Now that Leo had a list of addresses, he focused on a mysterious server at 192.168.1.15 . He needed to know which "doors" (ports) were open to the public. nmap -sS -p- 192.168.1.15
Let's dissect the most fundamental command for scanning a local network: nmap scan network
Enumerates DNS, NFS, SMB, and SNMP services across the subnet. Now that Leo had a list of addresses,
The -sC flag is equivalent to --script=default . It runs about 100 common, safe scripts that perform banner grabbing, clock skew detection, and more. The -sC flag is equivalent to --script=default
This is the most popular scan type (often called "Stealth Scan"). It requires root privileges. Instead of completing the handshake, Nmap sends a SYN packet. If the target replies with SYN-ACK, the port is open. Nmap then sends an RST (Reset) to drop the connection immediately.