Which is the best cyber security institute near me in Hisar, Haryana?

Cyber Defence in Hisar, Haryana is an ISO-certified cybersecurity training institute and registered Government Training Partner. It offers government-recognized courses in Ethical Hacking, VAPT, Digital Forensics, CCNA, Web Development, and n8n Automation — with hands-on labs, job ready skills, and both offline and online modes. The institute has trained defence personnel from the Indian Army, Navy, Air Force, and BSF. Students from Rohtak, Ambala, Karnal, Sirsa, and 25+ other Haryana cities are enrolled.

Is there an ethical hacking course near me in Haryana?

Yes. Cyber Defence in Hisar, Haryana offers the most comprehensive ethical hacking course in the state. The 6-month program covers CEH-aligned modules, network penetration testing, web application hacking, wireless security, and report writing. Students from anywhere in Haryana can enroll in-person at the Hisar campus or online at cyberdefence.org.in/courses/ethical-hacking.

Where can I find cyber security services near me in Haryana?

Cyber Defence, based in Hisar, Haryana, provides professional cyber security services across the state — including VAPT (Vulnerability Assessment & Penetration Testing), network security audits, web application security testing, incident response, and employee security training. Serving businesses in Hisar, Rohtak, Panipat, Faridabad, Gurugram, and all districts of Haryana.

Is there a web development company near me in Hisar, Haryana?

Yes. Cyber Defence in Hisar offers professional website development, mobile app development, and digital services for businesses in Hisar and across Haryana. Services include responsive websites, e-commerce platforms, React/Next.js development, WhatsApp bot development, and n8n business automation — with local support and competitive pricing for Haryana businesses.

What cyber security courses are available near Hisar for working professionals?

Cyber Defence in Hisar offers weekend and evening batches for working professionals pursuing cyber security certifications. Available courses include Ethical Hacking (CEH preparation), VAPT Professional, Digital Forensics, and CCNA Networking. All courses are available in both classroom format at the Hisar campus and online mode, making them accessible to professionals across Haryana.

Does Cyber Defence offer digital forensics training near Hisar?

Yes. Cyber Defence in Hisar, Haryana offers a 35-hour Digital Forensics course covering disk forensics, mobile device analysis, memory forensics, network forensics, and legal procedures under the Indian IT Act 2000. The course uses industry-standard tools including Autopsy, FTK, and Volatility. It is suitable for aspiring cyber crime investigators and IT professionals across Haryana.

How much does a cyber security course cost near me in Haryana?

Cyber security course fees at Cyber Defence in Hisar, Haryana range from ₹8,999 for CCNA Networking to ₹60,000 for the full Ethical Hacking Basic to Advanced program. VAPT Professional is ₹12,999 and Digital Forensics is ₹10,999. EMI payment options are available. All courses include certification, lab access, study materials, and job ready skills training.

Can I find AI development and automation services near me in Haryana?

Yes. Cyber Defence in Hisar, Haryana provides AI-powered automation services including WhatsApp bot development, n8n workflow automation, Telegram bot development, and AI chatbot integration for businesses across Haryana and India. These services help businesses automate lead capture, customer support, CRM integration, and repetitive workflows — reducing costs while improving response times.

Network Security

Nmap Tutorial for Beginners

Complete Guide to Network Scanning with Nmap

By Amit Kumar

What is Nmap?

Nmap (Network Mapper) is the industry-standard tool for network discovery and security auditing. Created by Gordon Lyon in 1997, Nmap has evolved into an essential utility used by security professionals, system administrators, and penetration testers worldwide. It discovers hosts on a network, identifies open ports, detects services running on those ports, and determines the operating system and version of target systems.

Nmap is free, open-source, and runs on all major operating systems including Windows, Linux, macOS, and even ARM-based systems like Raspberry Pi. Its versatility makes it the go-to tool for initial reconnaissance during penetration testing engagements.

Why Learn Nmap?

Essential Skill

- Required for CEH, OSCP, and security certifications
- Used by 95% of security professionals
- Industry standard for network enumeration
- Found in virtually every pentest engagement

Versatile Applications

- Network inventory and asset discovery
- Security vulnerability assessment
- Penetration testing reconnaissance
- Firewall rule verification
- Service monitoring and uptime checks

Installing Nmap

Nmap runs on all major platforms. Here is how to get it running on your system.

Windows

Download and run the installer from the official website.

# Download from:
# https://nmap.org/download.html

# Run the .exe installer
# Or use winget:
winget install nmap

Linux (Debian/Ubuntu)

Install via package manager for instant access.

