Nmap is a powerful network scanning tool used for security audits and penetration testing. It is one of the essential tools for network administrators to troubleshoot connectivity issues and perform port scans.
Nmap can also detect MAC addresses, operating system types, service versions, and more.
This article explains the basics of how to use the Nmap command to perform various network tasks.
Installing Nmap
Nmap is a cross-platform program that can be installed on all major operating systems. Initially released as a Linux-only tool, it has since been ported to other systems like BSD, Windows, and macOS.
If you prefer a GUI over the command line, Nmap also has a graphical interface called Zenmap.
You can download binary files from the Nmap download page.
Installing Nmap on Ubuntu and Debian
sudo apt update sudo apt install nmap -y
Installing Nmap on CentOS and Fedora
sudo dnf install nmap
Installing Nmap on macOS
macOS users can install Nmap by downloading the ".dmg" package from the Nmap website or using Homebrew:
brew install nmap
Installing Nmap on Windows
The Windows version of Nmap has some limitations and is generally slower compared to the UNIX version.
The easiest way to install Nmap on Windows is to download and run the self-installing ".exe" file.
Using Nmap
Nmap is commonly used for network security checks, network mapping, identifying open ports, and finding online devices.
The basic syntax for the Nmap command is:
nmap [Options] [Target...]
Basic Scan Example
To scan a target as a standard user:
nmap scanme.nmap.org
TCP SYN Scan
For a faster TCP SYN scan:
sudo nmap 192.168.10.121
UDP Scan
To perform a UDP scan:
sudo nmap -sU 192.168.10.121
IPv6 Scanning
To scan an IPv6 host, use:
sudo nmap -6 fd12:3456:789a:1::1
Specifying Target Hosts
You can specify IP addresses, domain names, CIDR notation, or ranges:
nmap 192.168.10.121 host.to.scan
Specifying and Scanning Ports
By default, Nmap scans the 1,000 most common ports. To scan all ports from 1 to 65535:
nmap -p- 192.168.10.121
Ping Scanning
To perform a ping scan without port scanning:
sudo nmap -sn 192.168.10.0/24
Disabling DNS Resolution
To disable reverse DNS resolution and speed up scans:
sudo nmap -n 192.168.10.0/16
Detecting OS, Services, and Versions
To detect the operating system of a remote host:
sudo nmap -O scanme.nmap.org
Service and Version Detection
To scan services and versions:
sudo nmap -sV scanme.nmap.org
Saving Nmap Output
To save scan results to a file in normal format:
sudo nmap -sU -p 1-1024 192.168.10.121 -oN output.txt
Saving in XML Format
sudo nmap -sU -p 1-1024 192.168.10.121 -oX output.xml
Nmap Scripting Engine
Nmap's scripting engine allows users to run scripts for various tasks, such as detecting malware or performing brute-force attacks. For example, to check if a server is compromised:
nmap -sV --script http-malware-host scanme.nmap.org
Conclusion
Nmap is an open-source tool used primarily by network administrators for host discovery and port scanning. Please note that in some countries, network scanning without permission is illegal.
If you have any questions or comments, feel free to leave them below.
Comments (0)