TryHackMe — Nmap: The Basics | Cyber Security 101 (THM)

Host Discovery: Who Is Online
Scenario: This task focuses on using Nmap to discover live hosts.

Nmap can specify targets in several ways:

• IP range: Use - (e.g., 192.168.0.1-10).
• IP subnet: Use / (e.g., 192.168.0.1/24, equivalent to 192.168.0.0-255).
• Hostname: Specify by hostname (e.g., example.thm).

To discover online hosts, use the -sn option (ping scan). Note that running Nmap as root or using sudo is necessary for full capabilities.

Scanning a “Local” Network
In this context, “local” refers to directly connected networks (e.g., Ethernet/WiFi). The example scans the WiFi network 192.168.66.0/24:

root@tryhackme:~# nmap -sn 192.168.66.0/24

Nmap sends ARP requests, marking responsive devices as “Host is up.” It also provides MAC addresses, helping identify device types.

Scanning a “Remote” Network
“Remote” networks have at least one router separating them from the scanning system. Scanning 192.168.11.0/24 demonstrates this:

root@tryhackme:~# nmap -sn 192.168.11.0/24

Nmap uses ICMP and TCP requests to determine which hosts are up, shown in the output.

Nmap provides additional options for control, like -PS, -PA, and -PU for TCP SYN, TCP ACK, and UDP discovery…