Nmap is short for Network Mapper . It is an open source security tool for network exploration, security scanning, and auditing. However, the nmap command comes with a lot of options that make the utility more advanced, but also more difficult for newbies. The purpose of this article is to introduce you to the nmap command line tool for scanning a host and network to identify possible vulnerabilities. You will also learn how to use Nmap for offensive and defensive purposes. Let’s see some common examples of nmap commands .
What is Nmap and what is it used for?
Information from the instruction manual page:
Nmap (“Network Mapper”) is an open source network exploration and security audit tool. It was designed to quickly scan large networks. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) these hosts offer, what operating systems (and OS versions) they run on, what type of packet filters / firewalls are in use, and dozens of other characteristics. Although Nmap is commonly used for security auditing, many system and network administrators find it useful for mundane tasks such as network inventory, managing service update schedules, and monitoring host or service uptime.
Nmap for Linux systems was written by Gordon Lyon . This tool can easily answer the following questions:
- What computers are on the local network?
- What IP addresses work on the local network?
- What is the operating system on your target machine?
- What ports are open on the machine you just scanned?
- Is the system infected with malware or virus?
- Search for unauthorized servers or network services on your network.
- Find and remove computers that do not meet the minimum security level.
In this article we will try to tell you a little about this utility and give examples of commands for system administrators.Installing the nmap application
On Debian / Ubuntu / Linux Min t systems, do the following:
sudo apt-get install nmap
On RedHat / CentOS / Fedora system, you need to do the following:
yum install nmap
On OpenBSD, you need to do the following:
pkg_add -v nmap
We will not describe the entire syntax of this utility, since it is quite large, and there is always nmap –help or man nmap at hand , and we will give examples of the most common operations with a small description.
Most of nmap’s operations require root authority . When running nmap as a normal user, most of the functionality will be unavailable.
Scan a single host or IP address
nmap 192.168.1.1 nmap valeurbit.com ## -v - use "detailed report" mode ## nmap -v valeurbit.com
Scan multiple IP addresses or subnet
nmap 192.168.1.1 192.168.1.2 192.168.1.3 ## IP address range ##
## Scan entire subnet ##
## Ping address range ##
nmap -sP 192.168.0.100-254
-sP – ping- “scan”Determine the operating system of the host being scanned
nmap -O 192.168.0.1-255
-O – this option allows you to determine the operating system of the scanned host using the TCP / IP stack fingerprint methodService scan
nmap -sV valeurbit.com
-sV – enable the mode of determining the versions of the services to which the scanned ports are assigned.Read the list of hosts / networks from the file
Sometimes there is a need to scan a large number of hosts and networks and, for convenience, they can be listed in a text document and then used.
Let’s create a net.text file with the following content:
192.168.1.0/24 192.168.1.1/24 192.168.1.2/24
Now let’s scan them:
nmap -iL net.txt
-iL <file_name> – reads the description of target hosts from a text fileWriting the scan result to a text file
nmap 192.168.0.1> output.txt nmap -oN / usr / filename 192.168.0.1 nmap -oN output.txt 192.168.0.1
-oN <file_name> – writes the scan results to the specified file in a user-friendly form.Scan the network and find out which servers and devices are up and running (Host is up)
nmap -sP 192.168.0.0/24
Show host and routes
Scan specific ports
map -p [port] hostName ## Scan TCP port 80 ## nmap -p T: 80 192.168.1.1
## Scan UDP port 19 ## nmap -p U: 19 192.168.1.1
## Scan multiple ports ## nmap -p 80,443 192.168.1.1
## Scan port range ## nmap -p 80-200 192.168.1.1
## Combined scan ## nmap -p U: 53,111,137, T: 21-25,80,139,8080 192.168.1.1
## Scan all ports ## nmap -p "*" 192.168.1.1
Nmap recognizes six port states:
open – open
closed – closed
filtered – the port is not available, most likely filtered by the firewall
unfiltered – the port is available, but the state could not be determined
open | filtered – open or filtered by the firewall
closed | filtered – closed or filtered by the firewall
Scan hosts for UDP or TCP services
nmap -sU 192.168.0.1 nmap -sT 192.168.0.1
-sU – scan UDP ports
-sT is a generic TCP port scan method If you find errors or inconsistencies in the article, we will be grateful if you write to us about them in the comments.