Port Scanning using Nmap Commands

What is nmap exactly?

  • Helps you find what computers are on the network
  • Nmap discovers find what ports are open
  • Discovers what services are running
  • Operating system version detection
  • Hardware (MAC) address detection
  • Service version detection
  • Vulnerability/exploit detection, using Nmap scripts (NSE)

Basic overview of networking

To begin with, let’s talk about what exactly is a network scan for those of you unfamiliar with network scanning. What is a network exactly? It’s honestly not that scary; its just a bunch of computers connected together in a small bubble. However, your home is a perfect example and if your tech-savvy you have about ten devices connected to your router.

Additionally, your router is what assigns your computer an IP address via dynamic host configuration protocol. Although the routers IP address (otherwise known as the default gateway) is usually 192.168.0.1. However, the .1 stands for the device number (usually the router) and all the other computers on the network could be device number .2-254. This all depends on the netmask; I will cover this another time.


For example the IPv4 address is the computer IP address on the local network. The default gateway is the router. On Linux type “ifconfig” for your IP address and “route -n” for your default gateway.

What is NMAP?

Nmap is eventually a tool to discover what devices are on a network. It also allows you to see what services are open (called ports) depending on the type of scan you run. Networks Admins and Hackers alike use this tool to probe networks to see what software is running on the target systems. There are variously commands and techniques that you can use to probe networks. Although the default Nmap command will usually set off intrusion detection systems due to their packet signature. That’s where the -T1 or -T2 flag comes in which slows down the scan so that way it can be evaded by IDS systems. Down below I’ve created a cheat sheet of NMAP commands that you can follow. However, to fully understand what it’s doing I would recommend using Wireshark while running a scan on your own network.

Nmap Command Cheat Sheet

COMMANDDESCRIPTION
nmap -sS -O 10.0.0.0/24
Stealth scans the network, listing machines and there operating system.
nmap -p 1-65535 -sV -sS -T4 target
Full TCP port scan using with service version detection – usually my first scan, I find T4 more accurate than T5 and still “pretty quick”.
nmap -v -sS -A -T4 target
Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services.
nmap -v -sS -A -T5 target
Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services.
nmap -v -sV -O -sS -T5 target
Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection.
nmap -v -p 1-65535 -sV -O -sS -T4 target
Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + full port range scan.
nmap -v -p 1-65535 -sV -O -sS -T5 target
Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + full port range scan

If you’d like to learn more about Nmap; I’d highly recommend this book on scanning networks.

Leave a Reply
Previous Post

How to capture RAM with Forensic Tool Kit, Strings, and Photorec

Next Post
web developer

Become a Front-End Web Developer in Six Months

Skip to content
Share via
Copy link
Powered by Social Snap
Close Bitnami banner
Bitnami