Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
What is Nmap?
3.
Why learn about Nmap?
4.
Features of Nmap
5.
Top 8 Nmap Commands
5.1.
Scan a Range of IP Address
5.2.
Port Scanning
5.3.
Ping Scan Using Nmap
5.4.
Most Popular Ports Scanning
5.5.
Saving the Nmap Scan Output to a File
5.6.
Display Open Ports
5.7.
Exclude Host/ IP Addresses for the Scan
5.8.
Service Version Detection
6.
Core Concepts of Nmap Commands
6.1.
Syntax
7.
Basic Command Structure
7.1.
Getting Started with Nmap Commands
7.1.1.
Installation
7.1.2.
Initial Setup
8.
Diving Deeper: Advanced Commands
8.1.
Verbose Mode
8.2.
Scanning Multiple Hosts
8.3.
Combining Flags
8.4.
OS Detection
8.5.
Timing Templates
8.6.
Stealth Scans
8.7.
Output Formatting
8.8.
Port Range Scanning
8.9.
Aggressive Scan
8.10.
Scan using a Specific Network Interface
8.11.
TCP SYN/Connect()/ACK/Window/Maimon Scans
8.11.1.
UDP Scans
8.11.2.
IP Protocol Scan
8.11.3.
Scan for Specific Services
8.11.4.
Scriptable Scan Engine
8.11.5.
Packet Trace
9.
Use Cases and Scenarios
9.1.
Network Inventory
9.2.
Vulnerability Assessment 
9.3.
Service Discovery 
10.
Frequently Asked Questions 
10.1.
What is nmap commands? 
10.2.
What are the popular Nmap scans?
10.3.
What Nmap is used for?
10.4.
What is flag in Nmap?
11.
Conclusion
Last Updated: Mar 27, 2024
Medium

nmap commands

Author Riya Singh
0 upvote

Introduction

Nmap, the Network Mapper, is a free and open-source tool that's indispensable for network scanning and security auditing. It empowers administrators to discover hosts and services on a network, thus creating a "map" of the network.

nmap commands

In this article, we will learn about nmap commands. We will learn more about its core concepts and commands for a better understanding of nmap. 

What is Nmap?

Nmap is an open-source tool used for network exploration and security auditing. It's designed to discover hosts and services on a computer network, thus creating a map of the network topology. Nmap uses raw IP packets to determine what hosts are available on the network, what services those hosts are offering, and what operating systems they are running.

Nmap provides a flexible and powerful set of features, including host discovery, port scanning, version detection, scriptable interaction, operating system detection, and various output formats. It's widely used by network administrators, security professionals, and ethical hackers to assess and enhance network security.

Why learn about Nmap?

There are various reasons that show why we should learn Nmap:

  • It helps identify vulnerabilities in a network, allowing administrators to strengthen security measures and protect against potential threats.
  • It assists system administrators in managing and optimizing network resources by providing insights into the network structure and services.
  • For ethical hackers and security professionals, Nmap is a crucial tool for conducting penetration tests and identifying weaknesses in a system.
  • In digital forensics, it is used to gather information about network activity, aiding in investigations and incident response.
  • It enables the creation of network maps, helping visualize the structure of a network and its connected devices.

Features of Nmap

There are several features of Nmap:

  • Host Discovery: Nmap can identify active hosts on a network.
  • Port Scanning: It scans for open ports on target hosts, revealing available services.
  • Version Detection: Nmap can determine the version of services running on open ports.
  • Scriptable Interaction: It supports scripting to automate tasks and customize scans.
  • Operating System Detection: Nmap can often identify the operating system of a target.
  • Flexible Target Specification: Users can define target hosts using various methods.
  • Output Formats: Nmap provides multiple output formats for results analysis.

Top 8 Nmap Commands

Below is the list of the top 8 nmap commands:

Scan a Range of IP Address

Nmap's -sP initiates a Ping Scan, swiftly discovering live hosts within a given IP range. This method doesn't delve into open ports but identifies responsive hosts.

Port Scanning

Port scanning is a crucial aspect of Nmap. The -p option empowers users to specify particular ports or port ranges for a detailed exploration of a target's open ports.

Ping Scan Using Nmap

The -sn option in Nmap enables a Ping Scan, allowing users to identify live hosts without actively probing open ports. It's an efficient method for host discovery.

Most Popular Ports Scanning

With the -F option, Nmap focuses on scanning the 100 most commonly used ports. Alternatively, using -p- scans all 65535 ports for a comprehensive analysis.

Saving the Nmap Scan Output to a File

For documentation, Nmap provides options like -oN and -oX to redirect scan results to a file. The -oN saves results in a readable format, while -oX stores them in XML.

Display Open Ports

By deploying options like -p-, users can instruct Nmap to scan all ports, revealing a target's open ports. This aids in understanding the target's accessible services.

Exclude Host/ IP Addresses for the Scan

Nmap's versatility extends to excluding specific hosts or IP addresses from a scan. The --exclude option ensures that certain targets are bypassed during the scanning process.

Service Version Detection

Nmap's -sV option enhances reconnaissance by including service version detection. This allows users to identify not just open ports but also the specific software and versions running on those ports.

