Nmap a is a free popular port scanning security tool , used by both good and bad hackers alike.
For someone breaking into a network, this tool is used to gather as much information about the network that is possible; mapping it out or as it’s called, fingerprint the target. On the other side, the good guys use NMAP internally to determine if there are any unauthorized services running on their network. This tool kind of levels the playing ground so to speak.

I downloaded the free tool at home and was playing around with it on my internal network. As a caveat, scan your own hosts or networks that have given permission to scan only. Unauthorized scanning of a host with the intent to breaking into may be unlawful, one should keep this in mind when using this tool..

There are two ways of scanning using NMAP; regular TCP connect scanning and stealth scanning.
Without going into the geeky details of TCP/IP, stealth scanning attempts to determine if a port is open on the target system by soliciting a SYN/ACK and not completing the 3-way handshake, then ultimately going in under the radar. However, even this type of scanning is now being logged with modern firewalls and IDS (Intrusion Detection Systems).

The TCP connect mode actually completes the 3-way handshake. The downside for a hacker would be that most servers log connections including the source IP address and the IDS may be tripped , and these are things a hacker would like to avoid while fingerprinting a network.

Here is some basic NMAP commands to get started.

TCP() connect scanning:
# nmap -sT 192.168.1.2

Syn/Stealth scan.
# nmap -sS 192.168.1.2