Nmap Command in Linux with Examples
Last Updated : 19 Jul, 2024
Nmap is Linux command-line tool for network exploration and security auditing. This tool is generally used by hackers and cybersecurity enthusiasts and even by network and system administrators. It is used for the following purposes:
- Real time information of a network
- Detailed information of all the IPs activated on your network
- Number of ports open in a network
- Provide the list of live hosts
- Port, OS and Host scanning
Installing Nmap Command
In case of Debian/Ubuntu
sudo apt-get install nmap
In case of CentOS/RedHat
yum install nmap
Working with Nmap Command
1. To scan a System with Hostname and IP address. First, Scan using Hostname
nmap www.geeksforgeeks.org
Now let’s Scan using IP Address
nmap 172.217.27.174
The nmap command allows scanning a system in various ways. In this we are performing a scan using the hostname as “geeksforgeeks” and IP address “172.217.27.174”, to find all open ports, services, and MAC addresses on the system.
2. To scan using “-v” option.
nmap -v www.geeksforgeeks.org
It is used to get more detailed information about the remote machines.
3. To scan multiple hosts
nmap 103.76.228.244 157.240.198.35 172.217.27.174
We can scan multiple hosts by writing IP addresses or hostnames with nmap.
4. To scan whole subnet
nmap 103.76.228.*
We can scan a whole subnet or IP range with nmap by providing “*” with it. It will scan a whole subnet and give the information about those hosts which are Up in the Network.
5. To scan specific range of IP address
nmap 192.168.29.1-20
We can specify the range of IP addresses. This command will scan IP address 192.168.29.1 to 192.168.29.20 .
6. To scan to detect firewall settings.
sudo nmap -sA 103.76.228.244
Detecting firewall settings can be useful during penetration testing and vulnerability scans. To detect it we use “-sA” option. This will provide you with information about firewall being active on the host. It uses an ACK scan to receive the information.
7. To identify Hostnames
sudo nmap -sL 103.76.228.244
We use “sL” option to find hostnames for the given host by completing a DNS query for each one. In addition to this “-n” command can be used to skip DNS resolution, while the “-R” command can be used to always resolve DNS.
8. To scan from a file
nmap -iL input.txt
If we have a long list of addresses that we need to scan, we can directly import a file through the command line. It will produce a scan for the given IP addresses.
9. To get some help
nmap -h
We use the “-h” option if we have any questions about nmap or any of the given commands. It shows the help section for nmap command, including giving information regarding the available flags.
10. Here -sS flag is used for TCP SYN Scan, Which is a stealthy and efficient method of scanning for open ports on a target system.
nmap -sS <Domain Name>
11. Here “-oG” flag can be used to store the nmap result in to specific file.
nmap -sS <Domain Name> -oG <file-path>
12. The “-sU” flag is used with nmap to perform a UDP scan, which allows the user to discover open UDP ports and services on a target system.
nmap -sU <Domain Name>
13. The “-sn” flag is used with nmap to perform a ping scan, which sends ICMP requests to a target host or network to determine hosts is up or not.
nmap -sn <Domain Name>
14. The “-p” flag is used with nmap to perform scan on a specific port or range of ports. ( In our case it will scan port 80,443 and 21 )
nmap -p 80 443 21 <Domain Name>
15. We can also specify the range of ports to scan on a network. ( In this case it will scan all the ports in the range of 1 to 80 )
nmap -p 1-80 <Domain Name>
16. Here -A indicates aggressive, it will give us extra information, like OS detection (-O), version detection, script scanning (-sC), and traceroute (–traceroute). It even provides a lot of valuable information about the host.
nmap -A <Domain Name>
17. Using this command we can discover the target hosting service or identify additional targets according to our needs for quickly tracing the path.
nmap --trace out <Domain Name>
18. Here it will display the operating system where the domain or ip address is running, but will not display the exact operating system available on the computer. It will display only the chance of operating system available in the computer. The command will just guess the running operating system (OS) on the host.
nmap -O <Domain Name>
Similar Reads
pmap command in Linux with Examples
The pmap command in Linux is a powerful utility used to display the memory map of a process. A memory map provides insight into how memory is allocated and distributed within a running process. This can be incredibly useful for developers and system administrators when debugging memory issues, optim
4 min read
ncal Command in Linux with Examples
ncal is a command-line tool to view a calendar on the terminal in Linux. It is similar to the cal command in Linux. The major difference between both the commands is the output they display. It shows the current month calendar of the current year with the date highlighted. But with command options,
2 min read
ln command in Linux with Examples
The 'ln' command in Linux is a powerful utility that allows you to create links between files. These links can either be hard links or soft (symbolic) links. If you're unfamiliar with these concepts, check out our detailed guide on Hard and Soft Links in Linux to understand their differences, use ca
3 min read
uname command in Linux with Examples
Linux, renowned for its open-source flexibility and powerful performance, offers a range of commands that reveal the inner workings of your system. Among these, the 'uname' command stands out as a versatile tool that provides key details about your Linux machine. Here, we will learn the basics of th
4 min read
nproc Command in Linux with Examples
nproc It is a simple Unix command which is used to print the number of processing units available in the system or to the current process. This command could be used in system diagnostics and related purposes. It is part of GNU Core utils, so it comes pre-installed with all modern Linux operating sy
3 min read
rcp Command in Linux with examples
When working in a Linux environment, there often comes a time when you need to transfer files from one computer to another. While more secure options like scp or rsync exist, the rcp (Remote Copy Protocol) command offers a simple and efficient way to copy files between systems, especially for beginn
5 min read
vnstat command in Linux with Examples
vnstat is a command-line tool in Linux that is generally used by system administrators in order to monitor network parameters such as bandwidth consumption or maybe some traffic flowing in or out. It monitors the traffic on the system's network interfaces. Installing vnstat on LinuxIn case of RedHa
4 min read
read command in Linux with Examples
read command in the Linux system is used to read from a file descriptor. This command reads up the total number of bytes from the specified file descriptor into the buffer. If the number or count is zero, this command may detect errors. But on success, it returns the number of bytes read. Zero indic
3 min read
tcpdump Command in Linux with Examples
tcpdump is a packet sniffing and packet analyzing tool for a System Administrator to troubleshoot connectivity issues in Linux. It is used to capture, filter, and analyze network traffic such as TCP/IP packets going through your system. It is many times used as a security tool as well. It saves the
4 min read
Linux make Command with Examples
The make command for Linux is a very useful utility in the automation of software development and performing tasks in a Linux environment. It simply reads a special file, which is called a Makefile and this file describes how one's program is compiled and linked with another file or another program
6 min read