Search For Tutorial

Thursday, 23 March 2017

An Ultimate Guide to NMap and Port Scanning

Posted by Desi Boys
Second phase of ethical hacking is scanning and it is as important as information gathering. That’s where we use NMap and its handy features. Nmap (so called Network Mapper) is very useful and quite famous utility now days which you can for network scan. This post will walk you though nmap ports scan strategies.

It is available in both command line and graphical user interface. Other interesting things about nmap is that you can use it for other multi-purposes things  like host scanning, port scanning, vulnerability scanning, getting operating system and version.

★ Learn About DOS / DDOS Attack

It can be used to perform network scans to identify which services a target host is running, operating system, software, firewalls and much more.

nmap port scan tutorial guide

Downloading and Installing:-
Nmap is already installed in Kali Linux or other major penetration testing distros like backtrack. If you are using other platform like Windows, Linux you can download and install it from below link.

But before I show you port scanning using nmap, I recommend you to read one of my previous posts about TCP/UDP.

Nmap Scanning Types:-

TCP SYN Scan:-
Hope you have learnt about TCP/UDP and three way handshake from previous posts.
In SYN scan, we use TCP to connect with target but do not make full connections with target host system.
In other words, it send SYN packet, target host reply with SYN/ACK packet in response, now according to TCP our system should reply to SYN/ACK packet with ACK or Acknowledgement packet. But it’ll never do that. SYN scan will not reply to SYN/ACK. It does not make full connection with target.

Therefore, it is undetectable because windows record logs of complete connect but this TCP SYN does not make full connection with target host.
And that’s why we also call it stealth scan.

Now let’s perform a simple TCP SYN scan using nmap. Open terminal, type below command and hit enter.
nmap –vv –sS

nmap -> Name of tool to start
-v or -vv -> Verbose or very verbose used to make our scan result to appear in more understandable way.
-sS -> -s is used to define scan type and -sS is for SYN scan type. or target host -> it is my target host’s ip address. You need to replace this IP Address with your target system’s IP address.

★ How to Hack an Android phone

TCP Scan:-    
It is same as TCP SYN scan but unlike TCP SYN, it replies to SYN/ACK packet and makes full connections with target system. Thus it makes it detectable. Moreover or important is that, it is used to scan for TCP ports only. Use below command for this scan.
nmap –vv –sT
-sT -> it refers to TCP scan type.

UDP Scan:-
This scan is used to scan for open UDP ports in target system. UDP is connectionless protocol. Hence it is not as reliable as TCP is. To perform a UDP Scan, use this syntax.
nmap –vv –sU
-sU refers to UDP scan type.
FIN Scan:-
Like SYN packet is used or sent to make connection, FIN is used to drop or to get disconnect from target system. This scan is very helpful in case if your target system have Firewalls or IDS. Simple syntax its command is as follows.
nmap –vv –sF
Where –sF is referring to FIN scan.

★ Best Hacking Tools Listed

Other NMap Usage:-

Detect Operating System: - To detect operating system of target system along with the scan use below command syntax.
nmap –vv –sS –O
-O option is used to detect operating system.

operating system scan using nmap

Scan Multiple Hosts: - You can perform scan for multiple hosts at one time. For this, you must write ip address of another second host just after the first by giving a space.
nmap –vv –sS
And so on.

You can scan entire subnet using this syntax.
nmap –vv –sS

Version Detection: - It is very useful feature in nmap. You can also detect software or service version. However version scan takes little bit more time than others.
nmap –vv –sV –sT
-sV option is used for version detection.

version scan in nmap

Scan for Specific Ports: - Consider a scenario where you want to scan only some specific ports on target.  You can do this using nmap using –p option with this syntax.
nmap –vv –sS –p80,443
Here in this example, I used –p nmap option to scan for port 80 and 443 only.

Another one, you can scan for open ports within specified. For example:-
nmap –vv –sT –p1-500
It’ll scan for open TCP ports within range of 1 to 500.

Now you need to keep practice nmap port scanning within your lab to understand it. Nmap is not just limited to these features only. You can learn more about this tool using google and other ethical hacking blogs. We’ll soon update this post so keep visiting to our blog or subscribe for our newsletter.


  1. you know so many nuances, thanks for sharing them with such beginners as I am!

  2. That was an interesting thing to read about. I hope that you'll add more materials on the topic.

  3. Very good that I accidentally found your article, because this is a very urgent topic for me now.