Step by Step Scanning the Network Using Nmap Tool

We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more ›

Nmap scan is one of the most essential techniques used in cybersecurity, network administration, and ethical hacking. Whether you're troubleshooting, auditing, or discovering devices on a network, the Nmap tool gives you powerful insights into the systems connected to your environment.

In this detailed Nmap tutorial, we'll guide you step-by-step through various types of network scans using Nmap, from basic discovery to advanced service and OS detection.

What is Nmap?

Nmap (Network Mapper) is an open-source tool designed for network discovery and security auditing. It can quickly scan large networks or individual devices to gather valuable information such as open ports, running services, operating systems, and potential vulnerabilities.

Prerequisites Before You Run an Nmap Scan

Before beginning a scan:

Ensure you have permission to scan the network.
Install Nmap on your system.

Install Nmap:

Linux: sudo apt install nmap
Windows/Mac: Download from https://nmap.org/download.html

Step-by-Step Guide to Scanning the Network Using Nmap

Step 1: Identify the Target Network

Use ip a (Linux/macOS) or ipconfig (Windows) to identify your local IP.

Example: If your IP is 192.168.1.10, you may scan 192.168.1.0/24 to cover the full subnet.

Step 2: Ping Scan (Discover Live Hosts)

This Nmap scan will detect which hosts are up and responding. No ports will be scanned.

Step 3: Basic Port Scan

This performs a default port scan (most common 1000 TCP ports) on a single target.

Step 4: Scan Multiple IPs or Ranges

This command will scan IPs from 192.168.1.1 to 192.168.1.50.

Or use a file:

Step 5: Service Version Detection

This Nmap command tells you which services are running and their versions (e.g., Apache, SSH, etc.).

Step 6: OS Detection

OS detection allows you to determine the operating system of a remote machine, a critical aspect of penetration testing.

Step 7: Aggressive Scan

This comprehensive Nmap scan includes:

OS detection
Version detection
Script scanning
Traceroute

Step 8: Scan Specific Ports

Or a range:

Use this to target custom port numbers.

Step 9: Use NSE Scripts (Vulnerability Scanning)

Leverage Nmap Scripting Engine (NSE) to detect known vulnerabilities automatically.

Step 10: Save Scan Results to File

Other formats:

-oX (XML)
-oG (Grepable)

This is ideal for documentation or reporting purposes.

Final Thoughts on Nmap Scan

Performing an Nmap scan is one of the foundational skills in cybersecurity and network troubleshooting. By mastering these steps, you can gain detailed insights into your network environment, detect vulnerabilities early, and enhance security posture.

Frequently Asked Questions (FAQs)

What is the purpose of an Nmap scan?

An Nmap scan helps identify active devices, open ports, running services, and potential vulnerabilities in a network — essential for both system admins and ethical hackers.

Can I use Nmap on Windows?

Yes, Nmap works seamlessly on Windows, macOS, and Linux. Simply download the installer from the official site and start scanning.

Is Nmap safe to use?

Yes, but only on authorized networks. Some types of scans (like -A) can be intrusive and might trigger security alerts or slow down network devices.