Nmap Network Scanning

Understand how Nmap scan types affect output, accuracy, and documentation quality in an authorized lab.

• Identified the authorized Metasploitable2 lab target at 192.168.128.2.
• Ran Nmap service detection with `nmap --privileged -sV -oN scan_results.txt 192.168.128.2`.
• Confirmed the host was up with very low latency.
• Documented all open TCP services and detected versions.
• Saved the raw command output as a reusable evidence file.

• Nmap found 23 open TCP services and 977 closed TCP ports.
• Detected exposed services included FTP, SSH, Telnet, SMTP, DNS, HTTP, RPC, SMB, NFS, MySQL, PostgreSQL, VNC, X11, IRC, AJP13, and Tomcat.
• Port 1524 exposed a bindshell service identified as a Metasploitable root shell.
• Service detection identified legacy software such as vsftpd 2.3.4, Apache 2.2.8, MySQL 5.0.51a, PostgreSQL 8.3, ProFTPD 1.3.1, and ISC BIND 9.4.2.
• The output provides strong evidence for follow-up vulnerability assessment and service-specific research.

• Network scanning is evidence collection, not just tool execution.
• Responsible scanning requires explicit authorization and scope.

• Compare default scans with SYN and version scans.
• Map findings to a simple asset inventory.

• Nmap Reference Guide
• Kali Linux tools documentation