# Debian/Ubuntu
sudo apt update
sudo apt install nmap

# Fedora
sudo dnf install nmap

# Arch Linux
sudo pacman -S nmap

macOS

Use Homebrew or download directly.

# Using Homebrew
brew install nmap

# Or download from:
# https://nmap.org/download.html

Verifying Installation

# Check Nmap version
nmap --version

# Should output something like:
# Nmap version 7.94 ( https://nmap.org )
# Platform: x86_64-pc-linux-gnu

Basic Nmap Commands

Let us start with the fundamental scanning commands that form the foundation of Nmap usage.

Simple Host Scan

The most basic scan - check if a host is up and what ports it has open.

# Scan a single IP address
nmap 192.168.1.1

# Scan a hostname
nmap example.com

# Scan multiple IPs
nmap 192.168.1.1 192.168.1.2 192.168.1.3

# Scan an IP range (CIDR notation)
nmap 192.168.1.0/24

# Scan a range of IPs
nmap 192.168.1.1-254

Port Specification

Specify which ports to scan for faster or more comprehensive results.

# Scan specific ports
nmap -p 80,443 192.168.1.1

# Scan a port range
nmap -p 1-1000 192.168.1.1

# Scan all 65535 ports
nmap -p- 192.168.1.1

# Scan top 100 common ports (fast)
nmap -F 192.168.1.1

# Scan top 1000 ports
nmap --top-ports 1000 192.168.1.1

Timing and Performance

Adjust scan speed based on network conditions and stealth requirements.

# Timing templates (T0-T5)
nmap -T0 192.168.1.1  # Paranoid (anti-detection)
nmap -T1 192.168.1.1  # Sneaky
nmap -T2 192.168.1.1  # Polite (slow, less bandwidth)
nmap -T3 192.168.1.1  # Normal (default)
nmap -T4 192.168.1.1  # Aggressive (faster)
nmap -T5 192.168.1.1  # Insane (very fast, may miss)

# Parallelism options
nmap --min-parallelism 10 192.168.1.1

# Max RTT timeout (milliseconds)
nmap --max-rtt-timeout 100ms 192.168.1.1

Port Scanning Techniques

Nmap offers multiple scanning methods, each with advantages and trade-offs.

TCP Connect Scan (-sT)

Full three-way handshake. Reliable but easily detected.

nmap -sT 192.168.1.1
# Requires completed TCP handshake
# Works without raw socket privileges
# Most reliable scan type

SYN Scan (-sS)

Half-open scan. Fast and stealthy but requires root.

nmap -sS 192.168.1.1
# Does not complete handshake
# Requires root/sudo privileges
# Default for root users
# Faster and stealthier

UDP Scan (-sU)

Scan UDP services. Slower but essential for complete assessment.

nmap -sU 192.168.1.1
# No handshake (stateless)
# Responses via ICMP or port-specific
# DNS (53), DHCP (67), SNMP (161)
# Combine with TCP: nmap -sS -sU

ACK Scan (-sA)

Firewall rule detection. Does not discover open ports.

nmap -sA 192.168.1.1
# Use to map firewall rules
# Unfiltered = no firewall
# Filtered = firewall blocking
# No port state detection

Combined Scan Example

# Comprehensive scan: SYN + UDP, top 1000 ports, OS detection, version detection
nmap -sS -sU -O -sV --top-ports 1000 -T4 192.168.1.1

# Stealth scan with decoys
nmap -sS -D decoy1,decoy2,decoy3 TARGET

# Idle scan (requires zombie host)
nmap -sI zombie_host TARGET

Host Discovery

Finding live hosts before scanning ports is crucial for efficient reconnaissance.

Discovery Options

# Ping scan only (no port scan)
nmap -sn 192.168.1.0/24

# ARP scan (local networks, most accurate)
nmap -PR 192.168.1.0/24

# Disable ping (assume hosts are up)
nmap -Pn 192.168.1.0/24

# SYN ping
nmap -PS22,80,443 192.168.1.0/24

# ACK ping
nmap -PA22,80,443 192.168.1.0/24

# UDP ping
nmap -PU53 192.168.1.0/24

Network Reconnaissance Example

# Full host discovery on local network
nmap -sn -PR -oA host_discovery 192.168.1.0/24

# Explanation:
# -sn: No port scan after discovery
# -PR: ARP scan (for local networks)
# -oA: Output in all formats

# Discover hosts with custom options
nmap -sn -PS80,443,8080 -PE -T4 10.0.0.0/24

# Reverse DNS resolution during discovery
nmap -sn -R 192.168.1.0/24

Service and Version Detection

Identify what services are running and their exact versions for vulnerability assessment.

