Learn Linux Nmap Command With Examples

NMAP, well, we here are talking of network mapping, this tool is a celebrity tool that also appeared in one of my favorite trilogy, yes, the Matrix series, in the movie , its used to scan the whole Matrix ecosystem but here we will not go in much details but will start from a basics.

As per Insecure Org,

“Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded,Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.

Lets get to work, first we can have the IP of the machine

[[email protected] ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:77:EA:7D
inet addr: Bcast: Mask:
inet6 addr: fe80::20c:29ff:fe77:ea7d/64 Scope:Link
RX packets:54691 errors:0 dropped:0 overruns:0 frame:0
TX packets:28951 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:80387733 (76.6 MiB) TX bytes:1595230 (1.5 MiB)
Interrupt:19 Base address:0x2000

1. Scanning localhost

Nmap –sP localhost

2. Scanning network

Nmap –sP

3. Scan everything damn thing about localhost or network

Nmap –A localhost

Output :

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-18 09:26 PST
Nmap scan report for localhost (
Host is up (0.000053s latency).
Other addresses for localhost (not scanned):
Not shown: 997 closed ports
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey: 1024 36:87:72:a9:08:04:0d:ba:7c:6a:ff:45:99:41:19:79 (DSA)
|_2048 38:b0:e9:0f:b2:72:07:06:5c:22:88:86:f5:cf:e7:08 (RSA)
25/tcp open smtp Postfix smtpd
5900/tcp open vnc VNC (protocol 3.7)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
Network Distance: 0 hops
Service Info: Host: localhost.localdomain
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.52 seconds

So simply, you can get the detailed stats of the whole network as you got for localhost.

Some other basic scanning techniques

4. nmap TCP SYN (half-open) scanning

# nmap -v -sS localhost
# nmap -v -sS

5. nmap TCP FIN scanning

# nmap -v -sF localhost
# nmap -v -sF

6. nmap TCP Xmas tree scanning

Useful to see if firewall protecting against this kind of attack or not

# nmap -v -sX localhost
# nmap -v -sX

7. nmap TCP Null scanning

Useful to see if firewall protecting against this kind attack or not

# nmap -v -sN localhost
# nmap -v -sN

8. nmap TCP Windows scanning

# nmap -v -sW localhost
# nmap -v -sW

9. nmap TCP RPC scanning

Useful to find out RPC (such as portmap) services

# nmap -v -sR localhost
# nmap -v -sR

10. nmap UDP scanning

Useful to find out UDP ports

# nmap -v -O localhost
# nmap -v -O

If you are looking for automation then NSE is the answer (NMAP Scripting Engine), Nmap 6.25 is with 85 new NSE scripts, performance improvements, better OS/version detection, and more!


Nmap Org
Lua Org

Bobbin Zachariah 8:00 am

About Bobbin Zachariah

Founder of LinOxide, passionate lover of Linux and technology writer. Started his career in Linux / Opensource from 2000. Love traveling, blogging and listening music. Reach Bobbin Zachariah about me page and google plus page.

Author's All Posts
Like to become part of Linoxide Team and contribute tips? Contact us here.


Your email address will not be published. Required fields are marked *

All comments are subject to moderation.