Nmap Commands with Examples

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

In this article lets learn some practical nmap commands with examples

1. Scanning localhost

Nmap –sP localhost

2. Scanning network 192.168.1.0/24

Nmap –sP 192.168.1.0/24

3. Scan everything damn thing about localhost or network

Nmap –A localhost

Output :

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-18 09:26 PST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000053s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey: 1024 36:87:72:a9:08:04:0d:ba:7c:6a:ff:45:99:41:19:79 (DSA)
|_2048 38:b0:e9:0f:b2:72:07:06:5c:22:88:86:f5:cf:e7:08 (RSA)
25/tcp open smtp Postfix smtpd
5900/tcp open vnc VNC (protocol 3.7)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.51%D=12/18%OT=22%CT=1%CU=33133%
OS:=i386-redhat-linux-gnu)SEQ(SP=103%GCD=1%
OS:O1=M400CST11NW6%O2=M400CST11NW6%O3=M400
OS:CST11NW6%O6=M400CST11)WIN(W1=8000%W2=80
OS:0)ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW
OS:S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF
OS:=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=
OS:%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=
OS:%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RI
OS:=40%CD=S)
Network Distance: 0 hops
Service Info: Host: localhost.localdomain
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.52 seconds

So simply, you can get the detailed stats of the whole network as you got for localhost.

Some other basic scanning techniques

4. nmap TCP SYN (half-open) scanning

# nmap -v -sS localhost
# nmap -v -sS 192.168.0.0/24

5. nmap TCP FIN scanning

# nmap -v -sF localhost
# nmap -v -sF 192.168.0.0/24

6. nmap TCP Xmas tree scanning

Useful to see if firewall protecting against this kind of attack or not

# nmap -v -sX localhost
# nmap -v -sX 192.168.0.0/24

7. nmap TCP Null scanning

Useful to see if firewall protecting against this kind attack or not

# nmap -v -sN localhost
# nmap -v -sN 192.168.0.0/24

8. nmap TCP Windows scanning

# nmap -v -sW localhost
# nmap -v -sW 192.168.0.0/24

9. nmap TCP RPC scanning

Useful to find out RPC (such as portmap) services

# nmap -v -sR localhost
# nmap -v -sR 192.168.0.0/24

10. nmap UDP scanning

Useful to find out UDP ports

# nmap -v -O localhost
# nmap -v -O 192.168.0.0/24

If you are looking for automation then NSE is the answer (NMAP Scripting Engine), Nmap 6.25 is with 85 new NSE scripts, performance improvements, better OS/version detection, and more!

References:

Nmap Org
Lua Org

Bobbin Zachariah 8:00 am

Comments

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.