Version Detection (-sV)

# Basic version detection
nmap -sV 192.168.1.1

# Aggressive version detection (more thorough)
nmap -sV --version-intensity 9 192.168.1.1

# Light version detection (faster)
nmap -sV --version-intensity 5 192.168.1.1

# Version intensity levels: 0-9
# Higher = slower but more accurate

Detection Banners

Nmap grabs banners to identify service versions.

PORT     STATE SERVICE  VERSION
22/tcp   open  ssh      OpenSSH 8.2p1
80/tcp   open  http     Apache 2.4.46
443/tcp  open  https    nginx 1.18.0
3306/tcp open  mysql    MySQL 8.0.23

Comprehensive Scan

Combine version detection with OS fingerprinting.

# -A enables: OS, version, script, traceroute
nmap -A 192.168.1.1

# Output shows:
# - OS details
# - Service versions
# - Traceroute
# - Script scan results
# - Network distance

OS Fingerprinting

Nmap can identify the operating system of target hosts by analyzing TCP/IP stack behavior.

OS Detection Options

# Basic OS detection
nmap -O 192.168.1.1

# Aggressive OS detection (more tests, higher accuracy)
nmap -O --osscan-guess 192.168.1.1

# Combined with version detection
nmap -O -sV 192.168.1.1

# Enable all (OS, version, scripts, traceroute)
nmap -A 192.168.1.1

Sample OS Detection Output

OS: Linux 5.4 (Ubuntu 20.04)
OS: Linux 4.15-5.1 (Ubuntu)
OS: Linux 5.0 (Ubuntu 20.04)
OS details: Linux 5.4 (Ubuntu 20.04)
Network Distance: 1 hop
TCP Sequence: IPID Zero

# Requirements for OS detection:
# - At least 1 open port
# - At least 1 closed port
# Root access improves accuracy

Nmap Scripting Engine (NSE)

The Nmap Scripting Engine extends Nmap with Lua scripts for advanced vulnerability detection, enumeration, and exploitation.

Running NSE Scripts

# Default script scan (common scripts)
nmap -sC 192.168.1.1

# Specific script or category
nmap --script vuln 192.168.1.1

# Multiple scripts
nmap --script smb-vuln-ms17-010,ssh-vuln 192.168.1.1

# Script category examples:
# auth, broadcast, brute, default, discovery
# dos, exploit, external, fuzzer, intrusive
# malware, safe, version, vuln

Vulnerability Scanning

# Scan for known vulnerabilities
nmap --script vuln 192.168.1.1

# Check for specific CVEs
nmap --script http-cve-2021-44228 192.168.1.1

# SMB vulnerability check
nmap --script smb-vuln-ms17-010 192.168.1.1

# SSL/TLS vulnerabilities
nmap --script ssl-enum-ciphers 192.168.1.1

Service Enumeration

# HTTP enumeration
nmap --script http-enum 192.168.1.1

# SMTP enumeration
nmap --script smtp-enum-users 192.168.1.1

# DNS zone transfer
nmap --script dns-zone-transfer -p 53 target.com

# SMB enumeration
nmap --script smb-enum-users,smb-enum-shares 192.168.1.1

Useful Default Scripts

# Comprehensive web scan
nmap -sV --script http-* target.com

# Default safe scripts
nmap -sC target.com

# Auth scripts (testing authentication)
nmap --script auth target.com

# All discovery scripts
nmap --script discovery target.com

# List available scripts
ls /usr/share/nmap/scripts/

Advanced Scanning Options

Master these advanced techniques to bypass restrictions and gather more information.

Fragmentation and Spoofing

# Fragment packets (bypass some firewalls)
nmap -f 192.168.1.1

# Double fragmentation
nmap -ff 192.168.1.1

# Source port manipulation
nmap -g 80 192.168.1.1
nmap -g 443 192.168.1.1

# Set source IP
nmap -S 10.0.0.1 192.168.1.1

# Interface specification
nmap -e eth0 192.168.1.1

Decoy and Zombie Scanning

# Scan with decoy IPs (hides your IP)
nmap -D decoy1,decoy2,ME 192.168.1.1

# Random decoys
nmap -D RND:5 192.168.1.1

# Idle scan (requires zombie host)
nmap -sI zombie_host target.com

# Spoof MAC address
nmap --spoof-mac 0 192.168.1.1  # Random MAC
nmap --spoof-mac Apple 192.168.1.1

IPv6 and IPv4 Options

# IPv6 scanning
nmap -6 fe80::1

# IPv6 discovery
nmap -6 -sn fe80::/64

# IPv6 version detection
nmap -6 -sV -sC target_ipv6

# Dual-stack scanning
nmap -4 target.com  # IPv4 only
nmap -6 target.com  # IPv6 only

Traceroute and Path Discovery

# Traceroute to target
nmap --traceroute 192.168.1.1

# With MTU discovery
nmap --traceroute --mtu 192.168.1.1

# Include in aggressive scan
nmap -A 192.168.1.1

# UDP traceroute
nmap --traceroute -PUN 192.168.1.1

Firewall and IDS Evasion

Techniques to scan through firewalls and avoid detection by intrusion detection systems.

