Nmap is a powerful network scanning tool used for security audits and penetration testing. It is one of the essential tools for network administrators to troubleshoot connectivity issues and perform port scans.

Nmap can also detect MAC addresses, operating system types, service versions, and more.

This article explains the basics of how to use the Nmap command to perform various network tasks.

Installing Nmap

Nmap is a cross-platform program that can be installed on all major operating systems. Initially released as a Linux-only tool, it has since been ported to other systems like BSD, Windows, and macOS.

If you prefer a GUI over the command line, Nmap also has a graphical interface called Zenmap.

You can download binary files from the Nmap download page.

Installing Nmap on Ubuntu and Debian

sudo apt update sudo apt install nmap -y            

Installing Nmap on CentOS and Fedora

        sudo dnf install nmap            

Installing Nmap on macOS

macOS users can install Nmap by downloading the ".dmg" package from the Nmap website or using Homebrew:

        brew install nmap            

Installing Nmap on Windows

The Windows version of Nmap has some limitations and is generally slower compared to the UNIX version.

The easiest way to install Nmap on Windows is to download and run the self-installing ".exe" file.

Using Nmap

Nmap is commonly used for network security checks, network mapping, identifying open ports, and finding online devices.

The basic syntax for the Nmap command is:

        nmap [Options] [Target...]            

Basic Scan Example

To scan a target as a standard user:

        nmap scanme.nmap.org            

TCP SYN Scan

For a faster TCP SYN scan:

        sudo nmap 192.168.10.121            

UDP Scan

To perform a UDP scan:

        sudo nmap -sU 192.168.10.121            

IPv6 Scanning

To scan an IPv6 host, use:

        sudo nmap -6 fd12:3456:789a:1::1            

Specifying Target Hosts

You can specify IP addresses, domain names, CIDR notation, or ranges:

        nmap 192.168.10.121 host.to.scan            

Specifying and Scanning Ports

By default, Nmap scans the 1,000 most common ports. To scan all ports from 1 to 65535:

        nmap -p- 192.168.10.121            

Ping Scanning

To perform a ping scan without port scanning:

        sudo nmap -sn 192.168.10.0/24            

Disabling DNS Resolution

To disable reverse DNS resolution and speed up scans:

        sudo nmap -n 192.168.10.0/16            

Detecting OS, Services, and Versions

To detect the operating system of a remote host:

        sudo nmap -O scanme.nmap.org            

Service and Version Detection

To scan services and versions:

        sudo nmap -sV scanme.nmap.org            

Saving Nmap Output

To save scan results to a file in normal format:

        sudo nmap -sU -p 1-1024 192.168.10.121 -oN output.txt            

Saving in XML Format

        sudo nmap -sU -p 1-1024 192.168.10.121 -oX output.xml            

Nmap Scripting Engine

Nmap's scripting engine allows users to run scripts for various tasks, such as detecting malware or performing brute-force attacks. For example, to check if a server is compromised:

        nmap -sV --script http-malware-host scanme.nmap.org            

Conclusion

Nmap is an open-source tool used primarily by network administrators for host discovery and port scanning. Please note that in some countries, network scanning without permission is illegal.

If you have any questions or comments, feel free to leave them below.