Nmap (Network Mapper) is a security scanning tool used to discover hosts and services on a computer network, creating a “map” of the network. Operating systems, packets filters, firewalls, and many other characteristics can be identified via Nmap(IOActive, 2017).

After you run an Nmap scan, understanding the output is crucial to interpreting its results effectively (Network Computing, 2021). The report often starts with a command line which reflects your input when you initiated the scan. It is followed by the section that lists down each host scanned and the details associated with them.

In this section, the ‘Status’ indicates whether a host is up or down. ‘Down’ means the host did not respond to the ping probes, while ‘Up’ indicates the opposite. The subsequent section is ‘Ports’. Here, each row represents different information about specific ports on the host(Nmap.org, 2022). This information typically includes:

1. PORT: The port number and protocol
2. STATE: The state of the port (open, closed, filtered, unfiltered, open|filtered, or closed|filtered)
3. SERVICE: The application expected to be running on the port
4. VERSION: Any version information Nmap could obtain about the service or OS.

You might see different port states in the output such as:

a. Open: The application is ready to accept connections/packets.
b. Closed: No application is listening on this port, but it’s accessible.
c. Filtered: The packet filter (firewall) is preventing Nmap from determining whether the port is open.
d. Unfiltered: The port is accessible, but Nmap is unable to determine whether it’s open or closed.

When used with the version scan (-sV), Nmap can provide details on the particular software version used by the identified services (Github, 2018).

Next, the ‘Host scripts’ section, if available, provides more information about the host, obtained using specific Nmap scripts. ‘Trace’ section outlines the path that the packets take to reach the host.

Reading Nmap scan results require a sound understanding of network terminologies, protocols, and behaviours. In most cases, manually parsing Nmap scan results can be very tedious; hence tools like Zenmap are used, which provide a graphical interface to view and analyze Nmap outputs.

Sources:

1. Nmap.org. 2022. Understanding Nmap Scan Results. [online] Available at: https://nmap.org/book/output.html
2. IOActive. 2017. Guide to Nmap. [online] Available at: https://www.ioactive.com/pdfs/IOActive_Guide_to\_Nmap.pdf
3. Github. 2018. Cheat Sheet Nmap. [online] Available at: https://github.com/nixawk/labs/blob/master/cheatsheet/nmap/README.md
4. Network Computing. 2021. How to Use Nmap: Commands and Tutorial Guide. [online] Available at: https://www.networkcomputing.com/networking/how-use-nmap-commands-and-tutorial-guide/.

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP