Use Nmap for Tactical Network Reconnaissance [Tutorial]

January 2, 2019 by 41 Comments

Our Premium Ethical Hacking Bundle Is 90% Off:

How to Conduct Network Recon with Nmap
Full Tutorial:
Subscribe to Null Byte:
Kody’s Twitter:

Cyber Weapons Lab, Episode 057

If you find yourself on a Wi-Fi or Ethernet connection, it might be confusing to know how to figure out what else is on the network. Nmap is a powerful tool for exploring and learning about devices around you on a network. On this episode of Cyber Weapons Lab, we’ll explore the various uses of Nmap, and show you some of the most useful scans for a beginner.

To learn more, check out the article:

Follow Null Byte on:
Weekly newsletter:


41 Replies to “Use Nmap for Tactical Network Reconnaissance [Tutorial]”

  1. 10:19 to mine shell just showing Service Info: Device: broadband router; any ideas ?

  2. bash: ipcalc: command not found im facing this error what can i do?

  3. Harry Nikic says:

    when doing "sudo nmap -sS 192.169.*. " i am getting this message " dnet: Failed to open device eth0" can anyone help, thanks

  4. I am scanning my network and my Windows 8.1 machine is not visible either on a ping or nmap or arp-scan. Someone has a solution

  5. Lal Budha says:

    Could you please make a video on Metasploitable 3 ?

  6. Hey. You need work
    On your blurring skills. You leaked a MAC address in this video 😅

  7. David James says:

    You explain so much more detail then some of the course I have bought. You should think of creating an account on Udemy, Skillshare, or even StackSocial.

  8. is this better than Fing?

  9. David Corpuz says:

    Try doing this with other IP addresses (research purposes only), "too many fingerprints match this host to give specific OS details". etc. etc. etc. Firewall blocks nmap scans, different methods as well are outdated. Also assuming that IP when conducting scans, allow them to receive that scans are being conducted to IP addresses which leads me to believe that those scans will notify IP and further investigation can be conducted on your own IP address. Any thoughts on this?

  10. I had no idea that Sheldon Cooper was also a hacker…
    Jokes aside, great content. I am learning a lot. Thank you

  11. Christopher says:

    This was great! Thank you.

  12. dave says:

    Nmap org will let you run a few free scans per day… yeah whatever you do DO NOT scan your work computer or your neighbors router js

  13. @5:15 – no option will scan 1000 ports, -F option scans 100, but if you want to scan all 65535 ports, you should use '-p – ' option

  14. Mez says:

    hi im noob just learning not running any linux yet, is he using windows cmd? tried some commands there didnt seem to work lol dont laugh just teach noob ty

  15. Aritra Kayal says:

    this video was really helpful …..but i have one question ..there are several videos over youtube showing different methods to stay annonymous while hacking , so while hacking over a network which is the best method to remain annonymous???..please do reply …and lots of love from India

  16. james bustos says:

    Remind me not to piss you off ! You make me want to give up .. like hands up got no other choice..

  17. Raj says:

    Thank you very much

  18. Ashyy says:

    suppose I got a friend who is from another country, now I got his IP and I want to scan him through Nmap, but it says that the host is not active? why? can anybody help?

  19. Is it possible to change the MAC address of a Apple laptop? I know Apple restricts certain things. Perhaps running a python script that always modifies the MAC address of the Apple laptop to avoid getting tracked on a school campus? A simple example.

  20. N M says:

    Nice GITS wallpaper. New subscriber here, loving your tutorials so far

  21. Aaron Zhu says:

    what if your access is denied when you do arp-scan -l

  22. SarkyBugger says:

    There's a GUI front-end available. Zenmap.

  23. 2A ADDICT says:

    The commands used in this video:
    "apt install nmap": This command will install nmap on a Linux based OS, this is a tool that will discover hosts and services on a network.

    "ifconfig": This command will display your IP address.

    "sudo apt-get install ipcalc": This command will install ipcalc on a Linux based OS.

    "ipcalc": This command will tell us the entire subnet range.

    "nmap -F": This command will only scan a couple of the ports instead of the entire port range, this will also speed up the scan.

    "sudo nmap -sS": This command will scan every possible port and give you a report of the various ports that are open.

    "sudo nmap -O": This command will search for ports and services that are open, it will also attempt to establish more information about the operating system that's being run.

    "sudo nmap -sV": This command will allow us to learn information about the version that is running on each port, knowing the version number is really important because it gives us information about the software that's running on the device.

    "sudo nmap -sS | grep open | cat >> results.txt": This command will scan the IP address and also do a service scan, we'll search through the output for anything that matches the word open and then write the results to the selected txt file.

    "cat results.txt": This command will display the results from the previously executed command.

    "sudo nmap -O -D,,": This command will attempt to guess the operating system while appearing to scan from a list of deceptive IP addresses, we don't want the router to identify where the source of the scans are coming from.

    "sudo nmap -sS -sU -PN": This command will do a service/UDP scan first then it will drop the initial ping which some firewalls might block, this is how you find out if you have a firewall interfering or not.

  24. rilian226 says:

    >> means append to the end of the file…not overwrite. > will overwrite the contents of the file if it exists. You don't need to pipe through cat either… just >> to append and > to overwrite.
    If you want to see the results on screen and log them in a text file pipe to the `tee` command: `nmap <options> <target> | grep <stuff> | tee output.txt`
    backing up a bit…if you need to sudo your last command, do: `sudo !!` . Much faster than up arrow and going to start of line, etc.

  25. What's terminal on windows 10

  26. Beef Lasagna says:

    I've been following this channel for a while and out of curiosity I would like to ask you. How do you know these frameworks are safe? has there ever been a time where you accidentally recommended an unsafe framework? do people take advantage of others and use these frameworks to perform their own tasks?

    Please don't take this the wrong way, I love your channel and I love what you do, and I think that you're the best Kali Linux tutorial Youtuber out there

  27. Instead of piping grep open, you can use –open option.

  28. hellopropop says:

    please reply why cant we use arp -a

  29. Kaaarm says:

    Whenever I try the "ipcalc" command, it says command not found

  30. Hello using nmap can we get the information of a phone using IP address

  31. i think that he blink when i blink, thats why i never saw him blink

  32. Hell yes!! This is fun! Thank you!

  33. John Wick says:

    I don't really watch really long videos, But Kody's videos are very interesting and amazing, he share knowledge for free and explains everything in an spectacular way everyone understands. And I don't even know how 15 mins fly away. Good work brother.

  34. Jack Sorrow says:

    Dude you showed the mac address of some of the devices you scanned even when it was blured

  35. L D says:

    inet_pton failed for S?

  36. Aanchal Deep says:

    Very informative ….👍

  37. Martinius says:

    I like these videos =)
    Many years ago I remember I once had some version of NetTools installed, and no real idea of what I was doing. Then I was pressing around one day and suddenly got this huge "WARNING! ARE YOU SURE YOU WISH TO CONTINUE?". I was like yeah whatever…. and apparently did an actve port scan of the whole range of wan addresses.
    It didn't take long for the ISP to call me 😅

Leave a Comment

Your email address will not be published. Required fields are marked *