Lesson 90: nmap Command

In this lesson, you'll learn how to use the nmap command to scan networks, discover open ports, detect operating systems, and audit network security in Linux.

nmap Command: A powerful network scanning tool for discovering hosts, services, and security vulnerabilities.

The Nmap (Network Mapper) is an open-source and very versatile tool for Linux system/network administrators.

It is used for exploring networks, performing security scans, network audits and finding open ports on remote machines.

It scans for live hosts, operating systems, packet filters and open ports running on remote hosts.

Let's utilize two servers without a firewall to test the working of the nmap command.

192.168.0.100 – server1.tecmint.com
192.168.0.101 – server2.tecmint.com

nmap Command Syntax

# nmap [SCAN TYPE(S)] [OPTIONS] {TARGET SPECIFICATION}

Install nmap in Linux

Most of today's Linux distributions, like Red Hat, CentOS, Fedora, Debian, and Ubuntu have included nmap in their default package management repositories.

To install nmap on your distribution, use the following command.

# yum install nmap        # Red Hat based systems
$ sudo apt-get install nmap  # Debian based systems

nmap Command Options

Option	Description
`-v`	Enable verbose output
`-A`	Enable OS detection, version detection, script scanning, and traceroute
`-O`	Enable OS detection
`-sA`	TCP ACK scan to detect firewall rules
`-PN`	Scan host skipping ping (useful for firewall-protected hosts)
`-sP`	Ping scan to find live hosts only
`-F`	Fast scan — scan only ports in nmap-services file
`-V`	Display the nmap version
`-r`	Scan ports consecutively without randomizing
`--iflist`	Print host interfaces and routes
`-p PORT`	Scan a specific port or port range
`-p T:PORT`	Scan a specific TCP port
`-sU`	UDP scan
`-sV`	Detect service version numbers
`-PS`	TCP SYN ping scan
`-PA`	TCP ACK ping scan
`-sS`	Perform a stealthy SYN scan
`-sT`	TCP connect scan
`-sN`	TCP Null scan
`-iL FILE`	Read target hosts from a file
`--exclude IP`	Exclude a host from the scan

Once you've installed the latest nmap application, let's learn its usage by discussing some examples.

1. Scan a System with Hostname and IP Address

The nmap tool offers various methods to scan a system. In this example, let's perform a scan using hostname as server2.tecmint.com to find out all open ports, services and MAC addresses on the system.

Scan using the Hostname:

Module 1: File & Directory Management

Module 2: File Archiving & Compression

Module 3: Text Processing & Search

Module 4: Process Management

Module 5: Disk & Storage

Module 6: User & Permission Management

Module 7: System Information & Monitoring

Module 8: Package Management

Module 9: Networking

Module 10: Advanced & Security