What is Nmap?

Nmap is a tool used to scan and analyze networks. It helps you find out which devices are connected to a network, what services they are running, and if there are any security issues. Essentially, it’s like a digital mapmaker for network systems, showing you what’s out there and how it’s all connected.

Nmap is short for network mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications.

Nmap allows network admins to find which devices are running on their n network, discover open ports and services, and detect vulnerabilities.

Key Features of Nmap

• Network Discovery: Identifies devices on a network and their IP addresses.
• Port Scanning: Determines which ports are open on a device, helping to identify active services.
• Service Detection: Identifies the services running on open ports and their versions.
• Operating System Detection: Determines the operating system of a device based on network behavior and responses.
• Scriptable Interaction: Utilizes the Nmap Scripting Engine (NSE) for more advanced scanning and automation tasks.
• Output Formats: Provides results in multiple formats, including plain text, XML, and HTML.

Nmap Scan Types:

1. TCP Scan: It completes a three-way handshake between you and a closet target system. The TCPscan is very noisy and cannot be detected with almost any effort because services can log onto the sender IP address and trigger an intrusion detection system.

2. UDP Scan: A UDP scan is used to discover open UDP ports on a target system. Unlike TCP, UDP (User Datagram Protocol) is connectionless, meaning it does not establish a connection before sending data, which makes it more challenging to detect and scan.

3. ACK Scan: ACK scans are used to determine a particular port that has been filtered. It proves to be extremely helpful when trying to check for firewalls and their current regulations.

4. SYN Scan: It is another form of TCP scan. Nmap crafts a sync packet, the first packet sent to establish is a TCP connection.

5. Bang Scan: The bang scan is like SYN scans. It sends the TCP fin packet instead of RST packet (reset packet) if it receives the input so that false scans and negativity are seen in the scan. But it may be under the radar of some IDS programs and many countermeasures.

6. Full Scan: The null scan is very secretive, and as the name suggests what they do – they set all header fields to zero. It is not a valid packet, and targets will not know how to deal with packet.

7. Ping Scan: A ping scan in Nmap is used to determine which hosts are up and responding on a network. It’s a quick way to check if a target host is active without performing a full port scan. Here’s how you can use and understand ping scans with Nmap:

Nmap functions