Intro To Tools: Nmap, Wireshark, Netstat | Cyber Security Tutorial - Learn with VOKS
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL
Back
Cyber Security
01. Introduction 02. Types of Cyber Threats 03. Cyber Security Domains 04. CIA Triad (Confidentiality Integrity Availability) 05. Career paths in Cyber Security 06. Certifications 07. Ethics and Responsible Disclosure 08. Laws and Regulation (e.g. GDPR, NDPR) 09. What is an OS? 10. Types: Window, Linus, macOS 11. Command-line vs GUI 12. OS Internals Overview (filesystems, processes, permissions) 13. Windows command prompt basics 14. Linux Bash Basics 15. File System Navigation 16. Basic Scripting 17. IP Addressing 18. DNS, DHCP 19. Mac Address 20. OSI VS TCP/IP Models 21. Ports and Protocols (TCP, UDP) 22. Common Protocols (HTTPS, FTP, SSH, etc.) 23. Packet structure 24. Firewalls, IDS/IPS, VPNs 25. Common attacks: MITM, Sniffing 26. Secure Network Practices 27. How the Web works 28. HTTP vs HTTPS 29. URLs, Headers, Cookies 30. Client-Server Architecture 31. Introduction To Web Security 32. OWASP Top 10 Overview 33. Common Threats (XSS, SQLi, CSRF) 34. Inpute validation and authentication flow 35. Basic Exploitation demo (e.g. XSS) 36. Burp Suite Introduction 37. Using a Browser For Testing 38. Password security 39. MFA-Antivirus 40. Cyber Hygeine Practice 41. Intro To Tools: Nmap, Wireshark, Netstat

Intro To Tools: Nmap, Wireshark, Netstat

Intro To Tools: Nmap, Wireshark, Netstat

In network and cybersecurity, understanding your network and monitoring traffic is essential. Three foundational tools that help with this are Nmap, Wireshark, and Netstat. Each serves a different purpose but together they provide a strong foundation for network analysis and security testing.

This guide explains these tools in a beginner-friendly way.

Nmap

What Is Nmap

Nmap (Network Mapper) is a network scanning tool that allows you to discover devices, services, and open ports on a network. It is widely used for:

  • Network inventory
  • Security auditing
  • Identifying vulnerable services

Official website: Nmap

How Nmap Works

Nmap sends packets to a target machine and analyzes responses to determine:

  • Which hosts are active
  • Which ports are open or closed
  • What services are running
  • Operating system information

Basic Nmap Commands

Scan a Single IP

nmap 192.168.1.10

Scan a Range of IPs

nmap 192.168.1.1-20

Scan Common Ports Only

nmap -F 192.168.1.10

Scan All Ports

nmap -p- 192.168.1.10

Service Detection

nmap -sV 192.168.1.10

This detects running services and versions.

Wireshark

What Is Wireshark

Wireshark is a network protocol analyzer. It captures network traffic and allows you to inspect packets in detail.

It is used for:

  • Troubleshooting networks
  • Analyzing protocols
  • Detecting suspicious activity
  • Learning how networks work

Official website: Wireshark

How Wireshark Works

Wireshark captures packets from a network interface and displays:

  • Source and destination IP addresses
  • Protocol used (TCP, UDP, HTTP, etc.)
  • Packet content
  • Timing and sequence of packets

Basic Usage

  1. Open Wireshark.
  2. Select the network interface to capture.
  3. Start capture.
  4. Analyze captured packets.

Filtering Traffic

Example: Show only HTTP traffic:

http

Show packets from a specific IP:

ip.addr == 192.168.1.10

Netstat

What Is Netstat

Netstat (Network Statistics) is a command-line tool that shows current network connections, listening ports, and routing tables.

It is available on:

  • Windows
  • Linux
  • macOS

Basic Netstat Commands

Show Active Connections

netstat -a

Show Listening Ports

netstat -l

Show PID With Connection (Linux)

netstat -tulpn

Windows Example

netstat -ano

This shows:

  • Active connections
  • Listening ports
  • Process IDs

Practical Use Cases

  1. Nmap – Find which devices are on your network and which ports they expose.
  2. Wireshark – Inspect network packets to debug network issues or detect attacks.
  3. Netstat – Check which applications are using network connections on your system.

Simple Combined Example

Below is a conceptual workflow using all three tools:

# 1. Scan the local network for live hosts and open ports
nmap -sV 192.168.1.1-20

# 2. Start Wireshark on the main network interface to capture traffic
wireshark

# 3. Check your local machine's active connections
netstat -tulpn

This combination allows you to:

  • Discover devices (Nmap)
  • Analyze traffic (Wireshark)
  • Monitor your own connections (Netstat)

Final Notes

  • Nmap is primarily used for reconnaissance and scanning.
  • Wireshark is used for packet capture and deep analysis.
  • Netstat is used for monitoring your own system’s network connections.

Together, these tools give you a complete beginner-friendly toolkit for network analysis and security awareness.

Example Code:
# Nmap Examples
nmap 192.168.1.10
nmap 192.168.1.1-20
nmap -F 192.168.1.10
nmap -p- 192.168.1.10
nmap -sV 192.168.1.10

# Wireshark Filters (run inside Wireshark)
http
ip.addr == 192.168.1.10

# Netstat Examples
netstat -a
netstat -l
netstat -tulpn  # Linux
netstat -ano     # Windows

# Combined Example Workflow
nmap -sV 192.168.1.1-20
wireshark
netstat -tulpn
Cyber Security
Introduction Types of Cyber Threats Cyber Security Domains CIA Triad (Confidentiality Integrity Availability) Career paths in Cyber Security Certifications Ethics and Responsible Disclosure Laws and Regulation (e.g. GDPR, NDPR) What is an OS? Types: Window, Linus, macOS Command-line vs GUI OS Internals Overview (filesystems, processes, permissions) Windows command prompt basics Linux Bash Basics File System Navigation Basic Scripting IP Addressing DNS, DHCP Mac Address OSI VS TCP/IP Models Ports and Protocols (TCP, UDP) Common Protocols (HTTPS, FTP, SSH, etc.) Packet structure Firewalls, IDS/IPS, VPNs Common attacks: MITM, Sniffing Secure Network Practices How the Web works HTTP vs HTTPS URLs, Headers, Cookies Client-Server Architecture Introduction To Web Security OWASP Top 10 Overview Common Threats (XSS, SQLi, CSRF) Inpute validation and authentication flow Basic Exploitation demo (e.g. XSS) Burp Suite Introduction Using a Browser For Testing Password security MFA-Antivirus Cyber Hygeine Practice Intro To Tools: Nmap, Wireshark, Netstat
All Courses
Advance AI Bootstrap C C++ Computer Vision Content Writing CSS Cyber Security Data Analysis Deep Learning Email Marketing Excel Figma HTML Java Script Machine Learning MySQLi Node JS PHP Power Bi Python Python for AI Python for Analysis React React Native SEO SMM SQL