Active Reconnaissance – There’s no place like

Before I continue, I should mention that scanning any other system than yours could get you in big trouble. To be safe, you need written permission to do so on systems other than your own. The IP number for the computer you are on is, also called “localhost” or just home. If you run nmap against that IP you should be OK.

In my previous piece on Zenmap I showed how to do a basic scan: Now just a little more in-depth description of what the results are.

Open Zenmap and under Profile select “Intense scan.” This will give you a query like this: “nmap -T4 -A -v 127.0.01” then click “Scan” to the right.

After Zenmap checks against a database of services, in green you will see the list of ports open on your machine and the state of the port (here it only shows the open ports). The ports are numbered and specify either UDP or TCP. Data is divided into packets, labeled, numbered and sent. In short, TCP packets require a guarantee on their sending and receiving, UDP packets are not guaranteed and are used for information that does not require a check on being received (typically for audio and video, which continue to be received if one or more packets are missing).

Then you see the service name. For instance, the first one of the Microsoft’s Remote Procedure Call (MSRPC Protocol: Definition & How It Works | Protocol Support Library ( and the version of the service┬árunning will sometimes be shown in that column.

Then you will see your operating system, here Windows 10 (1809-1909 under details).

To give you a better idea of what Zenmap/nmap is capable of, here are the typical flags (options) you can use:

No ping -P0
Ping is a command line utility to see if a computer or device is sending and receiving traffic. This option bypasses that.

Identify operating system -O

TCP SYN scan -sS
This type of scan is the fastest and least intrusive method to verify a service is responding.

List specific ports 1-65535
Ports 0-1023 are the well-known ports
Ports 1024-49151 are called registered ports
Ports 49152-65535 are known as ephemeral ports

Nmap’s five levels of aggression -T1 to -T5
Specifies time and detail of scan.

One thought on “Active Reconnaissance – There’s no place like”

Leave a Reply

Your email address will not be published. Required fields are marked *