In this blog I try to go through nmap manual and understand the basics about it. In short, nmap is a mapping tool that sends raw IP packets and then analyzes the results to determine what hosts and services (applications name and versions) and operating systems and firewalls are on that network.

Nmap

SYNOPSIS

nmap [Scan Type…] [Options] {target specification}
So forexample :
nmap -A -T4 scanme.nmap.org
-A is [Scan Type]. Which means “Aggressive scan options”. It gives us more information that can be used in an aggressive manner.
-T4 is [Options]. -T4 prohibits the dynamic scan delay from exceeding 10 ms for TCP ports.
scanme.nmap.org is {target specification}.

Why people use nmap

According to manual:

While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

My take on how to use this software

After a little bit of reading i realized that there is a lot of options and scan types; you can’t just use one solution for every problem so you need to know which tool goes for what problem. Luckily, for starters we can analyze most common options that I found in tryhackme:cc_pentesters:
-p : determines which ports to scan.
-sn : ping scan: just tests if the host(s) is up
-sU : UDP scan
-sC : uses default scripts. check NSE (nmap script engine) for more information on what scripts are. In short they are tools that help you do better scans.
-sV : gets the versions of services running on the target machine
-A : aggressive mode. gets more info on os, Presently this enables OS detection (-O), version scanning (-sV), script scanning (-sC) and traceroute (–traceroute).
-O : Os detection

netcat