Hello Dear Users

I am back, Again with a new tutorial, This time I am writing about a network scanner and reconnaissance tool called Network Map, in short NMAP, nmap lets you discover all the Live hosts on the Network, which services they are running, what are Operating system on those systems, what are the open ports and alot of stuff. Nmap is always the first tool that you would use in a network Penetration and Intrusion.

Nmap is built-in on most Unix based operation system but is ported to almost every operating system that exits today. To download nmap from its site http://nmap.org/download.html, the installation is pretty straight forward. I would recommend you use the zenmap, its graphical front end, as its easy to you and use the same commands.

Lets see few basic commands nmap.

we will try to see all the System that are UP, operating systems that those systems are running and all the open ports on those Systems.

Open zenmap, nmap graphical front-end (or nmap, commands for both are the same) and type in the following in command section and hot scan

#nmap -p 1-65535 -T4 -A -v


 -p  Ports
-T4  IP version 4
-A  OS detection
-v  verbose mode
then range of IPs to scan


Depending upon the size of network, this may take a while.


As you can see from the Image it has detect all the systems that are up including my main network router. lets see detail about each system that nmap has detected.

Initiating SYN Stealth Scan at 19:28
Scanning [65535 ports]
Discovered open port 80/tcp on
Discovered open port 1980/tcp on
Completed SYN Stealth Scan at 19:29, 48.59s elapsed (65535 total ports)
Initiating Service scan at 19:29
Scanning 2 services on
Completed Service scan at 19:29, 6.04s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against      //(tries hard but couldn’t detect OS)
Retrying OS detection (try #2) against
Retrying OS detection (try #3) against
Retrying OS detection (try #4) against
Retrying OS detection (try #5) against
NSE: Script scanning
Initiating NSE at 19:29
Completed NSE at 19:29, 8.65s elapsed
Nmap scan report for
WARNING: RST from port 80 — is this port really open?
Host is up (0.00091s latency).
Not shown: 65533 closed ports
80/tcp   open  http       GoAhead-Webs embedded httpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 400)
| http-title: Tenda 11N Wireless Router (detects what the hardware it is)
|_Requested resource was
1980/tcp open  tcpwrapped
MAC Address: C8:XX:XX:XX:XX:XX (Tenda Technology Co.)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).


It wont be successful every time you run it for the intended purpose but the information it provides will be enough for you to guess what you need.

Alternatively you can use the scan profiles that are built-in with zenmap which are from basic ping scans to slow comprehensive scan that may take really a long time (but will be stealth, hidden from IDS system), Remember, the more faster and quicker you are the more chance that you will be detected.

This was a very basic tutorial of nmap, I hope you liked it, for question and suggestion please leave your comment in comment box.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s