Nmap= network mapper
Nmap is a free and open source tool that many hackers keep handy in their tool belts. It's often our first weapon of choice as recon is very important and we can't know what to investigate if we don't even know what ports are open on our server.
When i talk about ports, i can talk about both UDP and TCP ports. There is a big difference between these two protocols but to keep it simple, TCP packages always give a confirmation making it so that every package surely gets delivers. This takes time as the server has to wait for the confirmation for every single package. UDP tries to get rid of that by simply sending the packages and not waiting for confirmation.
TCP is often used in applications where it's very important all packages get delivered in the exact order. For example if you download a file, that will probably be done in the TCP protocol whereas a youtube video will probably be sent through a port via UDP.
I keep talking about everything but Nmap it seems but to understand what it does, we need to understand these basic concepts first. It's really important to know there are 65,535 ports that a server can have in use.
These ports can have different statuses, just like ports in real life. They can be opened which is pretty self explanatory, it would be like an open gate where all the foot traffic would be allowed to go through as long as they follow the protocol that is bound to that port.
Every open port is going to form a risk in terms of attackers like us. We are trying to find open ports so we can possible find out what is running on that ports (For example a webserver or ssh) and then possibly try to find an exploit for it. Our biggest attack surface is going to be web in most cases which will be running on port 80 and/or 443. Don't be fooled though, webservers can be configured to run on any port and both on the TCP/UDP protocols. More on this later in the "flags" chapter.
A closed port is pretty useless to us as hackers, we can access it but there is nothing running it, basically an empty pit that we can stuff too.
A filtered port is mostly a mystery to us. How Nmap works is it sends a probe to a port and waits for a reply but in case of a filtered port, a package filter is preventing our probe from reaching our target. These ports are very frustrating to an attacked because they provide very little information.
There are some other statuses as well but they are less prevalent while pentesting and can be found in the Nmap documentation or the help pages.