×

Search anything:

nmap command in Linux

Binary Tree book by OpenGenus

Open-Source Internship opportunity by OpenGenus for programmers. Apply now.

nmap(Network mapper) is a Linux command line tools used to explore networks and test security. It is commonly used for security audits and can also be used by system administrators for routine tasks such as monitoring hosts and services in a network, network inventory, OS and version detection, port scanning, ping sweeps etc.

Table of contents.

  1. Introduction.
  2. Syntax.
  3. Commands.
  4. Summary.
  5. References.

Introduction.

nmap(network mapper) is network exploration, penetration testing, security scanning and auditing tool. It is used for scanning ip addresses and ports, it can also detect installed applications on a system.

In a network, it can determine running hosts and services the hosts are using.
It can also detect the operating system and version of a connected device on the network.

Syntax.

The syntax is as follows.

nmap [Scan Type(s)] [Options] {target specification}

Commands.

To scan a system, we can either use an ip address or its hostname,

nmap hostname.com

or

nmap 176.12.76.1

To perform a fast scan over the network, we use the -F option as follows,

nmap -F 172.16.0.56

To produce output while scanning we use the -v verbose option,

nmap -v hostname.com

We can also pass multiple hosts as arguments as follows,

nmap host1.com host2.com host3.com

To scan an entire subnet we write,

nmap 172.16.0.*

To scan a range of ip addresses, we write,

nmap 172.16.0.1-10

The above command scans ip addresses in the range of 172.16.0.1 upto the last ip 172.16.0.10

We can also scan the network to find live hosts by writing,

nmap -sP 172.16.0.*

We can also write,

nmap 172.16.0.1,2,3

to scan Ips, 172.16.0.1, 172.16.0.2 and 172.16.0.3

We can also read hosts from a file,

cat > hosts.txt
172.16.0.1 
172.16.0.2
172.16.0.3

to scan we write,

nmap -iL hosts.txt

While performing a scan we can also opt to exclude hosts by using the --exclude option as follows,

nmap 172.16.0.* --exclude 172.16.0.56

To get operating system information we write,

nmap -O 172.16.0.56

To get the versions of services running on remote hosts we write,

nmap -sV www.opengenus.org

We can also scan to detect firewalls by writing,

nmap -sA 172.16.0.56

To scan a host and detect whether there is any packet filtering, we write,

nmap -PN 172.16.0.56

To scan a specific port on a host we use the -p option as follows,

nmap -p 3306 host.com

To scan multiple ports of a host, we write,

nmap -p 80,443,53 172.16.0.56

We can also specify a range of ports as follows,

nmap -p 100-400 172.16.0.56

The command will scan ports within the range of 100 and 400.

Stealthy scans enables one to perform scans without being detected and/or blocked. To perform such scans with nmap we write,

nmap -sS hostdomain.com

Some hosts block ICMP requests so that pinging hosts cannot get replies. In such cases we can use TCP ACK/SYN.

nmap -PS www.domain.com

We can also use nmap to get information involving interfaces and routes by writing,

nmap --iflist

Here we have given examples using different options however one may combine multiple options to obtain desired output.

Summary

nmap is used for network exploration, security auditing and scanning. It can be used for offensive or defensive purposes depending on the user.

It answers questions such as,

  • What computers are running on the network.
  • What ports are currently open.
  • What services are currently being used and by what hosts.
  • What operating system and versions are currently running on host machines.

We can also search for unauthorized servers or network services in the network, check for malware in a system.

With this article at OpenGenus, you must have a strong hold on nmap command in Linux.

nmap command in Linux
Share this