Evasion Techniques

# Packet fragmentation
nmap -f -sS 192.168.1.1

# Packet with 8-byte offset
nmap --data-length 24 192.168.1.1

# Randomize scan order
nmap --randomize-hosts 192.168.1.0/24

# Slow scan (harder to detect)
nmap -T2 -p- 192.168.1.1

# IP ID manipulation
nmap --ip-options "NOP" 192.168.1.1

# Empty packets
nmap --data 0x00 192.168.1.1

Firewall Detection

# ACK scan to detect firewall rules
nmap -sA 192.168.1.1

# TCP window scan
nmap -sW 192.168.1.1

# Xmas scan (detects stateless firewalls)
nmap -sX 192.168.1.1

# FIN scan
nmap -sF 192.168.1.1

# Null scan
nmap -sN 192.168.1.1

# Maimon scan
nmap -sM 192.168.1.1

Full Evasion Example

# Stealth scan with multiple evasion techniques
nmap -sS -f -D RND:5 -g 443 \
  --data-length 25 \
  --randomize-hosts \
  --spoof-mac Apple \
  -T2 -p- 192.168.1.1

# Explanation:
# -sS: SYN scan
# -f: fragmentation
# -D: random decoys
# -g: source port 443
# --data-length: padding
# -T2: slow timing

Nmap Output Formats

Nmap offers multiple output formats for integration with other tools and reporting.

Output Options

# Normal output (readable text)
nmap -oN scan.txt 192.168.1.1

# Grepable output (grep-friendly)
nmap -oG scan.gnmap 192.168.1.1

# XML output (for tools)
nmap -oX scan.xml 192.168.1.1

# All formats
nmap -oA scan 192.168.1.1  # scan.nmap, scan.gnmap, scan.xml

# Verbose output
nmap -v 192.168.1.1
nmap -vv 192.168.1.1  # Very verbose

Script Kiddie and Interactive

# Script Kiddie format (lamer-friendly)
nmap -oS scan.km 192.168.1.1

# Resume interrupted scan
nmap --resume scan.gnmap

# List scan (no scan, just listing targets)
nmap -sL 192.168.1.0/24

# Suppress reverse DNS (faster)
nmap -n 192.168.1.0/24

Practical Output Example

# Comprehensive scan with all outputs
nmap -sS -sV -O -p- -T4 \
  -oA comprehensive_scan \
  192.168.1.1

# Produces:
# comprehensive_scan.nmap (normal)
# comprehensive_scan.gnmap (grepable)
# comprehensive_scan.xml (XML)

# Grep for open ports
grep "Open" scan.gnmap

# Parse XML with Python
python3 -c "
import xml.etree.ElementTree as ET
tree = ET.parse('scan.xml')
for host in tree.findall('.//host'):
    print(host.find('address').attrib)
"

Practical Nmap Examples

Real-world scanning scenarios with commands you can use immediately.

Quick Reconnaissance

# Fast scan of common ports
nmap -T4 -F 192.168.1.0/24

# Quick version scan
nmap -T4 -sV --top-ports 100 192.168.1.0/24

# Ping sweep (discover live hosts)
nmap -sn 192.168.1.0/24 -oG - | grep Up

# Quick vulns scan
nmap -sV --script vuln 192.168.1.1

Web Server Assessment

# Full web server enumeration
nmap -p 80,443,8080,8443 \
  -sV --script http-enum,http-title,http-headers \
  -T4 target.com

# Check for SSL/TLS issues
nmap -p 443 --script ssl-enum-ciphers,ssl-cert target.com

# Web vulnerability scan
nmap -p 80,443 \
  --script http-sql-injection,http-xssed,http-csrf \
  target.com

Database Discovery

# Database port scan
nmap -p 3306,5432,27017,6379,1433 \
  -sV --script redis-info,mongodb-info \
  192.168.1.0/24

# MySQL enumeration
nmap -p 3306 --script mysql-info,mysql-enum 192.168.1.1

# MongoDB discovery
nmap -p 27017 --script mongodb-info 192.168.1.1

Complete Network Audit

# Comprehensive network audit
nmap -sS -sU -sV -O -A \
  -p- \
  --script default,discovery,vuln \
  -T4 \
  -oA full_audit \
  192.168.1.0/24

# Weekly port check (for monitoring)
nmap --top-ports 100 -oA weekly_check -iL hosts.txt

# Compare scans
ndiff scan1.xml scan2.xml

Common Use Cases

Practical applications of Nmap in security workflows.

