Bird
Raised Fist0
Cybersecurityknowledge~5 mins

Port scanning with Nmap in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is Nmap used for in cybersecurity?
Nmap is a tool used to discover open ports and services on a network. It helps identify which ports on a computer or server are accessible and what services are running on them.
Click to reveal answer
beginner
What does an 'open port' mean in a port scan?
An open port means that the port is accepting connections and a service is listening on it. This can be a way for attackers to find entry points into a system.
Click to reveal answer
intermediate
Name two common types of scans Nmap can perform.
Two common scan types are TCP SYN scan (also called 'half-open' scan) and UDP scan. TCP SYN scan checks if ports respond to connection requests, while UDP scan checks for UDP services.
Click to reveal answer
intermediate
What is the purpose of using the '-sS' option in Nmap?
The '-sS' option tells Nmap to perform a TCP SYN scan, which is fast and stealthy because it doesn't complete the full TCP handshake.
Click to reveal answer
advanced
Why is port scanning considered both a useful and potentially risky activity?
Port scanning helps administrators find vulnerabilities and secure networks. However, unauthorized scanning can be seen as hostile and may trigger security alarms or legal issues.
Click to reveal answer
What does Nmap primarily scan to find open services?
AFile systems
BIP addresses only
CUser passwords
DNetwork ports
Which Nmap scan type is known as a 'half-open' scan?
APing scan
BUDP scan
CTCP SYN scan
DFull connect scan
What does an 'open' port indicate during a scan?
APort is closed and blocked
BPort is accepting connections
CPort is filtered by firewall
DPort is inactive
Which Nmap option performs a TCP SYN scan?
A-sS
B-sT
C-sU
D-sP
Why should port scanning be done carefully and with permission?
AIt may be illegal or trigger security alerts
BIt can slow down your computer
CIt deletes files on the target
DIt always crashes the network
Explain what port scanning with Nmap is and why it is important in cybersecurity.
Think about how Nmap helps find open ports and services to protect networks.
You got /3 concepts.
    Describe the difference between an open port and a closed port in the context of Nmap scanning.
    Consider what it means for a port to be open or closed when scanning.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the primary purpose of using nmap in cybersecurity?
      easy
      A. To find open ports on a network device
      B. To encrypt network traffic
      C. To create firewalls
      D. To monitor user activity

      Solution

      1. Step 1: Understand what port scanning means

        Port scanning is the process of checking which ports on a device are open and listening for connections.

      2. Step 2: Identify Nmap's role

        Nmap is a tool designed to perform port scanning to find open ports and services on devices.

      3. Final Answer:

        To find open ports on a network device -> Option A

      4. Quick Check:

        Port scanning = Finding open ports [OK]
      Hint: Nmap scans ports to find open network services [OK]
      Common Mistakes:
      • Confusing port scanning with encryption
      • Thinking Nmap creates firewalls
      • Assuming Nmap monitors user activity
      2. Which of the following is the correct basic syntax to scan a single IP address using Nmap?
      easy
      A. nmap -open 192.168.1.1
      B. nmap scan 192.168.1.1
      C. nmap --check 192.168.1.1
      D. nmap -sS 192.168.1.1

      Solution

      1. Step 1: Recall Nmap command structure

        Nmap commands start with 'nmap' followed by options and then the target IP.

      2. Step 2: Identify correct option for scanning

        The '-sS' option is a common scan type (TCP SYN scan) and is valid syntax.

      3. Final Answer:

        nmap -sS 192.168.1.1 -> Option D

      4. Quick Check:

        Correct Nmap scan syntax = nmap -sS 192.168.1.1 [OK]
      Hint: Use 'nmap -sS <IP>' for a basic TCP SYN scan [OK]
      Common Mistakes:
      • Using 'scan' as a command option
      • Using invalid options like '-open' or '--check'
      • Omitting the scan type option
      3. What will be the result of running nmap -p 22,80 192.168.0.10?
      medium
      A. Scan ports 22 and 80 on 192.168.0.10
      B. Scan all ports on 192.168.0.10
      C. Scan ports 22 to 80 on 192.168.0.10
      D. Scan only port 80 on 192.168.0.10

      Solution

      1. Step 1: Understand the '-p' option in Nmap

        The '-p' option specifies which ports to scan. Comma-separated values mean specific ports.

      2. Step 2: Analyze the ports listed

        Ports 22 and 80 are explicitly listed, so only these two ports will be scanned.

      3. Final Answer:

        Scan ports 22 and 80 on 192.168.0.10 -> Option A

      4. Quick Check:

        '-p 22,80' means scan ports 22 and 80 [OK]
      Hint: Comma lists in '-p' scan only those ports [OK]
      Common Mistakes:
      • Assuming '-p 22,80' scans all ports
      • Thinking it scans a range from 22 to 80
      • Ignoring the port list format
      4. Identify the error in this Nmap command: nmap -p 80-22 192.168.1.5
      medium
      A. IP address format is incorrect
      B. Port range is reversed; should be 22-80
      C. Missing scan type option
      D. No error; command is correct

      Solution

      1. Step 1: Check port range syntax

        Port ranges must be in ascending order, e.g., 22-80, not 80-22.

      2. Step 2: Verify other parts of the command

        The IP address format is correct, and scan type is optional; default scan works.

      3. Final Answer:

        Port range is reversed; should be 22-80 -> Option B

      4. Quick Check:

        Port ranges must ascend, not descend [OK]
      Hint: Port ranges must go from smaller to larger number [OK]
      Common Mistakes:
      • Using descending port ranges
      • Thinking IP format is wrong
      • Believing scan type is always required
      5. You want to scan a network range from 192.168.1.1 to 192.168.1.254 for open HTTP ports (port 80) only. Which Nmap command should you use?
      hard
      A. nmap -p 80 192.168.1.0-254
      B. nmap -p 80 192.168.1.1/24
      C. nmap -p 80 192.168.1.1-192.168.1.254
      D. nmap -p 80 192.168.1.0/24

      Solution

      1. Step 1: Understand how to specify IP ranges in Nmap

        Nmap accepts explicit ranges like '192.168.1.1-192.168.1.254' to scan all addresses in that range.

      2. Step 2: Check port and target correctness

        Port 80 is specified correctly with '-p 80'. The range '192.168.1.1-192.168.1.254' covers all hosts from .1 to .254.

      3. Step 3: Evaluate other options

        nmap -p 80 192.168.1.0-254 scans from 192.168.1.0 to 192.168.1.254, including the unwanted network address .0. nmap -p 80 192.168.1.1/24 uses CIDR /24 which scans the entire subnet (.0 to .255). nmap -p 80 192.168.1.0/24 scans the entire subnet including .0 and .255.

      4. Final Answer:

        nmap -p 80 192.168.1.1-192.168.1.254 -> Option C

      5. Quick Check:

        Explicit IP range with '-p 80' = nmap -p 80 192.168.1.1-192.168.1.254 [OK]
      Hint: Use full IP range for precise scanning [OK]
      Common Mistakes:
      • Using shorthand range 192.168.1.0-254 (includes .0)
      • Confusing CIDR notation with explicit ranges
      • Including network address (.0) in scan