With the list of active hosts, Alex needed to know which "doors" were open. They ran a ( nmap -sS ), often called a "stealth scan" because it never fully completes the TCP connection, making it harder for simple firewalls to log. Port 80 (HTTP): Open. A web server. Port 22 (SSH): Open. Remote access. Port 445 (SMB): Filtered. Likely behind a firewall.

Alex knew that scanning every possible IP would be loud and slow. They started with a ( nmap -sn 192.168.1.0/24 ) to quietly identify which devices were actually powered on without probing specific ports.

To truly find the "cracks" in the armor, Alex invoked the . They ran a vulnerability scan against the identified web server using the command: nmap --script vuln 192.168.1.45

The results flickered across the screen: "12 hosts up." Alex had their targets. Chapter 2: Peering Through the Windows (Port Scanning)