NMAP command (short for Network Mapper) is an open-source network security tool & is the best port scanner for your server/network. Nmap command is widely used for auditing the network security & also for the penetration testing of your networks. 

It displays the open or exposed ports or services on your or another target machine/network & along with that, it will also provide other information of the system like Operating system, etc.

Another way that we can use Nmap is for “Network Discovery”. 

In this tutorial, we will learn how we can use the Nmap command to test out our system or network security & check all the open or exposed services on the target system with the help of some examples.

Recommended Read: Install & learn to use TCPDUMP with examples

Also Read: How to Schedule a Shutdown in Linux using Crontab?

 


NMAP command Installation


Nmap is pre-installed on almost all Linux distributions, none the less you can use the following commands if that’s not the case to install it on some of the popular Linux distributions.

 

RHEL/CentOS/Oracle Linux/Scientific Linux

# yum install nmap

Ubuntu/Mint/Debian

$ sudo apt-get install nmap

Fedora/CentOS 8/RHEL 8

$ dnf install nmap

 


Nmap Command Examples


Now let’s move on to discuss some of the examples for the Nmap utility.

1- Scanning a single IP

To scan a single system on our network, open terminal & execute the following command,

$ nmap 10.10.1.10

Similarly, we can also scan a system with its hostname,

$ nmap mail.thelinuxgurus.com

 

2- Scan multiple IPs

For scanning multiple IPs, we can mention all the IPs followed by a space. Like this,

$ nmap 10.10.1.10 10.10.1.200

Or to scan an IP address range,  we can also mention a range,

$ nmap 10.10.1.10-110

Similarly for scanning a full subnet,

$ nmap 10.10.1.0/24

 

3- Scanning IP list from a file

If you have saved IP addresses in a file, then we can also mention a file to scan all IPs mentioned in that file,

$ nmap –iL ips.txt

where ‘ips.txt’ is the file containing all the IP addresses. 

 

4- Port scanning

For scanning a single port of a machine, we can mention the port number along with option ‘p’,

$ nmap –p 22 10.10.1.10

For scanning a range of ports, use

$ nmap –p 100-1000 10.10.1.10

For scanning all the ports i.e. 65535 ports, run the following command,

$ nmap –p 10.10.1.10

For scanning 100 most common ports, used option ‘F’ with nmap command,

$ nmap –F 10.10.1.10

This scan is also known as a Fast scan.

 

5- Ping a device aka Host discovery

This is normally used to make sure that the device is up or not. We can also call it Host Discovery,

$ nmap –sP 10.10.1.0/24

 

6- TCP port scan

To perform a scan on all TCP ports in a host, use the options ‘sT’ with nmap command,

$ nmap –sT 10.10.1.10

 

7- UDP port scan

To run the port scanning on all UDP ports in a host, use the options ‘sU’ with nmap command,

$ nmap –sU 10.10.1.10

 

8- OS & Service scan

To check only the Operating System of the target machine, use ‘O’ option,

$ nmap –O 10.10.1.10

In addition to the Operating system & we can also check all the services running on the system with the use of option ‘A’ with nmap command,

$ nmap –A 10.10.1.10

 

9- Show all host interfaces & routes

To get all the interfaces that are available on the target system & also show all the routes of the system, use the option ‘iflist’,

$ nmap –iflist

 

10- Scan a firewall-protected system

To scan a target system that has been protected by a firewall, we can use the options ‘PN’ with nmap command,

$ nmap –PN 10.10.1.10

 

11- Redirecting output to a file

To redirect the output of a command to a text file, use the option ‘oN’ followed by the filename,

$ nmap –oN output.txt 10.10.1.10

Similarly, we can also export output to an XML file, using the option ‘X’,

$ nmap –oX output.xml 10.10.1.10

Or alternatively, just use the redirect symbols to redirect output to a file,

$ nmap 10.10.1.10 > output.txt

 

12- Getting Help

If you have not found the nmap functionality that you require or need more information about the various options that can be used with Nmap, you can refer to help as well,

$ nmap –help

nmap command

Nmap command is fairly extensible & a big topic to cover in a single tutorial, whatever we have mentioned here are some of the basic commands to get you started with Nmap. We will try to publish some more advanced examples on how you can use the Nmap command in Linux.

This completes our tutorial, please feel free to send in any questions or queries using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.