Zenmap Port Scanning for Security

Nmap is a free Linux command line tool used for scanning a server's network connection to see which ports are exposed. Command line is not fun but the good thing is that there is a free official GUI available called Zenmap. This webpage will demonstrate the basic capabilities of Zenmap.

Nmap and Zenmap only work on Linux based systems such as CentOS, Redhat or Ubuntu. Zenmap is run from a user's computer and pointed at a server's IP address or domain name. It will then scan the server's ports and produce results based on what it found. In order for Zenmap to fully operate, you must run it as root. From the Linux command prompt type : "sudo zenmap". You will be prompted for the root password. To run Zenmap, you need nmap installed first. I will leave it up to you to install the packages.

There's two basic modes that we are interested in running Zenmap with:

  1. Regular Scan - This scan gives a quick overview of what TCP ports are open and displays the results.
  2. Intense UDP Scan - This scan is more intensive as the name suggests, takes longer and scans UDP ports also.
Regular Scan

  • First you run Zenmap from a different PC than the server or PC that you are scanning. The target IP address or domain name is the device that you want to scan. For a regular scan, you select "Regular scan" from the Profile selection list. Then you click on the Scan button.

    The Regular scan took 0.17 seconds to run and the Nmap Output tab shows the open TCP ports that were found. The open ports should be checked to see if they need to be open and/or if they should be open to the outside world.

  • The Ports/Hosts tab indicates which service is associated with each of the open ports. This is good to know if you are securing your server.

  • Topology tab will provide a look at the network and the path it took to the destination that was scanned. It is actually a powerful interactive image and you can click on the destination to find out more information. You can also do multiple scans on different devices and it will display the ones with security issues in red.

  • The Host Details tab allows you to add comments to the scan for documentation purposes and other details about the host. The amount of details will change depending on the scanned device.

  • The Scans Tab (which isn't displayed here) lists the scans that were performed. For example, it would list the 3 scans that were done for the Topology scan: "192.168.19.54", "192.168.19.56" and "Home.Home".

This page has gotten a little bit long, it's continued on at the Zenmap Intense Scan plus UDP page.

If this page has helped you, please consider donating $1.00 to support the cost of hosting this site, thanks.

Return to

TelecomWorld 101

Copyright July 2013 Eugene Blanchard