The protection of the computer network is one of the crucial parts that come with the building of a secure information technology infrastructure. A network mapper, known as ‘Nmap’, can be a mighty weapon in the hand of any security officer. Nmap is a multifaceted tool for scanning network to identify hosts, exposing vulnerabilities while doing penetration testing and security auditing. 

This guide will be useful as we see how Nmap commands and the most common options can be used to effectively scan and analyze your network.

1. Basic Scan

The most straightforward use of Nmap involves scanning a single target

• nmap target ip

Insert target ip with the hostname or an IP address you wish to sweep.

2. Target some range of hosts

You can scan multiple hosts by specifying them in the command:You can scan multiple hosts by specifying them in the command:

• nmap targeti1 ip target2 ip

This feature supports you in sweeping through a list of hosts.

3. Scan various IP addresses within the range

Scan a range of IP addresses using the following command

• nmap 192.168.1.1-100

This is helpful when you want to check a particular sub-net such range of IP addresses.

4. Scanning a Subnet by Notation of CIDR.

• nmap 192.168.1.0/24

The below command is used to perform a scan to the listed passive targets.

5. SYN TCP Scan

Use a TCP SYN scan for a stealthy approach:Use a TCP SYN scan for a stealthy approach

• nmap -sS target ip

The probe is set to issue SYN packets to port scan and see if each port is open before TCP handshake has finished.

6. TCP three way handshake

Initiate a TCP connect scan for a more direct connection attempt

• nmap -sT target ip

This is the end of TCP handshake and thereby produces more accurate responses.

7. UDP Scan

To scan UDP services, use the following command:

• nmap -sU target ip

UDP scans are excellent tools for checking open UDP ports and verifying whether a corresponding service is running behind them.

8. OS Intrusion Detection

Identify the operating system running on the target

• nmap -O target ip

This command helps in mapping the environment.

9. Service Version Identification

Determine service and application versions

• nmap -sV target ip

Actually good for the purpose of telling the software version of exactly the OPEN ports.

10. Aggressive Scan

Perform an aggressive scan for a comprehensive assessment

• nmap -A target ip

For example, this can be detection of OS, version checking, script scanning, and other Malware types.

11. Scan Targeted Ports

• nmap -p 80,443 target ip

That leaves more than enough opportunities to scan the web for a particular port.

12. Scan the top 1000 ports 

Scan the top 1000 ports on the target

• nmap -p 1-1000 target ip

This is a simple way to recognize frequently used services.

13. Output the Data to a File

Save scan results to a text file

• nmap -oN output.txt target ip

This is useful in ascent of presenting the result smoothly and easily.
XML Format

14. Output in XML Format

Generate XML-formatted output for further analysis

• nmap -oX output.xml target ip

The XML format has made it possible to develop various platforms for the seamless integration of different tools and systems.

15. Output in Grepable Format

Save results in grepable format for easy parsing

• nmap -oG output.grep target ip

Readable for humans format is also as well as script-readable.

16. Disable DNS resolution

Speed up the scan by disabling DNS resolution:

• nmap -n target ip

This is usful when someone does not need DNS resolution process.

17. Hosts Scan Exclude

Exclude specific hosts from the scan

• nmap –exclude excluded_host target ip

This feature is useful when you do not need to scan through all of the hosts in your operation

18. Ping Scan (Disable Port Scan)

Perform a ping scan without port scanning

• nmap -sn target

Rapidly detect the machines which are attached live host on the network.

19. Script Scanning

Use default scripts for additional information

• nmap -sC -sV target ip

The scanning provides a crucial source of information to spot potential flaws.

20. Custom scripts and scans.

Run a custom Nmap script against the target

• nmap –script script_name target ip

Tips for Advanced Usage

• Timing and Performance: Provide timing options (from 0s timeout to 5s) that you can tune for the balance between speed and stealth. In general the -T4 and the -4 are faster but more likely to be detected whereas —T0 through -T2 is slower and stealthy
• Bypassing Firewalls and IDS: For instance, one good technique is to break the packets down (-f), use decoys (-D), or set a source port (–source-port) which could hinder detection.
• Automation and Integration: The average user frequently utilizes automation of Nmap scanning within scripts or incorporation of them into security tools and dashboards for non-stop surveillance.

Remember to note that you need to have the permissions to be able to use Nmap to scan the targeted network before the scan is done. Unauthorized scanning has negative legal and ethical impacts. Hence use these commands with caution to increase the security of your network environment.