Nmap and Network Scanning

Nmap and network scanning represent a foundational aspect of cybersecurity reconnaissance, involving the process of actively probing a computer network to discover hosts, identify open ports, and enumerate the services and operating systems running on them. Nmap (Network Mapper) is the industry-standard, open-source tool used to perform these scans, offering a powerful and versatile set of techniques for mapping network topologies and gathering intelligence. This information is invaluable for both network administrators conducting security audits and penetration testers identifying vulnerabilities, as well as for malicious attackers who use it as a preliminary step to find potential targets and plan their attacks.

1. Fundamentals of Network Communication
   1. The OSI Model
      1. Overview and Purpose of the OSI Model
      2. Layer 1: Physical
         1. Physical Media Types
            1. Copper Cables
            2. Fiber Optic Cables
            3. Wireless Media
         2. Network Topologies
            1. Bus Topology
            2. Star Topology
            3. Ring Topology
            4. Mesh Topology
         3. Signal Transmission Methods
            1. Electrical Signals
            2. Optical Signals
            3. Radio Frequency Signals
      3. Layer 2: Data Link
         1. MAC Addressing
            1. MAC Address Structure
            2. Unicast vs Multicast vs Broadcast
         2. Ethernet Frames
            1. Frame Structure
            2. Frame Types
         3. Switches and Bridges
            1. Learning and Forwarding
            2. Spanning Tree Protocol
         4. Error Detection and Correction
            1. CRC Checksums
            2. Frame Check Sequence
      4. Layer 3: Network
         1. IP Addressing
            1. IPv4 Address Structure
            2. IPv6 Address Structure
         2. Routing Concepts
            1. Static Routing
            2. Dynamic Routing
            3. Default Gateway
         3. Routers and Layer 3 Devices
            1. Router Functions
            2. Layer 3 Switches
         4. Subnetting and Supernetting
            1. Subnet Masks
            2. VLSM
            3. Route Summarization
      5. Layer 4: Transport
         1. TCP vs UDP
            1. Connection-Oriented vs Connectionless
            2. Reliability Mechanisms
         2. Ports and Sockets
            1. Port Number Ranges
            2. Socket Pairs
         3. Flow Control and Congestion Control
            1. TCP Window Size
            2. Congestion Avoidance
      6. Layer 5: Session
         1. Session Establishment and Termination
         2. Session Management Protocols
            1. NetBIOS
            2. RPC
      7. Layer 6: Presentation
         1. Data Encoding and Encryption
            1. Character Encoding
            2. SSL/TLS
         2. Data Compression
            1. Lossless Compression
            2. Lossy Compression
      8. Layer 7: Application
         1. Application Protocols
            1. HTTP/HTTPS
            2. FTP/SFTP
            3. SMTP/POP3/IMAP
            4. DNS
            5. DHCP
         2. Client-Server Model
            1. Request-Response Pattern
            2. Stateful vs Stateless
   2. The TCP/IP Model
      1. Comparison with OSI Model
         1. Layer Mapping
         2. Practical Implementation
      2. Network Interface Layer
         1. Ethernet and Wi-Fi
            1. Ethernet Standards
            2. Wi-Fi Standards
         2. ARP Protocol
            1. ARP Request and Reply
            2. ARP Cache
            3. Gratuitous ARP
      3. Internet Layer
         1. IP Addressing
            1. IPv4 Addressing
            2. IPv6 Addressing
         2. Routing Protocols
            1. RIP
            2. OSPF
            3. BGP
            4. EIGRP
         3. ICMP Protocol
            1. Error Reporting
            2. Diagnostic Functions
      4. Transport Layer
         1. TCP Functions
            1. Reliable Delivery
            2. Sequence Numbers
            3. Acknowledgments
         2. UDP Functions
            1. Unreliable Delivery
            2. Minimal Overhead
         3. Port Numbers
            1. Well-Known Ports
            2. Registered Ports
            3. Dynamic Ports
      5. Application Layer
         1. Common Application Protocols
            1. Web Protocols
            2. Email Protocols
            3. File Transfer Protocols
         2. DNS and Name Resolution
            1. DNS Hierarchy
            2. DNS Record Types
