Nmap is short for Network Mapper. It is a free, open-source tool that scans IP addresses and ports on a network. It can be used to detect installed applications and find open ports and services. It is compatible with different OS.
Many systems and network admins also find it useful for tasks such as network inventory, managing service upgrade schedules and monitoring host or service uptime. Nmap uses raw IP Packets in novel ways to determine what hosts are available on the network, services, OS they are running, types of packet filters/firewalls, etc.
Now, I know you’re already bored reading this, let’s go into the usage but first, how do you get it? The installation process is easy, but it may vary based on your operating system. Below, we’ve covered how to install an app for Windows, MacBook, and Linux versions.
For Windows OS: Download and run the custom installer you get with Nmap (namp<version>setup.exe). This will automatically configure Nmap on your Microsoft system.
For Mac OS: Run the Nmap-<version>mpkg file to start the dedicated installer (you get this with Nmap).
For Linux OS: Run the following commands after opening the terminal to install Nmap
CentOS/Fedora: sudo dnf install nmap
Ubuntu/Debian: sudo apt-get install nmap
With this, I believe you already have it installed, so let’s get to the usage:
Ping Scanning
A ping scan will return the information on every IP active on your network. You can use the following command to execute the ping scan.
nmap –sp <host>
Note: You can also run a scan a single host command to scan a single host for 1000 well-known ports
Port Scanning
There are different ways to execute a scan for ports. The main difference between the varying types of port scans is whether they cover TCP or UDP ports and if they run a TCP connection.
The TCP connect scans every host and requests a response, while the UDP scan uses UDP packets to scan DNS, SNMP and DHCP ports to do the same job.
nmap –p 80 <host>
The “-p” parameter is used to specify the port(s) that will go through the scanning process.
nmap –p 79-978 <host>
The hyphen is used to specify the port range
nmap –top-ports 10 scanme.nma.org
“—top-ports” is used to scan the specified top n ports
nmap –p –T:80 <host>
To scan for TCP ports
nmap –p –U:53 <host>
To scan for UDP ports
Displaying open ports
This command enables Nmap to display ports that are found open on the network.
nmap –open <host>
nmap –open scanme.nmap.org
Service and OS Detection
This command can be used to detect IPv4 scripts
nmap –A <host>
nmap –sV –v <host>
The “-v” command means verbosity, how detailed you want your output
Host Scanning
This type of scanning gives you detailed info on a specific host or range of IP addresses, including latency, MAC address and any description associated with the address.
nmap <host> *
This will scan all the subnets at a go
nmap 192.164.0.1,2,3,4
Adding commas to separate the IP address ending instead of typing the entire domains.
nmap 192.164.0.0-255
Using the hyphen will set a defined range of IPs to scan.
To output a file
The addition of an extension of the type of file you want to be saved is also allowed with Nmap.
nmap <host> > <filename>.txt
To save as a text file
nmap –oN <filename>.xml <host>
To save to an XML file
Note: Either way is supported for any file type (extensions)
To perform an Aggressive scan
This will scan for all that there is to be scanned for.
nmap –sV –version-intensity 4 <host>
nmap –A <host>
nmap –sV <host>
Other commands that are also used in Nmap are;
nmap –Pn <host.
nmap –sU –p 3222, 434 <host>
nmap –sS <host> etc.
Nmap supports the use of scripts;
nmap –script=ssl-gl.nse <host>
To scan for a specific script, to get more scripts simply go through the root of your Linux machine or you can check them online alongside their functions.
nmap –script-help=ssl-gl
This is to get help for a particular script, which could be any.
nmap –sV –sC <host>
To scan some default scripts
nmap –script=http-title <host>
To get the HTTP headers of web service.
nmap –script=asn-query, whois, ip-geolocation-state loc <host>
To get info on an IP address.
In conclusion, Nmap is a powerful tool used for networking and security auditing of networks. It is useful for quickly finding useful information about networks, ports, hosts and OS of a system or network. Of course, other settings can enhance the use and productivity of Nmap, although we only discussed a few I hope you have been able to learn or relearn.
Thank you.