Alex didn't just need the data; they needed to present it to their manager. They reran the final scan, saving it in multiple formats ( -oA scan_results )—XML for the technical tools and plain text for quick reading.
With the list of active hosts, Alex needed to know which "doors" were open. They ran a ( nmap -sS ), often called a "stealth scan" because it never fully completes the TCP connection, making it harder for simple firewalls to log. Port 80 (HTTP): Open. A web server. Port 22 (SSH): Open. Remote access. Port 445 (SMB): Filtered. Likely behind a firewall.
Alex knew that scanning every possible IP would be loud and slow. They started with a ( nmap -sn 192.168.1.0/24 ) to quietly identify which devices were actually powered on without probing specific ports. Nmap Network Scanning Guide
Chapter 3: Identifying the Occupants (Service & OS Detection)
The scripts cross-referenced the service versions with known CVE (Common Vulnerabilities and Exposures) databases. Within seconds, the screen flashed red: The outdated Apache version was susceptible to a known exploit. Chapter 5: The Final Report (Output) Alex didn't just need the data; they needed
The terminal revealed a critical detail: Port 80 wasn't just a generic web server; it was running an outdated version of Apache. Alex also saw that the target was likely a machine. Chapter 4: The Deep Dive (Nmap Scripting Engine)
Knowing a port is open isn't enough; you need to know what’s running inside. Alex used ( nmap -sV ) and OS Detection ( nmap -O ). They ran a ( nmap -sS ), often
In the dimly lit basement of a mid-sized tech firm, Alex, a junior security analyst, stared at a monitor displaying a quiet network. Their mission was clear: conduct a full security audit of the internal "Omega" subnet before the upcoming board meeting. To do this, Alex reached for the industry-standard "Swiss Army knife" of networking: . Chapter 1: The First Knock (Host Discovery)