█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Vulnerability Management/Scanning and Discovery
45 minIntermediate

Scanning and Discovery

After this lesson, you will be able to: Use Nmap to scan a network for open ports and services, and interpret the results.

Before you can manage vulnerabilities, you have to know what's there. Nmap is the universal tool for discovering hosts, ports, and services. This lesson teaches the most common scans and what their output means.

Prerequisites:What is Vulnerability Management?

What Nmap actually does

Nmap sends crafted network packets to target hosts and watches the responses. From those responses it figures out: which hosts are up, which ports are open, what software is listening on them, and (often) which OS the host is running. It's a flashlight in a dark room, you can't fix problems you can't see.

Common Nmap commands

These are the scans you'll run in real engagements. Always run on systems you own or have written permission to scan.

tsx
# Quick discovery, which hosts are up?
nmap -sn 192.168.1.0/24
# Top 1000 TCP ports on a host
nmap example.com
# Service + version detection (slower)
nmap -sV example.com
# Full port range + scripts
nmap -p- -sV --script default example.com
# OS detection
nmap -O example.com

⚠️ Legal warning

Scanning systems you don't own, even just discovery, is illegal in many jurisdictions. Practice only on TryHackMe, HackTheBox, your own LAN, or VMs you set up yourself. Never scan a real company's infrastructure without written authorization.

Try it on TryHackMe

Run an Nmap scan in a safe lab environment.

  1. 1

    Sign in to TryHackMe and start the free 'Nmap' room

  2. 2

    Connect to the VPN as the room instructs

  3. 3

    Run an SYN scan against the target machine: nmap -sS <target-IP>

  4. 4

    Identify the open ports and the running services

  5. 5

    Record what you found and submit it to the room's questions

Reading Nmap output

Open = the service is listening and reachable. Closed = no service, but the host responded. Filtered = a firewall is blocking the probe. Service columns show what software is running and often the version, this is what you cross-reference against the NVD to find known vulnerabilities.

Quick Check

What does -sV add to a basic Nmap scan?

Choose the best one-liner.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←What is Vulnerability Management?
Back to Vulnerability Management
CVEs, CVSS, and Prioritization→