NMAP Network Scanning — Host Discovery, Port Scanning, and Security Auditing
A practical guide to using NMAP for network discovery, port scanning, service detection, and security auditing — from basic scans to advanced scripting.
What is NMAP?
NMAP (Network Mapper) is the most widely used open-source tool for network discovery and security auditing. It can discover hosts on a network, identify open ports, detect services and their versions, and even find vulnerabilities using its scripting engine.
When to Use NMAP
- Network inventory — Discover all devices on your network
- Security auditing — Find open ports and exposed services
- Vulnerability assessment — Identify potential security weaknesses
- Compliance — Verify firewall rules and access controls
- Troubleshooting — Check if services are reachable
Important: Only scan networks you own or have explicit authorization to test.
Installation
Host Discovery
Before port scanning, discover which hosts are alive on a network:
Ping Scan
Discovery Methods
Scan a List of Targets
Port Scanning
Common Scan Types
Port Selection
Understanding Port States
| State | Meaning | |-------|---------| | open | Service is accepting connections | | closed | Port is reachable but no service listening | | filtered | Firewall is blocking the probe | | unfiltered | Port is accessible but NMAP can't determine open/closed | | open|filtered | NMAP can't determine if open or filtered (common with UDP) |
Service and Version Detection
NMAP Scripting Engine (NSE)
NSE extends NMAP with hundreds of scripts for vulnerability detection, brute force, discovery, and more.
Script Categories
| Category | Purpose | |----------|---------| | auth | Authentication and credential checks | | broadcast | Network broadcast discovery | | brute | Brute force password attacks | | default | Safe, useful scripts (run with -sC) | | discovery | Additional service discovery | | exploit | Active exploitation (use with caution) | | safe | Non-intrusive scripts | | vuln | Vulnerability detection |
Running Scripts
Useful NSE Scripts
Output Formats
Practical Security Audit Scenarios
Scenario 1: Network Inventory Audit
Scenario 2: Firewall Rule Verification
Scenario 3: IoT Device Security Check
Performance Tuning
Conclusion
NMAP is an essential tool for network administrators and security professionals. From basic host discovery to advanced vulnerability scanning with NSE scripts, it provides deep visibility into your network's attack surface. Regular NMAP scans should be part of your security routine — you can't protect what you can't see.
Related: OpenVAS Vulnerability Assessment, Wireshark Packet Analysis, and Linux Server Hardening.