Ethical Hacking Beginners Guide Episode 8: Network Scanning with Nmap and Wireshark (Updated June 2026)
India's cybersecurity sector needs 1.25 million skilled professionals by 2027 (NASSCOM-Deloitte) and network security expertise is at the top of every hiring checklist. Episode 8 of our Ethical Hacking series teaches the two most essential tools for any security professional: Nmap for port scanning and service enumeration, and Wireshark for network traffic capture and analysis. Every authorized penetration test begins with the scanning phase — and Nmap is the tool that makes it possible.
- Nmap is the industry-standard port scanner for network discovery and service enumeration in authorized security assessments
- Wireshark is the leading network protocol analyzer for capturing and inspecting traffic — used by both attackers and defenders
- The scanning phase maps the attack surface before any exploitation attempt — understanding it deeply is essential
- Nmap and Wireshark are both free, open-source, and universally used by security professionals worldwide
- Network security analysts and SOC engineers with strong scanning and traffic analysis skills earn ₹4–10 LPA in India (AmbitionBox)
What Episode 8 Covers — Scanning Phase in Ethical Hacking
Episode 8 covers the scanning phase — the systematic process of probing a target network to discover hosts, open ports, running services, and operating system details. This is always done after active reconnaissance and always within the authorized scope of an engagement. Here's the thing: without accurate scanning data, exploitation attempts are guesswork. Nmap and Wireshark together give you a complete picture of what is running on a network, which services are exposed, and what traffic patterns are normal versus suspicious. These are the skills that SOC analysts use daily and that pentesters depend on in every engagement.
Nmap Fundamentals: Port Scanning and Service Enumeration
Nmap (Network Mapper) is a free, open-source tool used for network discovery and security auditing in authorized assessments. At its core, it sends packets to target hosts and analyzes the responses to determine which ports are open, what services are running on those ports, and what OS is likely running. An open port on a target is a potential entry point — each one needs to be evaluated during a penetration test. Nmap also has a scripting engine (NSE) with hundreds of scripts for vulnerability detection, brute-force, and service enumeration. It is preinstalled on Kali Linux and is the first tool used in almost every authorized network penetration test.
Common Nmap Scan Types and When to Use Each
The most important Nmap scan types: SYN scan (-sS, also called stealth scan) — sends SYN packets and waits for SYN-ACK, never completes the handshake, faster and less logged; TCP Connect scan (-sT) — completes the full TCP handshake, more detectable but works without root/admin; UDP scan (-sU) — checks for open UDP services (DNS on 53, SNMP on 161, DHCP on 67); Service version detection (-sV) — identifies exact service versions; OS detection (-O) — identifies the target operating system. For authorized tests, the command structure matters — scanning too aggressively can disrupt production services, so understanding scan timing options (-T0 to -T5) is important for professional engagements.
| Nmap Scan Type | Flag | Use Case | Detectability |
|---|---|---|---|
| SYN Scan | -sS | Fast, stealthy port discovery | Low-Medium |
| TCP Connect | -sT | No root required, full handshake | High |
| UDP Scan | -sU | Discover DNS, SNMP, DHCP | Medium |
| Service Version | -sV | Identify exact service versions | Medium-High |
| OS Detection | -O | Fingerprint target operating system | Medium-High |
Wireshark for Network Traffic Analysis: Capturing and Filtering Packets
Wireshark is the world's most used network protocol analyzer. It captures all network packets passing through a network interface and lets you inspect each packet in detail — source IP, destination IP, protocol, payload. For security professionals, Wireshark is indispensable for: understanding what traffic a vulnerable service generates; analyzing malware behavior in a lab (what connections does it make?); capturing credentials sent over unencrypted protocols (Telnet, FTP, HTTP); and understanding normal baseline traffic to detect anomalies. Wireshark's display filters (the most important skill to master) let you isolate specific traffic — for example, http.request.method == "POST" to see form submissions or tcp.port == 80 to see all HTTP traffic.
