GET IN TOUCH

Nmap commands for Linux systems

ValeurBit Infosec > Blog > Valeurbit > Nmap commands for Linux systems

Nmap is short for Network Mapper . It is an open source security tool for network exploration, security scanning, and auditing. However, the nmap command comes with a lot of options that make the utility more advanced, but also more difficult for newbies. The purpose of this article is to introduce you to the nmap command line tool for scanning a host and network to identify possible vulnerabilities. You will also learn how to use Nmap for offensive and defensive purposes. Let’s see some common examples of nmap commands .

What is Nmap and what is it used for?

Information from the instruction manual page:

Nmap (“Network Mapper”) is an open source network exploration and security audit tool. It was designed to quickly scan large networks. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) these hosts offer, what operating systems (and OS versions) they run on, what type of packet filters / firewalls are in use, and dozens of other characteristics. Although Nmap is commonly used for security auditing, many system and network administrators find it useful for mundane tasks such as network inventory, managing service update schedules, and monitoring host or service uptime.

Nmap for Linux systems was written by Gordon Lyon . This tool can easily answer the following questions:

  • What computers are on the local network?
  • What IP addresses work on the local network?
  • What is the operating system on your target machine?
  • What ports are open on the machine you just scanned?
  • Is the system infected with malware or virus?
  • Search for unauthorized servers or network services on your network.
  • Find and remove computers that do not meet the minimum security level.

In this article we will try to tell you a little about this utility and give examples of commands for system administrators.Installing the nmap application

On Debian / Ubuntu / Linux Min t systems, do the following:

sudo apt-get install nmap

On RedHat / CentOS / Fedora system, you need to do the following:

yum install nmap

On OpenBSD, you need to do the following:

pkg_add -v nmap

We will not describe the entire syntax of this utility, since it is quite large, and there is always nmap –help or man nmap at hand , and we will give examples of the most common operations with a small description.

Most of nmap’s operations require root authority . When running nmap as a normal user, most of the functionality will be unavailable.

Scan a single host or IP address

nmap 192.168.1.1 

nmap valeurbit.com 

## -v - use "detailed report" mode ## 

nmap -v valeurbit.com

Scan multiple IP addresses or subnet

nmap 192.168.1.1 192.168.1.2 192.168.1.3
## IP address range ## 

nmap 192.168.1.1-20 

nmap 192.168.1.1,2,3 

## Scan entire subnet ## 

nmap 192.168.1.0/24 

## Ping address range ## 

nmap -sP 192.168.0.100-254

-sP – ping- “scan”Determine the operating system of the host being scanned

nmap -O 192.168.0.1-255

-O – this option allows you to determine the operating system of the scanned host using the TCP / IP stack fingerprint methodService scan

nmap -sV valeurbit.com

-sV – enable the mode of determining the versions of the services to which the scanned ports are assigned.Read the list of hosts / networks from the file

Sometimes there is a need to scan a large number of hosts and networks and, for convenience, they can be listed in a text document and then used.

Let’s create a net.text file with the following content:

192.168.1.0/24
192.168.1.1/24
192.168.1.2/24

Now let’s scan them:

nmap -iL net.txt

-iL <file_name> – reads the description of target hosts from a text fileWriting the scan result to a text file

nmap 192.168.0.1> output.txt
nmap -oN / usr / filename 192.168.0.1
nmap -oN output.txt 192.168.0.1

-oN <file_name> – writes the scan results to the specified file in a user-friendly form.Scan the network and find out which servers and devices are up and running (Host is up)

nmap -sP 192.168.0.0/24

Show host and routes

nmap –iflist

Scan specific ports

map -p [port] hostName

## Scan TCP port 80 ##
nmap -p T: 80 192.168.1.1


## Scan UDP port 19 ##
nmap -p U: 19 192.168.1.1


## Scan multiple ports ##
nmap -p 80,443 192.168.1.1


## Scan port range ##
nmap -p 80-200 192.168.1.1


## Combined scan ##
nmap -p U: 53,111,137, T: 21-25,80,139,8080 192.168.1.1


## Scan all ports ##
nmap -p "*" 192.168.1.1

Nmap recognizes six port states:
open – open
closed – closed
filtered – the port is not available, most likely filtered by the firewall
unfiltered – the port is available, but the state could not be determined
open | filtered – open or filtered by the firewall
closed | filtered – closed or filtered by the firewall
Scan hosts for UDP or TCP services

nmap -sU 192.168.0.1
nmap -sT 192.168.0.1

-sU – scan UDP ports

-sT is a generic TCP port scan method If you find errors or inconsistencies in the article, we will be grateful if you write to us about them in the comments.