Run a Zenmap Scan

This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.

You can use this lab to run a scan and explore the output using Zenmap.

Warning. Do not run this lab in a corporate network without express authorization to do so. You may face legal challenges if you run network scans on a network that you don’t own or control without authorization. Ideally, you would run this within a private network such as one at your home or within a controlled lab environment.

Prerequisites. This lab assumes you have downloaded and installed Nmap. If you haven’t, you can follow the instructions in the Download and Install Nmap lab.

1) Use ipconfig to identify your IP address and subnet mask. If you don’t know how to do so, you can use the Windows Command Prompt Commands lab.

2) Identify your network ID.

As an example, if your IP address is with a subnet mask of, your network ID is

Similarly, if your IP address is with a subnet mask of, your network ID is

These are the most commonly used network IDs in private networks.

3) Start Zenmap. On Windows 10, you can do so by clicking on the Search icon, typing zenmap, and clicking on Nmap – Zenmap GUI.

4) Enter your network ID into the Target text box as shown in the following graphic.


Notice how the Command text box is populated with a command after you entered the Target. With the Intense scan selected, it looks like this:

nmap -T4 -A -v

You can enter the same command at the command line to run a scan.

5) Select the dropdown box next to Intense scan. Select each available scan and notice how the commands change slightly. Some of the scans and their related commands are listed in the following table.

Scan TypeCommand
 Intense scan nmap -T4 -A -v
 Intense scan plus UDPnmap -sS -sU -T4 -A -v
 Intense scan, all TCP ports nmap -p 1-65535 -T4 -A -v
 Intense scan, no ping nmap -T4 -A -v -Pn
 Ping scan nmap -sn
 Quick scannmap -T4 -F

Warning. Ensure you have authorization before running a scan on a network.

6) Select Intense Scan and click Scan. This will take a little while to complete.

An important point to realize is that Nmap is a very rich application. This short lab doesn’t show you everything about nmap, but instead just introduces some basics. Gordon Fyodor Lyon created Nmap and his comprehensive book Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the definitive guide. Other books are also available on Nmap here.

You can also view an online manual here. While the scan runs, you might like to look at the online manual. The examples page lists some basic scan commands and describes the purpose of the switches within the commands.

7) When the scan completes, take a look at one of the host IP addresses and click on Ports/Hosts. The following graphic shows the result for one of the hosts in my network.

Nmap correctly identified it as a network router and also indicated that it is running an embedded website on ports 80 and 44.

8) Select a few different host IP addresses in your network to see the available information.

9) Select the Topology tab. This shows the network mapping.

You can also click Legend on the top right to see what each of the icons mean.

10) Select the Host Details tab. This shows you some additional details on the host.

10) With the Host Details tab still selected, click on a few different host IP addresses to see the available information.


11) Click on Scan and select Save Scan.

12) Browse to a location on your computer. Type in a name for the scan (such as myscan.xml), and click Save. After saving a scan you can come back to it later to view it.

Back to SY0-501 Security+ labs.