skip to content
Gabi Security

nmap for scanning network

/ 2 min read

red team, tools

Most usable and famous tool to scanning any network.

nmap - most used scanning tool

If you want to do any capture the flag, understand what are connect to what, if any port are open to conect or understand what you SIEM whare doing, you need to know how to use nmap. I tought nmap only is used if you type nmap at terminal and he will scan all the things you need, but one day i was configuring SIEM tool and all printers started to print a lot of paper with special characters, so we reset printer spooler and doest work, we do a lot of investigation and we figure out everytime our SIEM tool used nmap at our neetwork, printer understood that it had to print and it printed with a bunch of special characters.

I say this so that we understand that nmap is also incorporated into other tools that are part of our daily lives at job. We can use SIEM tools, for example, without really understanding what’s going on in the middle of her scans. However, this knowledge can improve our performance and also make easier to solve configuration problems. So let’s started!

In this article i will use the term “ip target” or “255.255.255.255” to refer the ip you would like to scan. To get started, let’s go over the basics of using the tool.

nmap "255.255.255.255"

This scan will give to you if this host is available and all your doors open.

nmap "255.255.255.255/24"
or
nmap "255.255.255.0-255"

This scan an entire network range of IP adresses to identify all the active hosts and ports. This command will scan 255.255.255.0 , 255.255.255.1 , 255.255.255.2 , 255.255.255.3… until 255.255.255.255!

nmap -O "255.255.255.255"

Will give the operational system information.

nmap -sV -p "door number" "255.255.255.255"

Which version of the software is being used on those ports using the service scan prefix -sV being able to specify the port number or not

nmap -P0 "255.255.255.255"

This argument hides its traces, in this case, it can use -P0 to not ping first.

nmap -P0 -SI 192.74.65.1:445 "255.255.255.255"

Combining with the previous argument of not pinging first and following the line of the need to hide your identity, one can use this argument that the first IP will be used as a zombie machine to scan the second IP