Enumeration: Extracting Useful Information from Scan Results
Enumeration goes beyond port scanning — it extracts actionable information from discovered services. DNS enumeration reveals subdomains and mail servers. SMB enumeration (using tools like enum4linux on authorized targets) reveals Windows shares, users, and domain information. SNMP enumeration extracts network device configurations. HTTP header analysis reveals web server version, technology stack, and security headers. What most beginners miss is that the quality of your enumeration directly determines the quality of your exploitation phase — the more you know about a service's exact version and configuration, the more targeted your vulnerability research can be. Episode 8 covers enumeration techniques for the most common services found in enterprise networks.
Network Security Careers in India: SOC Analysts, Network Engineers, and Pentesters
Network security skills are foundational for a wide range of cybersecurity careers. SOC (Security Operations Center) analysts monitor network traffic for threats using tools built on the same principles as Wireshark — they earn ₹3.5–7 LPA as L1/L2 analysts in India. Network security engineers who design and implement network defenses earn ₹6–12 LPA. Junior penetration testers who start with network scanning earn ₹5–8 LPA. Senior network security architects earn ₹15–25 LPA. In Pune, major employers for network security roles include Infosys, Wipro, Symantec (Broadcom), and growing fintech companies in Hinjewadi. Government organizations including DRDO, BARC, and Indian Railways IT also recruit network security professionals.
Get the Cyber Security Training Brochure + Fees + Batch Dates on WhatsApp
Free 1:1 counselling. Placement track record. CMYKPY/PMKVY eligibility check.
💬 Get Brochure on WhatsApp📞 Call 7039169629About the author: Rahul Patil. 12 yrs experience training engineers across Maharashtra.
Visit Our Centers
- Wagholi (Pune): 1st Floor, Laxmi Datta Arcade, Pune-Ahilyanagar Highway. Call 7039169629
- Hadapsar (Pune HQ): 1st Floor, Shree Tower, opp. Vaibhav Theater, Magarpatta. Call 7039169629
- Cidco (Chh. Sambhajinagar): Kalpana Plaza, opp. Eiffel Tower, N-1 Cidco. Call 7039169629
- Osmanpura (Chh. Sambhajinagar): S.S.C Board to Peer Bazar Road, near Jama Masjid. Call 7039169629
- Sangli: Shubham Emphoria, 1st Floor, Above US Polo Assn., Sangli-Miraj Rd, Vishrambag. Weekend batches available. Call 7039169629
FAQs
What is Nmap and what is it used for in ethical hacking?
Nmap (Network Mapper) is a free, open-source network scanning tool used to discover hosts on a network, identify open ports, enumerate running services and their versions, and detect operating systems. In authorized penetration testing, it is used in the scanning phase to map the attack surface — identifying all potential entry points before vulnerability analysis and exploitation. Nmap is preinstalled on Kali Linux and is the most widely used tool in the security industry for network reconnaissance.
What is Wireshark and how is it different from Nmap?
Nmap and Wireshark serve complementary purposes. Nmap actively sends packets to probe what services are running on target hosts. Wireshark passively captures and analyzes all network traffic flowing through a network interface — it listens rather than probes. Nmap tells you what ports are open on a target; Wireshark tells you what data is being transmitted. In ethical hacking, you use Nmap to discover what to target, then Wireshark to analyze the traffic generated during testing and to understand normal versus anomalous network behavior.
Is it legal to use Nmap for port scanning?
Nmap scanning is legal when performed on your own network, on a network you have explicit written permission to test, or in an isolated lab environment. Scanning networks without authorization is illegal under India's IT Act 2000 and similar laws in most countries. All ABC Trainings practical exercises using Nmap are conducted exclusively against isolated lab VMs or on authorized practice platforms like TryHackMe and HackTheBox. Never use Nmap against any system without explicit written authorization from its owner.
What network security jobs in India require Nmap and Wireshark skills?
Network security skills including Nmap and Wireshark proficiency are required for SOC analysts (Security Operations Center, ₹3.5–7 LPA), network security engineers (₹6–12 LPA), and junior penetration testers (₹5–8 LPA) in India. Major employers include Infosys, Wipro, TCS Cyber Security, Symantec (Broadcom), and government organizations like DRDO, BARC, and Indian Railways IT. Pune-based IT parks and Hinjewadi-based fintech companies are active recruiting grounds for these roles.
