Congratulations on setting up your first hacking lab! You now have a powerful environment, but a lab is useless without tools. It’s time to pick up your first and most essential one: Nmap.
Nmap (Network Mapper) is arguably the most famous and fundamental tool in all of cybersecurity. It’s used by ethical hackers, system administrators, and malicious attackers alike to explore networks and discover what’s running on them. This guide will explain what Nmap is and walk you through conducting your very first scan in a safe, legal way.
What is Nmap?
Nmap is a free and open-source tool for network discovery and security auditing. Its primary purpose is to scan networks to see which devices are connected, what services (and versions) they are running, and what operating system they use.
The Analogy: If a computer network is a building, Nmap is the tool that lets you create a complete blueprint. It can tell you which doors and windows (ports) are open, what’s happening behind them, and what kind of security system is in place. Attackers use this for reconnaissance, while defenders use it to find and fix security holes.
Your First Scan (A Safe and Legal Example)
Before we begin, a critical warning: Only run Nmap scans on networks you own or have explicit permission to scan. Unauthorized scanning is illegal. For this tutorial, we will use a website that the creators of Nmap provide specifically for safe testing.
Step 1: Open Your Kali Linux Terminal
- Boot up the Kali Linux virtual machine you created in the previous guide.
- Find and open the “Terminal” application. This is where you will type all your commands.
Step 2: The Basic Command
nmap -sV scanme.nmap.orgStep 3: Breaking Down the Command
nmap: This is the command that runs the Nmap program itself.-sV: This is a popular “flag” or option that tells Nmap to perform a service version detection. It probes the open ports to figure out the exact software and version running.scanme.nmap.org: This is our safe, legal target, provided by the Nmap project for learning purposes.
Understanding the Nmap Results (Simplified)
After a few moments, Nmap will produce a report that looks something like this:
Starting Nmap 7.95 ( https://nmap.org ) at 2025-09-03 20:37 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.38s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 994 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
25/tcp filtered smtp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
5060/tcp filtered sip
9929/tcp open nping-echo Nping echo
31337/tcp open tcpwrappedLet’s decode the most important columns:
- PORT: The “door number” on the target machine.
22/tcpis Port 22 using the TCP protocol. - STATE: This tells you the status of the port. “Open” is the most interesting one, as it means a service is actively listening for connections. “Filtered” means a firewall is likely blocking access.
- SERVICE: The common name for the program running on that port (e.g.,
sshfor remote login,httpfor a web server). - VERSION: This is the specific version of that service. This is critical for hackers, who look for old, unpatched versions with known vulnerabilities.
Conclusion: You’ve Taken Your First Step
You have just successfully used a professional-grade security tool to perform a live network scan and interpret the results. This simple scan is the first step in almost every penetration test and security audit.
The most important takeaway is to always use these powerful tools ethically and responsibly.
What other basic Nmap commands do you find useful? Share your tips for beginners in the comments below!
Ready to get your hands dirty? Subscribe to CyberTerminal to stay updated!
Join the CyberTerminal Community
Become an insider. Get exclusive tips and our best cybersecurity content first.