Nmap

5.4 Troubleshooting Tools

Software Tools

📘CompTIA Network+ (N10-009)

Nmap (Network Mapper)

Nmap stands for Network Mapper. It is a network scanning and discovery tool used to discover devices on a network, identify open ports, and gather information about hosts and services. Nmap is widely used in IT environments for network troubleshooting, security audits, and monitoring.

Purpose of Nmap

Nmap is mainly used to:

  1. Discover hosts – Identify devices connected to a network.
  2. Scan ports – Find which ports are open, closed, or filtered on a device.
  3. Identify services – Determine which applications or services are running on open ports.
  4. OS detection – Estimate which operating system a host is running.
  5. Network inventory – Keep track of devices, services, and systems in a network.
  6. Security auditing – Detect vulnerabilities and misconfigurations.

How Nmap Works

Nmap sends specially crafted network packets to target devices and analyzes the responses. Based on the responses, it can tell you things like:

  • Whether a host is online.
  • Which ports are open and accessible.
  • What services are running on those ports.
  • Sometimes, even what operating system the host is using.

Basic Nmap Commands

Here are the common Nmap commands and what they do:

  1. Simple host scannmap 192.168.1.10
    • Scans a single host to check which ports are open.
  2. Scan multiple IPsnmap 192.168.1.1-50
    • Scans a range of IP addresses to find which devices are online.
  3. Scan a subnetnmap 192.168.1.0/24
    • Scans all devices in a network (all IPs in the subnet).
  4. Detect services and versionsnmap -sV 192.168.1.10
    • Finds which services are running and tries to determine their version.
  5. OS detectionnmap -O 192.168.1.10
    • Estimates the operating system of a device.
  6. Aggressive scannmap -A 192.168.1.10
    • Combines OS detection, version detection, script scanning, and traceroute.
  7. Scan specific portsnmap -p 22,80,443 192.168.1.10
    • Checks only the specified ports instead of all 65,535 ports.

Types of Scans

Nmap offers several scanning methods. The exam may focus on understanding port states and common scan types:

  1. TCP Connect Scan (-sT)
    • Fully opens a TCP connection with the target port.
    • Simple and reliable but easy to detect.
  2. SYN Scan (-sS)
    • Sends a SYN packet but doesn’t complete the connection (half-open scan).
    • Faster and stealthier than a full TCP Connect scan.
  3. UDP Scan (-sU)
    • Scans UDP ports instead of TCP ports.
    • Useful for finding services like DNS (UDP 53) or SNMP (UDP 161).
  4. Ping Scan (-sn)
    • Checks which hosts are online without scanning ports.

Port States in Nmap

When Nmap scans a host, it categorizes ports as:

  • Open – Service is running and accepting connections.
  • Closed – No service is running on this port.
  • Filtered – Cannot determine if port is open because a firewall is blocking it.
  • Unfiltered – Port is accessible but may not respond to probes.
  • Open|Filtered – Nmap can’t distinguish between open or filtered.
  • Closed|Filtered – Rare; used in advanced scans.

Practical Uses in IT Environments

In real IT networks, Nmap is used to:

  1. Check server accessibility
    • Ensure web servers, mail servers, or database servers are online and reachable.
  2. Security checks
    • Detect unused or vulnerable open ports that could be exploited.
  3. Inventory management
    • Maintain a record of devices and services running in the network.
  4. Troubleshooting connectivity
    • Identify whether firewalls or routers are blocking certain ports.

Important Notes for the Exam

  • Nmap is not malicious by itself; it’s a legitimate network tool.
  • The exam may ask you about port scanning, host discovery, service detection, or OS fingerprinting.
  • Know basic commands and scan types and understand the difference between open, closed, and filtered ports.
  • Nmap works on multiple platforms: Linux, Windows, macOS.

Key Terms to Remember

  • Nmap: Network scanning tool.
  • Port states: Open, Closed, Filtered.
  • Scan types: TCP Connect, SYN, UDP, Ping.
  • Service detection: Determines running applications.
  • OS detection: Determines operating system.
  • Aggressive scan: Combines multiple scans in one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by