Working with nmap

To do this exercise, you must:

  1. Have administrator or “root” access on the computer you use.
  2. Have the computer on a relatively small network. You should be able to speak to everyone on the network and have their permission to run nmap.
  3. Install nmap so that it can operate using administrator or “root” access. The software is available from, if it is not already installed on your computer.
  4. Run nmap using administrator or “root” access so that all of its capabilities are available

The Exercise

Provide answers for each of the parts below.

1. Survey your network

Make a list of every device that uses the local network, based on seeing the devices themselves. This may be an incomplete list. For each device, identify the following:

  • What the device is or does, for example: desktop or laptop computer, TV, video player (no screen), audio player (no speaker), speaker, smartphone, tablet, refrigerator, toaster, …
  • The name of the manufacturer or vendor
  • A model name and/or number

Provide this list as the answer to #1.

2. Determine the Network’s IPv4 Address Range

Most internet-enabled devices have a “settings” and/or “network” menu that will display the device’s own IPv4 address. We will use this address to search the network.

We will search the address range covering the 250-odd individual addresses covered by the lowest 8 bits of the IP address. We want to keep the higher 24 bits constant and select the lowest 8 bits as our search range. If the IP address is, the address range is:

When we use nmap to scan a network, we will choose two things: the IP address range and the type of search. Each type of search uses different network messages to try to detect and identify network hosts. In the following, we assume you will use the nmap command line interface. You may use a graphical interface instead, but use the same address range and types of search indicated, and save the outputs.

Provide the address range, formatted as shown above, for your local network as answer to #2.

3. Use Simple nmap to search the network

Here is the simplest nmap command for searching the network:


This will take a few minutes to complete. Provide the output as answer to #3.

4. nmap Completeness

Compare the hosts detected by nmap with the devices you listed in #1 above, and answer the following:

a. Which devices show up on the list of devices from #1 but not on the nmap listing?

b. Which devices show up on the nmap listing but not on the list of devices from #1? Try to identify each such device by type, manufacturer, and model.

5. Improved Completeness

Try the following to see if additional devices appear on the network:

nmap -PN

This will take longer to complete. Be sure nmap is running as an administrator or root process to ensure it uses every trick it has available.

Provide the output as answer to #5.

6. Compare Completeness

Identify hosts that were found in #5 but not in #3. Try to identify each such device by type, manufacturer, and model. Provide this list as the answer to #6.

7. Service Survey

There should be different types of equipment on the network. Pick two types of equipment on your network:

  • A client, like a desktop, laptop, smart phone, or tablet.
  • A server, like a shared printer.
  • An internet-enabled entertainment device, like a TV, speaker, video or audio player.
  • A router

Locate the IP addresses of two hosts on your network, one of each equipment type.

Perform a “service version scan” on the hosts. This uses the “-sV” option on the command line. Provide the outputs as the answer to #7.