Chapter 3: Identifying the Occupants (Service & OS Detection)
With the list of active hosts, Alex needed to know which "doors" were open. They ran a ( nmap -sS ), often called a "stealth scan" because it never fully completes the TCP connection, making it harder for simple firewalls to log. Port 80 (HTTP): Open. A web server. Port 22 (SSH): Open. Remote access. Port 445 (SMB): Filtered. Likely behind a firewall. Nmap Network Scanning Guide
To truly find the "cracks" in the armor, Alex invoked the . They ran a vulnerability scan against the identified web server using the command: nmap --script vuln 192.168.1.45 Chapter 3: Identifying the Occupants (Service & OS
Alex didn't just need the data; they needed to present it to their manager. They reran the final scan, saving it in multiple formats ( -oA scan_results )—XML for the technical tools and plain text for quick reading. A web server
The results flickered across the screen: "12 hosts up." Alex had their targets. Chapter 2: Peering Through the Windows (Port Scanning)
