Skip to main content

Nmap Tutorial: Complete Guide to Network Scanning and Reconnaissance (2026)

 


Introduction

In penetration testing and cybersecurity, the first step is always reconnaissance. Before identifying vulnerabilities, you need to understand the target system—what services are running, which ports are open, and what technologies are in use.

One of the most powerful tools for this purpose is Nmap (Network Mapper).


What is Nmap?

Nmap is an open-source network scanning tool used to discover hosts and services on a network.

Security professionals use Nmap to:

  • Identify active devices

  • Detect open ports

  • Discover running services

  • Gather system information


Why Nmap is Important

Nmap plays a crucial role in the reconnaissance phase:

Network Discovery

It helps identify which systems are online.


Port Scanning

You can find open, closed, and filtered ports.


Service Detection

Nmap can detect the version of services running on ports.


Security Assessment

It helps identify potential entry points for attackers.


Installing Nmap

On Kali Linux:

sudo apt install nmap

Basic Nmap Commands

1. Scan a Single Target

nmap 192.168.1.1

This performs a basic scan of the target.


2. Scan Multiple Targets

nmap 192.168.1.1 192.168.1.2

3. Scan a Range of IPs

nmap 192.168.1.1-100

Important Scan Types

TCP SYN Scan (Stealth Scan)

nmap -sS 192.168.1.1

Fast and less detectable.


Service Version Detection

nmap -sV 192.168.1.1

Displays versions of services running on open ports.


OS Detection

nmap -O 192.168.1.1

Attempts to identify the operating system.


Aggressive Scan

nmap -A 192.168.1.1

Combines multiple scanning techniques.


Port Scanning Options

Scan Specific Ports

nmap -p 80,443 192.168.1.1

Scan All Ports

nmap -p- 192.168.1.1

Output Formats

Nmap allows saving results for later analysis:

nmap -oN result.txt 192.168.1.1

Practical Use Case

During a penetration test:

  1. Identify live hosts

  2. Scan for open ports

  3. Detect services

  4. Analyze potential vulnerabilities

Nmap provides the foundation for all these steps.


Limitations

  • Cannot exploit vulnerabilities directly

  • May be blocked by firewalls

  • Requires proper understanding for accurate results


Best Practices

  • Always scan authorized targets

  • Start with basic scans before aggressive ones

  • Combine Nmap with other tools

  • Analyze results carefully


Conclusion

Nmap remains one of the most essential tools in cybersecurity. Whether you are a beginner or a professional, mastering Nmap will significantly improve your reconnaissance and penetration testing skills.


Final Note

This guide is for educational purposes only. Unauthorized scanning of networks is illegal. Always ensure you have proper permission.

Comments

Popular posts from this blog

File Inclusion Vulnerabilities: Understanding LFI and RFI for Beginners (2026 Guide)

Introduction In this part of the cybersecurity series, we will explore a critical web vulnerability known as File Inclusion . File Inclusion occurs when a web application allows users to control which files are loaded or executed on the server without proper validation. This vulnerability can lead to sensitive data exposure or even full server compromise. What is File Inclusion? File Inclusion is a vulnerability where an application includes files based on user input without proper validation or restrictions. There are two main types of File Inclusion vulnerabilities: Local File Inclusion (LFI) Remote File Inclusion (RFI) 1. Local File Inclusion (LFI) LFI allows an attacker to access and sometimes execute files that are stored on the local server. How LFI Works Consider a website that loads pages using a parameter: https://example.com/view.php?page=contact.php If the application is vulnerable, an attacker can manipulate the parameter: https://example.com/view.php?page=../../../../etc/p...

Ethical Hacking & Penetration Testing Roadmap (2026)

A Complete Beginner-to-Professional Guide Why Learn Ethical Hacking? In today’s digital environment, organizations constantly face cyber threats. Ethical hackers play a key role in identifying vulnerabilities before attackers can exploit them. This field offers: High demand career opportunities Continuous learning Multiple income streams (job, bug bounty, freelancing) Quick Overview of the Roadmap This roadmap is divided into 7 practical stages: Fundamentals Web Security Hands-on Practice Tools Mastery Real-World Testing Reporting Skills Specialization Stage 1: Fundamentals (Build Your Base) Before touching any hacking tools, you must understand the basics. Networking IP Addressing TCP/UDP DNS & HTTP/HTTPS Operating Systems Linux (essential) Windows basics Programming Python (automation) JavaScript (web understanding) Stage 2: Web Security (Core Skills) Focus on the most common vulnerabilities: SQL Injection Cross-Site Scripting (XSS) Broken Access Control (IDOR) File Inclusion SSR...

WHOIS Lookup (2026): Uncovering Domain Ownership & Server Details

  Welcome to another segment of our Information Gathering series! In our previous post, we explored WhatWeb to identify a website's internal technology stack. However, to understand who is behind a website, when it was registered, or which company manages its infrastructure, we need a technique called WHOIS Lookup . WHOIS is a fundamental footprinting method used by penetration testers to gather domain-level intelligence. What is WHOIS? WHOIS (pronounced as the phrase "who is") is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name or an IP address block. Essentially, it acts as a public directory providing details about domain ownership, registration dates, expiry dates, and authoritative name servers. Why is it Important for Ethical Hackers? For a security researcher, a WHOIS lookup is vital for several reasons: Ownership Identity: Identifies the person or organization ...