Nmap is a network mapper that has emerged as one of the most popular and free network discovery tool. Most of the hackers and the pentesters are using this tool for scanning the networks. Nmap is a open source tool which you can download it from here. In Kali linux and parrot it’s inbuilt tool. Just type Nmap it will execute.

About the Nmap Tool

Nmap is a network scanning tool that uses IP packets to identify all devices are connected to network or internet. Its choice of hackers in which they can easily find open ports, which operating systems (OS) you are using and architectures. This tool is also be used for testing the security and find the vulnerability in the network.

Difference Between Nmap and Zenmap

There is no much difference in both tool, both are open source tool and used for network scanning and but Nmap is CLI (Command Line) based tool while Zenmap is GUI ( Graphical User Interface ) based tool. Both is available on many operating system such as (Linux, Windows, Mac OS X etc). Nmap tool is easy to use for beginners in which has lot of additional features. Nmap is pre-installed tool in various os such as parrot os and kali linux while Zenmap is not a pre-installed tool you will have to download form the outside source or official website so you have to try more as compare Nmap.


First we will install zenmap in our kali machine and for this you have to add the following configuration in sources.list file.

After open the file add the source commands by given below.

Run the following command to install Zenmap.

Now you can start your zenmap tool using the following commmand.

Lets take a look as beginners!! 🙂

Host Scan

Host scan is use to check how many host are active in network by send the ARP ( Address Resolution Protocol ) request to all host in.
1) nmap -sn <IP range>
2) nmap -sP <IP range>

Simple scan

This will tell you the number of TCP/UDP ports open from 1 to 65535.
command 🙂 nmap <target>

TCP scan

TCP (Transmission Control Protocol) uses a three-way handshake process to establish and maintain a network conversation. If you only want to know about TCP ports then you can use this command.
command 🙂 nmap [Scan TCP] [target IP]

UDP scan

UDP (User Datagram Protocol) is also be used for communicate or data transmission but cause of unreliable packet delivery and packets drops it is not use. In the testing purpose UDP protocol are use to check the availability to UDP ports.
command : ) nmap [scan UDP] [target IP]

OS Detection scan

If you want to get information about the operating system of the target machine so you can add ‘o’ syntax in your command.
command 🙂 nmap [operating system] [target IP]

Port range scan

If you suspect that the middle ports may be open so you can set the range of protocols.
command 🙂 nmap [range] [target IP]

Port scan

Sometimes we need to scan only specific port of target machine, Hence we can easily scan the particular port by adding ‘-p’ syntax.
command 🙂 nmap [port number] [target IP]

Version scan

If penetration testers want to test that whether the port version is visible, they can use the following command.
command 🙂 nmap [scan version] [target IP]

Protocol scan

The protocol scan is useful for beginners to determine which port are work on which protocol.
command 🙂 nmap [scan protocol] [target IP]

Script scan

Script scan is advantage for penetration tester to detect the service vulnerability, Malware threat and more information about it.
command 🙂 nmap [script scan] [target IP]

Aggressive Scan

Aggressive scan is time taking scan because it run four scan at a time such as :

-O : OS detection
-sV : version scanning
sC : script scanning
-traceroute : traceroute ( Hopes Count )

commands 🙂 nmap [Aggressive] [target IP]

Fast scan

If you are taking this much time to scan the ports so you can go with fast scan option. As you can see in below given image when we execute the normal scan so latency time had 0.00060 sec but when we execute the fast scan then the latency arrive at 0.00050 second.
command 🙂 nmap [fast sscan] [target IP]

Timing Template Scan

Timing scan is use for reducing the scanning time. Nmap offers six timing templates scan which is known such as :

T0: paranoid
T1: sneaky
T2: polite
T3: normal
T4: aggressive
T5: insane

If you will try to use aggressive scan or insane scan so it will skip some ports, that is problem with it. In our case we will choose normal scan.
command 🙂 nmap [-T0, -T1, -T2, -T3, -T4, -T5[ [target IP]

List scan

If you want to scan the select target so you can put the host details such as IP address in Txt file.

After that execute the following command to obtain the deep details about the IP address.
command : ) nmap [list] [list location]

Output scan

Sometime penetration tester wants to store their outputs in file so they can use the following commands.
command 🙂 nmap [target IP] [-o] [output location]

About the Author
Bhanuprathap Reddy is Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be connect on Linkedin.

Leave a Reply

Your email address will not be published. Required fields are marked *