS fingerprinting, port scanning, and service version detection. By mastering these commands, you can enhance your network reconnaissance capabilities and fortify your systems against potential threats. Remember, with great power comes great responsibility, so always ensure you are using Nmap ethically and in compliance with applicable laws and regulations.