NMAP, well, we here are talking of network mapping, this tool is a celebrity tool that also appeared in one of my favorite trilogy, yes, the Matrix series, in the movie , its used to scan the whole Matrix ecosystem but here we will not go in much details but will start from a basics.
As per Insecure Org,
“Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded,Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.
Lets get to work, first we can have the IP of the machine
[[email protected] ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:77:EA:7D
inet addr:192.168.172.128 Bcast:192.168.172.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe77:ea7d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54691 errors:0 dropped:0 overruns:0 frame:0
TX packets:28951 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:80387733 (76.6 MiB) TX bytes:1595230 (1.5 MiB)
Interrupt:19 Base address:0x2000
1. Scanning localhost
Nmap –sP localhost
2. Scanning network 192.168.1.0/24
Nmap –sP 192.168.1.0/24
3. Scan everything damn thing about localhost or network
Nmap –A localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-18 09:26 PST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000053s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey: 1024 36:87:72:a9:08:04:0d:ba:7c:6a:ff:45:99:41:19:79 (DSA)
|_2048 38:b0:e9:0f:b2:72:07:06:5c:22:88:86:f5:cf:e7:08 (RSA)
25/tcp open smtp Postfix smtpd
5900/tcp open vnc VNC (protocol 3.7)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
Network Distance: 0 hops
Service Info: Host: localhost.localdomain
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.52 seconds
So simply, you can get the detailed stats of the whole network as you got for localhost.
Some other basic scanning techniques
4. nmap TCP SYN (half-open) scanning
# nmap -v -sS localhost
# nmap -v -sS 192.168.0.0/24
5. nmap TCP FIN scanning
# nmap -v -sF localhost
# nmap -v -sF 192.168.0.0/24
6. nmap TCP Xmas tree scanning
Useful to see if firewall protecting against this kind of attack or not
# nmap -v -sX localhost
# nmap -v -sX 192.168.0.0/24
7. nmap TCP Null scanning
Useful to see if firewall protecting against this kind attack or not
# nmap -v -sN localhost
# nmap -v -sN 192.168.0.0/24
8. nmap TCP Windows scanning
# nmap -v -sW localhost
# nmap -v -sW 192.168.0.0/24
9. nmap TCP RPC scanning
Useful to find out RPC (such as portmap) services
# nmap -v -sR localhost
# nmap -v -sR 192.168.0.0/24
10. nmap UDP scanning
Useful to find out UDP ports
# nmap -v -O localhost
# nmap -v -O 192.168.0.0/24
If you are looking for automation then NSE is the answer (NMAP Scripting Engine), Nmap 6.25 is with 85 new NSE scripts, performance improvements, better OS/version detection, and more!