Discover Network Services by Using Nmap

In this IT Pro Challenge virtual lab, you will get hands-on experience performing active reconnaissance, enumerating live hosts, and services within your network. You will use a Linux platform with Nmap, Zenmap, netcat, curl, and telnet for active recon. These are essential tools and skills for a penetration tester and a cybersecurity expert.

1 hour 15 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


Lab Overview:

This hands-on lab allows you to exercise your reconnaissance skills, using Nmap, one of the most popular open-source network mapping scanners available. You’ll also learn how to use the GUI version of Nmap, called Zenmap. After scanning your environment, you’ll use other penetration testing tools, such as Netcat, Telnet, and cURL. This set of tools and the skills to use them are essential for security auditing, vulnerability assessment, penetration testing, and cybersecurity analysts.

Understand the scenario

You are a penetration tester for a company that is auditing its network security. In this challenge, you will install and configure a target system that has common listening services (e.g., FTP, SSH, and HTTP). Then, you will use a Linux system for scanning to discover live hosts and their listening services. You will use Nmap and Zenmap to scan the network and cURL, Telnet, and Netcat to confirm your scan results.

Configure resources with an installation script

In the first part of this virtual lab, you will set up a CentOS Linux system to be your scan target. You will run a bash install script that installs and enables several common services on the system (such as FTP, SSH, and HTTP). You will also use the command line to determine the system’s IP address so that you can target it for scanning.

Install and run Nmap

You will switch to a second CentOS Linux system and configure it to be your scanner. You will use RPM to install the command line network mapping tool, Nmap, and its GUI counterpart, Zenmap. Zenmap uses Nmap as its underlying scan engine, but gives users a GUI for ease of use, especially for those that are less comfortable with running Nmap from the command line. After installing the tools, you will then practice using Nmap to perform basic scans. You will use various options and perform the following scan types:

  • a scan against one IP address (the lab router)
  • a scan against the same IP but targeting a specific port
  • an OS detection scan against the same target
  • a scan against two targets
  • a scan against a specific range of targets
  • a scan against a Class-C range of targets

For several of the scans, you will redirect your output to text files and use grep to search the results for insightful details.

Run Zenmap

This section provides you hands-on experience with the Nmap GUI front-end, Zenmap. You will perform a default scan of a Class-C subnet, using Zenmap. Then, you will navigate through and examine the results within GUI. The Zenmap interface sorts your results by a host and by service, so you can quickly review the results and/or save the output into an XML file.

Confirm your results after the scan

In this section, you will break out the toolbox and use some common tools that help confirm your scan results. You will use Netcat (also considered the TCP/IP Swiss-Army Knife), cURL, and telnet, to further interrogate the targets by performing “banner grabs.” You will target the discovered hosts and port combinations from your previous scans to confirm the services listening on those ports (e.g., FTP, SSH, and HTTP).

Lab Summary

In this hands-on virtual lab, you will learn how to use a set of tools to scan your environment for live hosts and listening services. These tools and skills are essential for penetration testing, vulnerability assessment, and cybersecurity analysts.

Other Challenges in this series

  • GUIDED CHALLENGE: Use Banner Grabbing Techniques to Enumerate Services on a Linux Server
  • ADVANCED CHALLENGE: Can you Enumerate Network Services by Using Port Scanning in Linux?