Nmap Scan Network -

Leo knew the doors were open, but he didn't know what was behind them. Were they heavy steel vaults or rotting wood? Using nmap to scan networks (Awesome Linux Tools)

Enumerates DNS, NFS, SMB, and SNMP services across the subnet.

Nmap is not just a scanner; it's a vulnerability scanner. The NSE contains hundreds of scripts for everything from brute-forcing SSH to detecting Heartbleed. nmap scan network

nmap -sV -sC -O <target>

sudo nmap -O 192.168.1.10

Beyond simply listing open ports, Nmap’s true power lies in its . A banner grab ( -sV ) goes further by connecting to open ports and analyzing the response to determine not just the service (e.g., "web server") but its exact version (e.g., "nginx 1.18.0"). This granularity is crucial because a known vulnerability, such as an outdated OpenSSL library, is tied to a specific version number. Simultaneously, the OS detection engine ( -O ) analyzes subtle quirks in TCP packets—initial sequence numbers, window sizes, and options—to deduce the underlying operating system, distinguishing a Linux server from a Windows workstation. This transforms the scan from a simple connectivity test into a sophisticated enumeration of the network’s software anatomy.

This is the default scan type for users running Nmap without root privileges. It connects to the target port using the full TCP three-way handshake (SYN, SYN-ACK, ACK). It is accurate but easily logged by the target system. Leo knew the doors were open, but he

Knowing port 80 is open is useless. Knowing it runs on Ubuntu 20.04 is actionable intelligence.