Nmap
Network Mapper
The Art of Network Reconnaissance
Cybersecurity Seminar | 1st Year
2026
Network Mapper
The Art of Network Reconnaissance
Cybersecurity Seminar | 1st Year
2026
IP, Ports, Protocols
Transport Protocols
What & Why
Types & Methods
Scripts & Evasion
Practical Examples
A network is a collection of computers and devices connected together to share resources and communicate.
Local Area Network
Small area like home or office
Devices connect to a central router/switch within a small area (home/office). Data travels at high speed (100Mbps - 10Gbps) through Ethernet cables or WiFi.
Wide Area Network
Large area - cities, countries
Connects multiple LANs across cities/countries using ISP infrastructure, fiber optics, and satellites. The Internet is the largest WAN!
Metropolitan Area Network
City-wide coverage
Spans a city using high-speed fiber optic connections. Used by universities, hospitals, and government buildings in a metropolitan area.
An IP Address is a unique numerical label assigned to every device on a network.
192.168.1.1
2001:0db8:85a3::7334
Analogy: IP address is like your home address - it tells where you live on the internet.
Ports identify which application should receive the incoming data.
Port 20: Data transfer
Port 21: Control commands
Client connects โ Authenticates โ Uploads/Downloads files
Encrypted remote terminal access
All data is encrypted using public-key cryptography
Old protocol for remote login
Sends data in PLAIN TEXT - anyone can read!
Used to SEND emails between servers
Your email client โ SMTP server โ Recipient's server
Translates domain names to IP addresses
Browser asks: "What's google.com's IP?" โ DNS replies with IP
Standard web browsing protocol
Browser sends request โ Server sends webpage
Downloads emails to your device
Connects โ Downloads all emails โ Deletes from server
Encrypted web browsing
All data encrypted with TLS certificate
Relational database management
App sends SQL query โ MySQL returns data
Windows remote GUI access
See & control another computer's desktop remotely
A protocol is a set of rules that define how data is transmitted and received over a network.
What users interact with directly - web browsers, email clients, etc.
Translates data format, encryption, compression. Makes data readable.
Manages connections - opens, maintains, closes sessions between apps.
Ensures reliable data delivery. TCP = reliable, UDP = fast.
Routes packets between networks using IP addresses. Finds best path.
Transfers data between adjacent nodes using MAC addresses.
Actual hardware - cables, signals, bits (0s and 1s).
Remember: "All People Seem To Need Data Processing"
TCP = Registered Post
Confirmation requiredUDP = Regular Post
Just send and hopeFree, open-source tool for network exploration and security auditing
"The #1 tool used in the reconnaissance phase of penetration testing"
Knocks on every door to check:
sudo apt install nmap -y
Ubuntu/Debian
๐
sudo yum install nmap -y
CentOS/RHEL
๐
brew install nmap
Homebrew
๐
nmap --version
๐
nmap example.com
nmap 192.168.1.1
nmap -v target
nmap 192.168.1.1-50
nmap 192.168.1.0/24
nmap -iL targets.txt
nmap -sS target
Stealth scan - doesn't complete handshake
Default โข Fast โข Stealthyโจ Why Stealth? Connection never fully established, so it's often not logged by target system!
nmap -sT target
Full TCP handshake - no root needed
Reliable โข Detectableโ ๏ธ Downside: Full connection = gets logged! But works without root/admin privileges.
nmap -sU target
Scan UDP ports - slower process
DNS โข DHCP โข SNMP๐ข Why Slow? UDP has no acknowledgment, so Nmap must wait for timeout on each port!
nmap -sn target
Check if host is alive - no port scan
Fast โข Discovery๐ Use Case: Quickly find all live hosts in a network before detailed scanning!
nmap -sA target
Detect firewall rules
Firewall Testing๐ Purpose: NOT to find open ports, but to MAP firewall rules!
nmap -p 22 target
nmap -p 22,80,443 target
nmap -p 1-1000 target
nmap -p- target
nmap --top-ports 100 target
nmap -F target
Tip: Use -F for quick scans, -p- for thorough analysis
nmap -sV target
Detects:
sudo nmap -O target
Detects:
sudo nmap -A target
Includes:
NSE allows running powerful scripts for advanced scanning and vulnerability detection
nmap -sC target
Default scripts
nmap --script=vuln target
Vulnerability scan
nmap --script=http-title target
Specific script
nmap -f target
Split packets to bypass filters
Splits packets into tiny 8-byte pieces. Simple firewalls can't reassemble them to inspect!
nmap -D RND:5 target
Hide among fake IPs
Sends scan packets from multiple fake IP addresses along with your real one!
nmap --spoof-mac 0 target
Randomize MAC address
Changes your hardware address to random or specific vendor (Apple, Cisco, etc.)
nmap -T0 target
Slow down to avoid detection
T0 sends one packet every 5 minutes! IDS can't detect patterns in such slow scans.
nmap target -oN scan.txt
Human-readable text file
nmap target -oX scan.xml
For tools & parsing
nmap target -oG scan.gnmap
Easy to grep/search
nmap target -oA results
Creates .nmap, .xml, .gnmap
nmap target Singlenmap 1.1.1.1-50 Rangenmap 1.1.1.0/24 Subnetnmap -iL file.txt From file-sS SYN (stealth)-sT TCP connect-sU UDP scan-sn Ping scan-p 22 Single-p 1-1000 Range-p- All ports-F Fast (top 100)-sV Service version-O OS detection-A Aggressive-sC Default scriptsOnly scan networks you own or have explicit written permission to scan.
Unauthorized scanning is ILLEGAL and can result in criminal charges!
Nmap's official test server - safe to scan!
nmap scanme.nmap.org
nmap -sV -sC scanme.nmap.org
nmap -A -T4 scanme.nmap.org
Questions?
"Knowledge is power. Use it responsibly."