I saw a video in which a person scanned a public IP(it was his SOHO network) using nmap. It showed all the open ports and other info but I don't understand how can nmap scan ports and tell which are open when there are multiple devices on that network. Is it that nmap scans all the devices on that network using that public IP and then shows a collective result or is it something else? Link for that video
at 7:43
When NMAP scans an IP, it, in theory only scans the device who is running on that IP.
But there is a catch, if the IP that the NMAP scans is a device with port forwarding, it will forward the scan for that port to the device that the port forwarding is directed at.
To give you an example, I will define few stuff
Port 10 is open on the router itself, its used for public communication
Port 20 is not opened on the router and its not being port forwarded
Port 30 is being port forwarded to Server 1, who has that port open
Port 40 is being port forwarded to Server 2, but that server doesn't have that port open
In the results on NMAP, you will get the following result.
Ports 10 and 30 will show up as open, while ports 20, 40, will show up closed or maybe filtered
So while we only scanned the one public IP and one device on that IP, we can see the device that is behind the router. But that is only possible because when we try to connect to a port on a router, the router is saying:
"Okay, this connection is trying to go to port 30, I have a configuration here that says that port 30 should go to Server 1 on that port, I will redirect the traffic to that server and then when I get the response from the server, I will redirect to the device that made the request"
