Nmap 101: Scanning My First Target

Goose GustinGoose Gustin
2 min read

This one felt different.

Compared to passive tools like whois or theHarvester, using nmap was the first time I felt like I was actually touching something.

Before now, my reconnaissance journey has been mostly observational—asking questions, pulling public records, peeking into digital windows that were already open. But nmap? It was like me knocking on the door.

🛠️ What Is Nmap?

nmap (short for Network Mapper) is a tool for scanning hosts and services on a computer network. It's used to discover:

  • Open ports

  • Running services

  • Operating systems

  • Potential vulnerabilities (with the right flags)

And it's used everywhere. From CTFs to red teaming to bug bounty writeups, everyone touches nmap at some point. I figured it was time I joined the club.

🧪 My First Scan

I started simple with my own local network:

nmap -sn 192.68.77.0/24

Pretty chill. It returned a list of all connected devices, open ports, and basic info. Then I tried public sites and went on to using more flags:

nmap -sV example.com # probes for version info

nmap -A microsoft.com # an aggressive scan, also returns some DNS info

nmap -F yahoo.com # returns results faster

nmap -sT google.com # for accurate, non-intrusive results

nmap -sS scanme.nmap.org # stealth scan

nmap -sS -sV -T4 -Pn scanme.nmap.org # flag combination: stealthy, include version, work faster, don't ping

Obviously, scanning a site like Google won’t reveal anything juicy — they’re locked down tighter than a submarine — but it helped me get comfortable with the workflow. It also taught me something important:

Even with powerful tools, you won’t find much unless you understand what you're looking at.

💡 What I Learned

  • Nmap is customizable. You can fine-tune scans to be fast, stealthy, verbose, or precise.

  • The results are only as useful as your interpretation. Seeing a port is one thing—knowing what that service does, and how it might be misconfigured, is another.

🧠 Conclusion

Recon doesn’t stop at gathering names and emails. At some point, you move from watching the surface to tapping on the infrastructure itself.

nmap kind of gets you intimate with the devices on the network your researching. If felt like — tapping. Not breaking in. Just listening for the echo.

0
Subscribe to my newsletter

Read articles from Goose Gustin directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecurityreconnaissance nmapbug bounty

Written by

Goose Gustin
Goose Gustin