Step-by-Step Guide to Using Nmap: A Comprehensive Tutorial for Network Security Auditing

Nmap, short for “Network Mapper”, is a free and open-source tool used for network discovery and security auditing. It can be used to detect hosts and services on a network by creating and analyzing raw packets. This tutorial covers basic to intermediate use of Nmap.

System Requirements

  1. Computer running a Linux distribution (for this tutorial), Windows, or macOS
  2. Sufficient privileges to install software and run network scans (usually root or administrator)

Step 1: Installation

For Debian-based Linux distributions (like Ubuntu), use the following command to install Nmap:

[coding-blocks block=”nmaptutorial1″]

For other operating systems, you can find instructions on the official Nmap download page.

Step 2: Basic Scan

To perform a basic scan, you can use the command:

[coding-blocks block=”nmap-tutorial-2″]

Replace [target] with the IP address or domain name of the machine you want to scan.


[coding-blocks block=”nmap-tutorial-3″]

This will perform a basic SYN scan on the target and list out the open ports and running services.

Step 3: Scan Multiple Targets

You can scan multiple targets by separating them with spaces:

[coding-blocks block=”nmap-tutorial-4″]

Or you can scan a range of IPs:

[coding-blocks block=”nmap-tutorial-5″]

Step 4: Scan Types

Nmap can perform different types of scans. The most common are SYN scan (-sS), TCP connect scan (-sT), and UDP scan (-sU). For instance, to perform a TCP scan:

[coding-blocks block=”nmap-tutorial-6″]

Step 5: Port Selection

By default, Nmap scans the 1,000 most common ports for each protocol. You can specify a different set of ports with the -p option:

[coding-blocks block=”nmap-tutorial-7″]

Step 6: Detect OS and Services

You can detect the operating system and services running on a target with the -O and -sV options:

[coding-blocks block=”nmap-tutorial-8″]

Step 7: Save Scan Results

You can save the output of your scan to a text file using the -oN option:

[coding-blocks block=”nmap-tutorial-9″]

Step 8: Stealthy Scanning

To perform a scan without being detected by most intrusion detection systems, use the -T (timing) and -Pn (skip host discovery) options:

[coding-blocks block=”nmap-tutorial-10″]

Step 9: Script Scanning

Nmap has a scripting engine for more advanced scanning scenarios. To use a script, use the –script option:

[coding-blocks block=”nmap-tutorial-11″]


This tutorial covered only the basic and some intermediate features of Nmap. As a powerful network analysis tool, Nmap has many more features and options. Refer to the Nmap documentation or the man page (man nmap in a terminal) for more information.

  • Remember to always use tools like Nmap responsibly. Unauthorized scanning can be illegal and unethical. Always have permission to scan any network or system.
Spread the love

Related Posts