NMAP command (short for Network Mapper) is an open-source network security tool & is the best port scanner for your server/network. Nmap command is widely used for auditing the network security & also for the penetration testing of your networks.
It displays the open or exposed ports or services on your or another target machine/network & along with that, it will also provide other information of the system like Operating system, etc.
Another way that we can use Nmap is for “Network Discovery”.
In this tutorial, we will learn how we can use the Nmap command to test out our system or network security & check all the open or exposed services on the target system with the help of some examples.
Recommended Read: Install & learn to use TCPDUMP with examples
NMAP command Installation
Nmap is pre-installed on almost all Linux distributions, none the less you can use the following commands if that’s not the case to install it on some of the popular Linux distributions.
RHEL/CentOS/Oracle Linux/Scientific Linux
# yum install nmap
$ sudo apt-get install nmap
Fedora/CentOS 8/RHEL 8
$ dnf install nmap
Nmap Command Examples
Now let’s move on to discuss some of the examples for the Nmap utility.
1- Scanning a single IP
To scan a single system on our network, open terminal & execute the following command,
$ nmap 10.10.1.10
Similarly, we can also scan a system with its hostname,
$ nmap mail.thelinuxgurus.com
2- Scan multiple IPs
For scanning multiple IPs, we can mention all the IPs followed by a space. Like this,
$ nmap 10.10.1.10 10.10.1.200
Or to scan an IP address range, we can also mention a range,
$ nmap 10.10.1.10-110
Similarly for scanning a full subnet,
$ nmap 10.10.1.0/24
3- Scanning IP list from a file
If you have saved IP addresses in a file, then we can also mention a file to scan all IPs mentioned in that file,
$ nmap –iL ips.txt
where ‘ips.txt’ is the file containing all the IP addresses.
4- Port scanning
For scanning a single port of a machine, we can mention the port number along with option ‘p’,
$ nmap –p 22 10.10.1.10
For scanning a range of ports, use
$ nmap –p 100-1000 10.10.1.10
For scanning all the ports i.e. 65535 ports, run the following command,
$ nmap –p 10.10.1.10
For scanning 100 most common ports, used option ‘F’ with nmap command,
$ nmap –F 10.10.1.10
This scan is also known as a Fast scan.
5- Ping a device aka Host discovery
This is normally used to make sure that the device is up or not. We can also call it Host Discovery,
$ nmap –sP 10.10.1.0/24
6- TCP port scan
To perform a scan on all TCP ports in a host, use the options ‘sT’ with nmap command,
$ nmap –sT 10.10.1.10
7- UDP port scan
To run the port scanning on all UDP ports in a host, use the options ‘sU’ with nmap command,
$ nmap –sU 10.10.1.10
8- OS & Service scan
To check only the Operating System of the target machine, use ‘O’ option,
$ nmap –O 10.10.1.10
In addition to the Operating system & we can also check all the services running on the system with the use of option ‘A’ with nmap command,
$ nmap –A 10.10.1.10
9- Show all host interfaces & routes
To get all the interfaces that are available on the target system & also show all the routes of the system, use the option ‘iflist’,
$ nmap –iflist
10- Scan a firewall-protected system
To scan a target system that has been protected by a firewall, we can use the options ‘PN’ with nmap command,
$ nmap –PN 10.10.1.10
11- Redirecting output to a file
To redirect the output of a command to a text file, use the option ‘oN’ followed by the filename,
$ nmap –oN output.txt 10.10.1.10
Similarly, we can also export output to an XML file, using the option ‘X’,
$ nmap –oX output.xml 10.10.1.10
Or alternatively, just use the redirect symbols to redirect output to a file,
$ nmap 10.10.1.10 > output.txt
12- Getting Help
If you have not found the nmap functionality that you require or need more information about the various options that can be used with Nmap, you can refer to help as well,
$ nmap –help
Nmap command is fairly extensible & a big topic to cover in a single tutorial, whatever we have mentioned here are some of the basic commands to get you started with Nmap. We will try to publish some more advanced examples on how you can use the Nmap command in Linux.
This completes our tutorial, please feel free to send in any questions or queries using the comment box below.