            3. Name Resolution Process
   3. Core Protocols
      1. Internet Protocol (IP)
         1. IPv4 Addressing and Subnetting
            1. Address Classes
               1. Class A
               2. Class B
               3. Class C
               4. Class D
               5. Class E
            2. Subnet Masks
               1. Default Subnet Masks
               2. Custom Subnet Masks
            3. CIDR Notation
               1. Prefix Length
               2. Network and Host Portions
            4. Private vs Public Addresses
               1. RFC 1918 Private Ranges
               2. NAT and PAT
         2. IPv6 Addressing
            1. Address Structure
               1. 128-bit Address Space
               2. Hexadecimal Notation
            2. Prefixes and Notation
               1. Global Unicast
               2. Link-Local
               3. Multicast
            3. Transition Mechanisms
               1. Dual Stack
               2. Tunneling
               3. Translation
      2. Transmission Control Protocol (TCP)
         1. The Three-Way Handshake
            1. SYN Packet
            2. SYN-ACK Packet
            3. ACK Packet
            4. Initial Sequence Numbers
         2. TCP Flags
            1. SYN Flag
            2. ACK Flag
            3. FIN Flag
            4. RST Flag
            5. PSH Flag
            6. URG Flag
            7. ECE Flag
            8. CWR Flag
         3. Connection Termination
            1. Four-Way Handshake
            2. FIN-ACK Sequence
            3. TIME_WAIT State
            4. Connection Reset
         4. TCP State Machine
            1. LISTEN
            2. SYN_SENT
            3. SYN_RECEIVED
            4. ESTABLISHED
            5. FIN_WAIT_1
            6. FIN_WAIT_2
            7. CLOSE_WAIT
            8. CLOSING
            9. LAST_ACK
            10. TIME_WAIT
            11. CLOSED
      3. User Datagram Protocol (UDP)
         1. Connectionless Communication
            1. No Connection Setup
            2. No Connection State
         2. UDP Header Structure
            1. Source Port
            2. Destination Port
            3. Length
            4. Checksum
         3. Use Cases and Limitations
            1. Real-Time Applications
            2. DNS Queries
            3. DHCP
            4. Streaming Media
      4. Internet Control Message Protocol (ICMP)
         1. Echo Request and Reply
            1. Ping Functionality
            2. Payload Structure
         2. Destination Unreachable Messages
            1. Network Unreachable
            2. Host Unreachable
            3. Port Unreachable
            4. Protocol Unreachable
         3. Time Exceeded Messages
            1. TTL Exceeded
            2. Fragment Reassembly Timeout
         4. Redirect Messages
            1. Host Redirect
            2. Network Redirect
         5. Parameter Problem Messages
         6. Source Quench Messages
   4. Ports and Services
      1. Well-Known Ports (0-1023)
         1. System Ports
         2. Common Services
            1. HTTP (80)
            2. HTTPS (443)
            3. FTP (21)
            4. SSH (22)
            5. Telnet (23)
            6. SMTP (25)
            7. DNS (53)
            8. DHCP (67/68)
            9. TFTP (69)
            10. POP3 (110)
            11. IMAP (143)
            12. SNMP (161)
      2. Registered Ports (1024-49151)
         1. Application-Specific Services
         2. Vendor-Specific Ports
         3. Database Ports
            1. MySQL (3306)
            2. PostgreSQL (5432)
            3. Oracle (1521)
      3. Dynamic/Private Ports (49152-65535)
         1. Ephemeral Ports
         2. Client-Side Connections
         3. Operating System Allocation
      4. Port States
         1. Open
            1. Service Listening
            2. Accepting Connections
         2. Closed
            1. No Service Listening
            2. Port Accessible
         3. Filtered
            1. Firewall Blocking
            2. No Response Received
         4. Unfiltered
            1. Port Accessible
            2. State Undetermined
         5. Open|Filtered
            1. Ambiguous Response
            2. UDP Scan Results
         6. Closed|Filtered
            1. ICMP Unreachable
            2. Filtered Response
      5. Port Scanning Concepts
         1. TCP vs UDP Ports
            1. Connection-Based vs Connectionless
            2. Response Patterns
         2. Service Identification
            1. Banner Grabbing
            2. Service Fingerprinting
            3. Version Detection