NMAP

Nmap (Network Mapper) is a free and open-source network scanner tool that is used to discover hosts and services on a computer network, typically by sending packets and analyzing the responses. It is commonly used to find open ports on a computer or network, as well as to determine the version of the operating system or applications that are running on a particular device. Nmap is a powerful tool that is widely used by network administrators and security professionals to perform network exploration, security audits, and vulnerability assessments. 

 Nmap is a very versatile tool that can be used in a variety of ways. Some common uses for Nmap include:  

• Scanning a network to discover hosts and services 
• Identifying open ports and the services that are running on those ports 
• Determining the version of the operating system or applications that are running on a particular device 
• Determining the type of firewall that is in use on a network 
• Detecting vulnerabilities on a network or device 

Nmap is known for its ability to scan a large number of hosts quickly and accurately, and it can be run on a wide range of operating systems, including Linux, Windows, and MacOS. It is also capable of running on multiple platforms at the same time, which makes it a useful tool for network administrators who need to scan multiple networks simultaneously. Additionally, Nmap offers a variety of options and features that allow users to customize their scans and tailor them to their specific needs.

nmap -sn <IP address or range>

The -sn option tells Nmap to perform a "ping scan," which is a type of scan that is used to discover live hosts on a network. By specifying an IP address or range, you can tell Nmap which hosts to scan. For example, to scan the hosts on the 192.168.0.0/24 network, you could use the following command:

nmap -sn 192.168.0.0/24

This command would cause Nmap to send a series of packets to each host on the specified network, and it would report back which hosts are alive and responding to the ping. This is a useful way to quickly determine which hosts are active on a network, and it is often the first step in a more comprehensive network scan. To identify open ports and the services that are running on those ports, you can use the following Nmap command:

nmap -sT <IP address or range>

The -sT option tells Nmap to perform a TCP connect scan, which is a type of scan that establishes a full connection to each open port on the target host. This allows Nmap to determine which ports are open, and it also allows Nmap to identify the service that is running on each open port. For example, to scan the hosts on the 192.168.0.0/24 network for open ports, you could use the following command:

nmap -sT 192.168.0.0/24

This command would cause Nmap to connect to each open port on each host on the specified network, and it would report back which ports are open and what service is running on each open port. This is a useful way to quickly identify which services are available on a network, and it can help you to understand the layout and configuration of a network. 

A complex Nmap command might include a variety of options and features to customize and tailor the scan to specific needs. For example, the following command uses several advanced options to perform a detailed scan of the 192.168.0.0/24 network:

nmap -sS -A -T4 -p- -oN scan_results.txt 192.168.0.0/24

This command uses the following options: 

•  -sS: Performs a SYN scan, which is a type of scan that is used to determine which ports are open on the target host. 
• -A: Enables OS detection, version detection, script scanning, and traceroute. This allows Nmap to gather a wide range of information about the target host. 
• -T4: Sets the timing template to level 4, which is a fast but reliable setting that is suitable for most networks. 
• -p-: Scans all 65535 TCP ports on the target host, instead of just the most common ports. 
• -oN scan_results.txt: Saves the scan results to a file named "scan_results.txt" in normal format. 

This command would cause Nmap to perform a thorough and detailed scan of the specified network, and it would save the results to a file for later analysis. This is a useful command for security professionals or network administrators who need to perform a comprehensive scan of a network.