Back to all guides
BeginnerReconnaissance15 min read

root@css:~$ nmap --help

Network Scanning with Nmap

Discover hosts and open ports on networks you own using Nmap, the industry-standard scanner. Includes safe, authorized practice steps.

What you'll learn

  • >Understand what port scanning reveals
  • >Run host discovery and port scans responsibly
  • >Interpret scan output and service versions

// warning: Only scan systems you own or have explicit written permission to test. Unauthorized scanning can be illegal. Practice on your own machine, a home lab, or a deliberately vulnerable target.

Nmap (Network Mapper) is the most widely used network discovery tool. It answers two core questions: which hosts are alive, and which services are they exposing? Defenders use it to audit their own networks; understanding it also helps you reduce your exposure.

1. Host discovery

Before scanning ports, find out which hosts respond. A "ping scan" does this without probing ports.

bash
# Discover live hosts on your local /24 network
nmap -sn 192.168.1.0/24

2. Scanning ports

Once you know a host is up, scan it for open ports. The default scan checks the 1000 most common ports.

bash
nmap 192.168.1.10            # default TCP scan of common ports
nmap -p 1-65535 192.168.1.10 # scan all 65535 TCP ports
nmap -F 192.168.1.10         # fast scan, top 100 ports only

3. Service and version detection

Knowing a port is open is useful; knowing exactly what software answers there is far more useful for assessing risk.

bash
# -sV detects service versions, -O attempts OS fingerprinting
sudo nmap -sV -O 192.168.1.10
output
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 8.9p1
80/tcp  open  http    nginx 1.24.0
443/tcp open  https   nginx 1.24.0
Example output of an -sV scan
  1. 1Run "nmap -sn" against your own home network range.
  2. 2Pick your own computer and run "sudo nmap -sV" against it.
  3. 3Note every open port and identify the service behind it.
  4. 4Turn off or firewall any service you did not intend to expose.

// tip: Add "-oN scan.txt" to save results to a file. Keeping records of scans is good practice for tracking changes to your environment over time.

// ethics_notice: Practice only on systems you own or are explicitly authorized to test. These materials are for education and defense.

Next tutorial

Password Security & Hashing Explained