Core Concepts of Nmap Commands

Syntax

The basic syntax of an Nmap command is:

nmap [Scan Type] [Options] {target specification}

Basic Command Structure

At its core, an Nmap command comprises the scan type, options, and target specification.

Basic Command Structure
nmap -sS codingninjas.com

Here, -sS specifies a SYN scan, and codingninjas.com is the target.

Getting Started with Nmap Commands

Installation

Installation is straightforward on most systems:

sudo apt install nmap   # Debian/Ubuntu
sudo yum install nmap   # Red Hat/CentOS

Initial Setup

Post installation, a simple scan to check the service version of a host would look like:

nmap -sV codingninjas.com

Diving Deeper: Advanced Commands

Let’s understand the advanced commands of nmap. 

advanced commands of nmap

Verbose Mode

The -v flag enables verbose mode, enriching the output with more details.

nmap -v codingninjas.com

Scanning Multiple Hosts

Scanning multiple hosts is as easy as listing them or using CIDR notation.

nmap codingninjas.com example.com
nmap 192.168.1.0/24

Combining Flags

Combine various flags to tailor your scans.

nmap -sS -sV -v codingninjas.com

OS Detection

Identify the operating system of target hosts with the -O flag.

nmap -O codingninjas.com

Timing Templates

Control the speed of scans with timing templates.

nmap -T4 codingninjas.com

Stealth Scans

Initiate stealthy scans to stay under the radar.

nmap -sF codingninjas.com

Output Formatting

Record scan results in various formats for later analysis.

nmap -oA output codingninjas.com

Port Range Scanning

Specify a range of ports to narrow down your scan.

nmap -p 20-100 codingninjas.com

Aggressive Scan

Perform an aggressive scan to gather as much information as possible.

nmap -A codingninjas.com

Scan using a Specific Network Interface

Choose a network interface for the scan.

nmap --interface eth0 codingninjas.com

TCP SYN/Connect()/ACK/Window/Maimon Scans

Various TCP scan types can be performed using different flags.

nmap -sS codingninjas.com # SYN scan
nmap -sT codingninjas.com # Connect() scan
nmap -sA codingninjas.com # ACK scan

UDP Scans

Perform a UDP scan to check for open UDP ports.

nmap -sU codingninjas.com

IP Protocol Scan

Discover supported protocols on the target systems.

nmap -sO codingninjas.com

Scan for Specific Services

Scan for specific services by specifying the port and protocol.

nmap -p 80,443 codingninjas.com

Scriptable Scan Engine

Utilize Nmap Scripting Engine (NSE) to create customized scripts for your scans.

nmap --script=default codingninjas.com

Packet Trace

View the packets being sent and received during the scan.

nmap --packet-trace codingninjas.com

Use Cases and Scenarios

Nmap commands can be tailored to meet specific needs in various scenarios. For instance:

Network Inventory

By performing a simple ping scan -sn, you can discover all active hosts in your network.

nmap -sn 192.168.1.0/24

Vulnerability Assessment 

Utilizing the Scripting Engine with vulnerability scripts can help in identifying potential vulnerabilities.

nmap --script=vuln codingninjas.com

Service Discovery 

Find out what services are running on the servers with a service version scan -sV.

nmap -sV codingninjas.com

These commands and scenarios highlight the versatility and robustness of Nmap, making it an invaluable tool in a network administrator's toolkit. Whether you are troubleshooting, doing routine network checks, or exploring new network setups, Nmap commands provide the insights needed to navigate the network terrain confidently.

Frequently Asked Questions 

What is nmap commands? 

Nmap, the Network Mapper, is an open-source tool that is used to discover hosts and services in a network. 

What are the popular Nmap scans?

Common Nmap scans include SYN Scan (-sS), Full TCP Connect Scan (-sT), UDP Scan (-sU), and Intense Scan (-T4 -A), each serving specific purposes in network reconnaissance.

What Nmap is used for?

Nmap is a powerful network scanning tool used for security assessments, network discovery, and vulnerability detection, aiding administrators, security professionals, and ethical hackers.

What is flag in Nmap?

Flags in Nmap, represented by options like -sS or -T4, configure specific scan types, timing, or behavior. They allow users to customize Nmap scans according to their requirements.

Conclusion

Nmap commands are the keys to unlocking a wealth of network data. From basic scans to advanced network exploration, each command opens a door to a deeper understanding of the network landscape. The -v flag, your lens to the unseen; multiple host scanning, your canvas of endless possibilities. As you delve deeper into the Nmap command library, you'll find it to be not just a tool, but a companion in your quest for network security and mastery.

Recommended Reading:

wget command in linux

You can refer to our guided paths on the Coding Ninjas. You can check our course to learn more about DSADBMSCompetitive ProgrammingPythonJavaJavaScript, etc. 

Also, check out some of the Guided Paths on topics such as Data Structure and AlgorithmsCompetitive ProgrammingOperating SystemsComputer Networks, DBMSSystem Design, etc., as well as some Contests, Test Series, and Interview Experiences curated by top Industry Experts.

Live masterclass