Other Threats

What Is Nmap, Why and How to Use It?


Without a doubt, Nmap is one of the important tools in penetration tests. Vulnerability assessments and penetration tests have become very important for many organizations with the increasing speed of technological developments in recent years.

These tests and evaluations have become a necessity, especially in matters of regulatory compliance. If you have a network that stores sensitive data, you are very likely to be exposed to many threats from inside and outside.

This is why organizations need to evaluate their cyber security standings periodically. Although many people are confused by vulnerability assessment and penetration testing concepts, it is important to understand the difference.

Vulnerability assessments make you aware of open doors on your system that attackers can exploit. On the other hand, penetration testing tries to gain access to the system by exploiting these open doors. The prerequisite for penetration testing is vulnerability assessment.

If you do not test for vulnerability, you cannot know which vulnerability you are going to exploit and use it in your penetration test.

After gaining information on the system, cybercriminals check the versions of the applications that include the vulnerabilities they are going to attack. Although there are plenty of identified attack methods for the older versions, they have limited attack methods for newer versions.

Therefore, it is important to keep your system and the applications up to date. System administrators have to prevent attackers from gaining access to their systems. This is why they should collect information about their systems at regular intervals and take action by evaluating this information.

Although there are many tools for collecting information, Nmap, developed by Gordon Lyon, is the most well-known one. Below, you can find detailed information about Nmap and its functions, features, and importance.

What Is Nmap?

Nmap is a free and open-source tool developed for network discovery and security auditing. It provides information such as the devices on the network, their operating times, services they run, operating systems, and their versions.

You can block the access of services that you are not aware of and update applications using old versions with the help of this information.

Nmap is a made-up word created with the combination of Network and Mapper words. Basically, it stands for network mapper. It is completely free and open-source software used for network discovery and security auditing.

Nmap identifies the devices on the network (such as computers, phones, printers, and so on), which services these devices use (such as application name and version), and which operating systems they run (including operating system versions).

In short, Nmap is a very useful program designed to collect information on the target system. Many programs perform similar tasks to this software. However, it has become more popular for some of its features. These features are.

  • Popularity – Thousands of users prefer this software. It can work stably on many operating system distributions such as OpenBSD, Free BSD, Gentoo, Debian Linux, Redhat Linux, and so on.
  • Community – The community of this tool is quite large. You can find plenty of resources online to assist you with any problems you may encounter.
  • Free – It allows you to perform complex and stable scans completely for free.
  • Easy – As Nmap includes plenty of features that expert users can benefit from; it also allows you to perform quick and easy scans.
  • Powerful – It is powerful enough to scan hundreds of thousands of computers.
  • Flexible – It can work on many systems, network devices, services, and versions.

How Does Nmap Work?

In general, the working principle of Nmap starts with sending raw packets to the system ports. The software collects information with these packages by checking the responses and identifying the open, closed, or filtered/unfiltered ports. Later on, it displays these results to the users.

You can use Nmap to monitor thousands of devices or networks or a single host. You can also use it for different functions thanks to the modules in it.

Using certain parameters to use Nmap which performs many functions, from port scans to service discovery, discovery of open ports to identifying security risks helps the tool to provide more effective results.

How to Use Nmap?

Nmap comes pre-installed with the Kali Linux operating system. However, you can install it on different operating systems too. All you need to do is type the “nmap” command on the command line to run Nmap.

If you would like to learn more about the available commands, then all you need to do is type “nmap-help” or “nmap-h” commands.

How to Scan with Nmap?

Scanning is a remote testing process to identify the status of the ports on the target machine. Nmap is one of the best tools you can use for scanning networks.

Below, you can learn more about the operations run during the scanning with a particular order:

  • Using pre-scan scripts,
  • Target numbering,
  • Host discovery processes,
  • Reverse-DNS resolution,
  • Post scan,
  • Version detection,
  • Operating system detection,
  • Traceroute operation,
  • Script scanning,
  • Printing/Reporting

Now, let’s check the port statuses that may arise as a result of Nmap scanning:

  • Open Port – This indicates that the port is accessible, and the service is running on it.
  • Closed Port – This indicates that the port is accessible, but no service is running on it.
  • Filtered Port – This indicates that a packet filtering mechanism blocks the returned responses, the tool cannot decide whether the port is open or closed and there may be a security device there.
  • Unfiltered Port – This indicates that the ports are accessible, but Nmap cannot decide whether the ports are open or closed. Here, you may switch to another Nmap scanning method to identify the problem.
  • Open-Filtered Port – Nmap indicates that it cannot decide whether the ports are open or filtered. In this case, you can perform scanning such as Xmas, Null, FIN, IP, or UDP.
  • Closed-Filtered Port – Nmap indicates that it cannot decide whether the ports are closed or have a security device on them. In this case, you need to perform different scanning types.

What Are Nmap Scanning Types?

There are multiple scanning types in Nmap. All these scanning types are necessary for the successful completion of the port scan. Below, you can learn more about these types.


This is the most confidential scanning type. The source system does not take an active part in scanning the target system. None of the packets sent to the target system are sent with the IP address of the scanning system. The source system collects information by scanning the target system with systems called “zombies”.

UDP Scan

This scanning type analyzes whether the UDP ports on the target computer are open or closed. If the target system responds with “ICMP Port Unreachable” for the incoming UDP packets, it means that the target system is closed. On the other hand, if it responds with a UDP packet, it means the target system is open.

Ping Scan

In this scanning type, the software sends a single ICMP Echo request packet to the target system. If there are any problems, the target system responds with ICMP Echo. However, if the target system is not accessible or the packet filter is filtering ICMP packets, it will not respond.

FIN (Stealth) Scan

The target system responds with an RST + ACK packet if the FIN flag segment sent to the target system reaches a closed port of the target system. The target system will not respond if the packet reaches the open port.

TCP Connect Scan

Nmap sends an SYN packet to connect to the target port and if it receives a SYN+ACK packet, it connects to the port by sending an ACK packet and reports the open port. If it receives an RST+ACK response, then it reports a closed port.

TCP Syn Scan

In this scanning type, the source system sends a TCP SYN flagged segment to the target system. If it receives the SYN+ACK packet as a response, it sends an ACK packet, connects to the port and reports an open port, and logs out by sending an RST packet. If it is a closed port, it sends the ACK+RST packet. No response means that the port is filtered.

Since we know what Nmap is and how to use it, now let’s check out its usage areas.

What Are Nmap Usage Areas?

As we mentioned before Nmap comes preinstalled with the Kali Linux operating system and you can install it on different operating systems. Some of these operating systems include AmigaOS, BSD, Solaris, macOS, Windows, and Linux.

You may want to know that Linux is the most preferred and Windows is the second most preferred operating system for Nmap. Below, you can find some of the popular Nmap usage areas:

  • Performing security audits by identifying unknown servers.
  • Testing required configurations after network setup.
  • Keeping and performing the network inventory, mapping, maintenance, and management.
  • Testing the necessary configurations during the preparation of any network.
  • Mapping the network topology.
  • Having information about the systems available on the scanned network (such as learning information about ports).
  • Most importantly, the most common use of Nmap is for performing penetration tests.

As MS Cyber Security, we can help you to secure your network by identifying open doors, the status of your ports, and vulnerabilities. You can contact us whenever you want to get information and receive a free quote.

Back to list