Network Inventory

Discover all devices on a network for asset management and documentation.

Vulnerability Assessment

Scan for open ports and services to identify potential attack vectors.

Penetration Testing

Use during reconnaissance phase to map the attack surface before exploitation.

Firewall Auditing

Verify firewall rules by testing what ports are actually accessible.

Service Monitoring

Schedule regular scans to detect unauthorized services or changes.

Security Hardening

Identify unnecessary services running on production systems.

Incident Response

Quickly assess which systems may be compromised during an incident.

Bug Bounty Hunting

Map targets and discover exposed services before detailed testing.

Nmap Cheatsheet

Quick reference for the most commonly used Nmap commands.

Scan Types

-sS: SYN scan (stealth)

-sT: TCP connect scan

-sU: UDP scan

-sN: Null scan

-sF: FIN scan

-sX: Xmas scan

-sI: Idle scan

-sA: ACK scan

Discovery Options

-sn: No port scan

-Pn: Skip ping discovery

-PR: ARP scan (local)

-PS: TCP SYN ping

-PA: TCP ACK ping

-PU: UDP ping

-PE: ICMP echo

-R: Reverse DNS

Port Options

-p: Specific ports

-p-: All ports

-F: Top 100 ports

--top-ports N: Top N ports

-r: Sequential scan

--randomize-hosts: Shuffle targets

Output and Timing

-oN: Normal output

-oG: Grepable output

-oX: XML output

-oA: All formats

-v/-vv: Verbose

-T0-T5: Timing templates

Frequently Asked Questions

What is Nmap and why should I learn it?

Nmap (Network Mapper) is the industry-standard network discovery and security auditing tool. Learning Nmap is essential for penetration testers, security professionals, and network administrators as it provides foundational skills for network reconnaissance and vulnerability assessment.

Is Nmap legal to use?

Nmap itself is legal, but scanning networks you do not have explicit permission to test is illegal. Always obtain written authorization before scanning any network. Use Nmap on your own networks, lab environments, or platforms like HackTheBox and TryHackMe for practice.

What is the difference between TCP and UDP scanning in Nmap?

TCP scanning establishes a full connection (SYN, SYN-ACK, ACK handshake), while UDP scanning sends packets without handshaking. TCP scans are more reliable but slower; UDP scans are faster but less accurate as they rely on ICMP responses or port-specific behaviors.

How do I scan specific ports with Nmap?

Use the -p flag to specify ports. Examples: -p 80 (single port), -p 1-1000 (port range), -p- (all 65535 ports), -p 22,80,443 (multiple specific ports), -p U:53,T:80 (UDP and TCP on same command).

What is Nmap Scripting Engine (NSE)?

NSE is a powerful feature that extends Nmap capabilities through Lua scripts. Scripts can perform vulnerability detection, advanced enumeration, backdoor detection, and even exploit execution. Access scripts with --script or -sC flag.

How can I detect the operating system with Nmap?

Use the -O flag to enable OS detection, or -A for comprehensive detection including OS, version, script scanning, and traceroute. OS detection works by analyzing TCP/IP stack fingerprints and may require at least one open and one closed port for accuracy.

Can Nmap scan through firewalls?

Nmap has multiple techniques to evade firewall detection: fragment packets (-f), use decoy IPs (-D), timing options (-T), source port manipulation (-g), and idle scanning (-sI) using zombies. No technique guarantees success.

What output formats does Nmap support?

Nmap offers multiple output formats: normal (-oN), grepable (-oG), XML (-oX), and all formats simultaneously (-oA). Use -v for verbose output. XML output can be imported into tools like Metasploit, Nessus, and custom security dashboards.

Master Network Scanning Skills

Learn advanced Nmap techniques, network reconnaissance, and penetration testing methodologies in our comprehensive ethical hacking course. Build practical skills with real-world scenarios.

View Ethical Hacking Course Contact Us

Continue Learning

Burp Suite Guide

Learn web application testing with Burp Suite proxy and scanning features.

Ethical Hacking Course

Comprehensive penetration testing training with hands-on labs.

Network Security

Master network defense, monitoring, and incident response.