Scaler
Academy
Data Science
AI/ML
DevOps
Neovarsity
New
Skill Test
Free Masterclass
Search for Articles, Topics
nmap Command in Linux

nmap Command in Linux

By Team Scaler
3 mins read
Last updated: 31 Dec 2023
146 views
Learn via video courses
Topics Covered

Overview

The nmap command in Linux is a flexible, powerful, and indispensable tool used for network discovery and security auditing. Short for Network Mapper, nmap is employed by network administrators across the globe to explore networks, perform security scans, detect open ports, and so much more.

Syntax of nmap Command in Linux

The basic syntax of the nmap command in Linux is as follows:

Where:

  • [Scan Type]: This part denotes the type of scan you want to perform. Different types of scans include SYN scan (-sS), TCP scan (-sT), and UDP scan (-sU), among others.
  • [Options]: These are additional parameters that modify the behavior of the nmap command.
  • {target specification}: This is the hostname, IP address, or range of IPs you want to scan.

Options in nmap Command in Linux

  1. -p: This option specifies the port range to be scanned.

    For example -

    Output:

    This command scans the IP address 192.168.0.1 on ports 22, 80, and 443. The output shows that ports 22 and 443 are open, and 80 is closed.

  2. -sV: This option enables version detection.

    For example -

    Output:

    This command detects services and their versions running on open ports.

  3. -O: This option enables OS detection.

    For example -

    Output:

    This command tries to determine the operating system of the host 192.168.0.1.

Example Usages

  • Scanning a single host:

    Output:

    Explanation: This command performs a basic scan of the host 192.168.0.1. The output shows the open ports and their services.

  • Scanning multiple hosts:

    Output:

    Explanation: This command scans multiple hosts (192.168.0.1 and 192.168.0.2) and provides individual reports for each.

Tips

  • Always use nmap in a legal and ethical manner. Scanning networks without permission is illegal and unethical.

  • Use the '-v' flag for verbose output, helpful in understanding what's happening during the scan.

  • Utilize '-oN' to save the scan output to a file.

Advanced Use Cases of nmap Command in Linux

  • Ping sweep to discover hosts in a network:

    Output:

    Explanation: This command performs a ping sweep in the 192.168.0.1/24 subnet, identifying hosts that are up.

  • Script scanning using the Nmap Scripting Engine (NSE):

    Output:

    Explanation: This command runs a script 'http-title' from the NSE that fetches the title of the web page running on the target host.

  • Stealth scanning using SYN scan:

    Output:

    Explanation: This command performs a stealthy SYN scan, which is less likely to be logged than a standard scan.

Conclusion

  • The nmap command in Linux is a versatile tool for network exploration and security auditing.

  • It offers a variety of features, from basic scanning and version detection to advanced uses like OS detection and scripting.

  • While powerful, it should always be used responsibly and ethically, respecting network permissions.