Difficulty: Beginner
Estimated Time: 10 minutes

nmap is a powerful tool for any penetration tester. It can easily identify network targets, enumerate services running on targets, and every divulge sensitive information about targets in some cases. In this guide, we'll go through the basics of nmap, identify targets, identifying services on those targets, and enumerating additional information about those services.

NOTE: Many people consider running nmap a malicious activity. Only do so on hardware you are authorized to scan.

You're on your way to becoming a Linux guru!

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Network scanning with nmap

Step 1 of 6

Target Enumeration

Scenario will be available after containers finish downloading.

If your targets are not currently known (often in the case when working on a new network) nmap can help you find targets on the network.

First, identify what network you are currently on by running ip a and identifying your IP address, in this case it is likely with

Using your IP address, you can identify probably targets on the network. nmap accepts targets in multiple ways, but we will be using the CIDR notation. For example, if your IP address was, you would replace the last digit with a 0 and append /24 and run nmap -sn

The -sn flag tells nmap to not run a port scan on any host, only enumerate what hosts are live in the range given.

If done correctly, you should see 3 hosts found, yourself and 2 others. In the next step, we will look at enumerating the fedora host.