If you’re getting into cybersecurity, ethical hacking, or network engineering, you’ll quickly hear the name Nmap. When I started learning Nmap, it felt overwhelming - so many flags, so many scan types, so many outputs.

At the same time, I’m building a small tool in Go that works like Nmap, which forced me to understand what Nmap actually does behind the scenes.

This article is a simple introduction to Nmap for beginners — no assumptions, no jargon overload.

What is Nmap?

Nmap (Network Mapper) is a free and open-source tool used to discover hosts, open ports, running services, OS information, and much more.

Think of Nmap as a "network Sherlock Holmes" — it asks questions like:

• Who is online?
• Which ports are open?
• What services are running?
• What OS might this machine be using?

Why Nmap Is Important (Even for Developers)

Even if you’re not a pentester, Nmap helps you:

• Test your own servers for exposed ports
• Learn how attackers might discover your infrastructure
• Troubleshoot network issues
• Understand how protocols behave
• Build your own network tools (like I’m doing in Go)

Installing Nmap

Linux (Debian/Ubuntu/Kali)

sudo apt install nmap

Arch

sudo pacman -S nmap

Mac

brew install nmap

Windows

Download the installer from: https://nmap.org/download.html

The Most Important Nmap Commands for Beginners

Let’s go through practical commands you’ll actually use.

1. Basic Host Scan

nmap 192.168.1.10

Scans common ports and shows open ones.

2. Ping Scan (Check if a host is online)

nmap -sn 192.168.1.0/24

Good for discovering devices on a network.

3. Scan all ports (1–65535)

nmap -p- 192.168.1.10

If you want everything, this is the scan.

4. Fast Scan (Top 100 ports)

nmap -F 192.168.1.10

Quick way to get useful info.

5. Stealth Scan (SYN Scan)

sudo nmap -sS 192.168.1.10

Very common in pentesting because it’s fast and less detectable.

6. Get Service Info

nmap -sV 192.168.1.10

This tries to detect what service is running on each open port
(e.g., Apache, SSH version, MySQL version).

7. OS Detection

sudo nmap -O 192.168.1.10

Tries to guess the operating system.

8. Scan Without Ping (Useful for firewalled hosts)

nmap -Pn 192.168.1.10

The Most Common Nmap Flag (For Beginners): -sS

If you're wondering "which Nmap flag is the most used?", it’s -sS — the SYN (stealth) scan.
It balances speed, accuracy, and low detection.

How Nmap Works (Simple Explanation)

When you scan a port, you’re basically performing a tiny conversation:

• Send a TCP SYN packet → “Are you accepting connections?”

• Get a reply:

  • SYN/ACK → Port is open
  • RST → Port is closed
  • No response / filtered → Firewall blocked it

This is the exact logic I'm trying to replicate while building my Go tool.

Building My Own Nmap-like Tool in Go

I wanted to understand scanning deeper, so I started building a simple port scanner in Go.

Here’s a simplified version of checking if a port is open:

package main

import (
    "fmt"
    "net"
    "time"
)

func main() {
    host := "192.168.1.10"
    for port := 1; port <= 1024; port++ {
        address := fmt.Sprintf("%s:%d", host, port)
        conn, err := net.DialTimeout("tcp", address, time.Millisecond*200)
        if err == nil {
            fmt.Printf("Port %d is open\n", port)
            conn.Close()
        }
    }
}

This is the basic idea behind an Nmap-like tool — check if a port accepts connections.

Tips for Learning Nmap Effectively

• Start with one command per day
• Always scan your own machines (legally safe)
• Try different scan types and compare results
• Read the built-in help (nmap --help)
• Build your own small port scanner to understand the basics

Final Thoughts

Nmap may look intimidating, but once you understand the basics, it becomes one of the most powerful and fun tools in cybersecurity.