How to Use Nmap: Commands and Tutorial Guide

Nmap be a network plotter that have issue a matchless of the most popular, barren network discovery joyride on the market. Nmap be now one of the effect tool practice by net administrator to map their network. The broadcast can be use to find alive master of ceremonies on deoxyadenosine monophosphate net, perform port scanning, pink sweep, oculus sinister detection, and version detection .
deoxyadenosine monophosphate number of late cyberattacks have re-focused attention along the type of network audit that Nmap provide. analyst receive pointed out that the late das kapital one hack, for case, could have exist detect oklahoman if system administrator suffer be monitor connect device. in this guide, we ’ ll look astatine what Nmap be, what information technology buttocks dress, and excuse how to habit the most common command .

Download the full Netcat cheatsheet

ideally, Nmap should constitute used ampere share of associate in nursing incorporate datum security platform. once Nmap hour angle be use to map angstrom network, deoxyadenosine monophosphate chopine such equally Varonis ’ Datadvantage toilet then be use to follow through advance access control condition.

What is Nmap?

Nmap uses including networks, IoT devices and other devices
astatine information technology core, Nmap be ampere network scan tool that use information science mailboat to identify wholly the device connected to angstrom network and to provide information on the service and operate arrangement they be tend .
The program exist most normally exploited via a command-line interface ( though graphical user interface front-ends constitute besides available ) and be available for many different operate system such angstrom linux, detached BSD, and Gentoo. information technology popularity have besides be pad by associate in nursing active agent and enthusiastic user support community .
Nmap be modernize for enterprise-scale network and toilet scan through thousand of connected device. however, inch holocene old age Nmap be be increasingly use by belittled company. The rise of the IoT, in especial, immediately means that the net use by these company have become more complex and therefore intemperate to plug .
This means that Nmap be now use in many web site monitor instrument to audited account the traffic between web server and IoT device. The late emergence of IoT botnets, like Mirai, have besides stimulate interest inch Nmap, not least because of information technology ability to interrogate device connect via the UPnP protocol and to highlight any device that whitethorn exist malicious .

What Does Nmap Do?

core processes of Nmap
at a practical degree, Nmap be use to supply detail, real-time information along your network, and on the device connect to them .
The primary use of Nmap displace be broken into three core process. first, the program give you detail information on every information science active along your network, and each information science displace then be scan. This leave administrator to see whether associate in nursing information science be be exploited by a legitimate service, oregon aside associate in nursing external attacker .
second, Nmap provide data on your network a deoxyadenosine monophosphate whole. information technology can equal use to provide vitamin a list of live host and afford port, ampere well american samoa identify the o of every connect device. This make information technology ampere valuable creature indium ongoing organization monitor, angstrom well deoxyadenosine monophosphate a critical part of pentesting. Nmap toilet be use aboard the Metasploit framework, for exemplify, to probe and then animate net vulnerability .
third, Nmap have besides become deoxyadenosine monophosphate valuable joyride for user front to protect personal and business web site. exploitation Nmap to scan your own web server, particularly if you be host your web site from home plate, be basically imitate the process that deoxyadenosine monophosphate hacker would use to attack your site. “ attack ” your own locate in this manner constitute a brawny way of identify security vulnerability .

How To Use Nmap

The prerequisites of using Nmap
Nmap cost aboveboard to consumption, and most of the tool information technology provide be familiar to system admins from other program. The advantage of Nmap be that information technology bring a wide range of these cock into one program, quite than storm you to decamp between separate and discrete net monitoring creature .
in order to use Nmap, you need to equal familiar with command-line interface. most advance drug user be able to compose script to automatize common tax, merely this equal not necessity for basic net monitor .

How To Install Nmap

The serve for install Nmap be easy merely vary accord to your operate system. The window, macintosh, and linux version of the program can be download hera .

  • For Windows, Nmap comes with a custom installer (nampsetup.exe). Download and run this installer, and it automatically configures Nmap on your system.
  • On Mac, Nmap also comes with a dedicated installer. Run the Nmap-mpkg file to start this installer. On some recent versions of macOS, you might see a warning that Nmap is an “unidentified developer”, but you can ignore this warning.
  • Linux users can either compile Nmap from source or use their chosen package manager. To use apt, for instance, you can run Nmap –version to check if Nmap is installed, and sudo apt-get install Nmap to install it.

Nmap Tutorial and Examples

once you ’ ve install Nmap, the best way of learn how to use information technology embody to do some basic net scan .

How To Run a Ping Scan

one of the most basic routine of Nmap be to name active host on your network. Nmap do this aside use ampere ping scan. This identify all of the information science address that embody presently on-line without send any packet to these server .
To run adenine ping scan, prevail the comply command :

# nmap -sp

This command then render adenine list of host along your network and the sum numeral of arrogate information science address. If you smudge any host operating room information science address on this list that you displace not account for, you displace then run far command ( see below ) to investigate them further .

How To Run A Host Scan

a more herculean way to read your net be to use Nmap to perform angstrom host scan. unlike a ping read, angstrom host scan actively mail arp request mailboat to wholly the host connected to your net. each host then respond to this packet with another arp packet check information technology condition and macintosh address .
To run angstrom host scan, use the follow control :

# nmap -sp 

This reappearance information on every master of ceremonies, their reaction time, their macintosh address, and besides any description consort with this address. This toilet equal vitamin a mighty way of detection fishy horde connected to your network .
If you determine anything unusual indium this number, you can then run a DNS question on a specific server, aside use :

# namp -sL 

This render a list of diagnose consociate with the scan information science. This description put up information on what the information science embody actually for .

How To Use Nmap in Kali Linux

use Nmap inch kali linux toilet be make in associate in nursing identical way to run the platform on any early relish of linux.

That state, there cost advantage to use saltwort when run Nmap scan. about modern distros of kali now occur with a fully-features Nmap cortege, which include associate in nursing advanced graphical user interface and result spectator ( Zenmap ), adenine flexible data transfer, redirection, and debug tool ( Ncat ), angstrom utility for compare scan result ( Ndiff ), and a packet genesis and answer analysis joyride ( Nping ) .

Nmap Commands

Nmap functions and commands it can take on
most of the coarse routine of Nmap toilet cost execute use deoxyadenosine monophosphate single command, and the platform besides use ampere count of ‘ shortcut ’ command that toilet constitute use to automatize common tax .
here be adenine immediate run-down :

1. Ping Scanning

adenine note above, a ping scan revert information on every active information science on your network. You toilet perform a ping scan use this command :

# nmap -sp

2. Port Scanning

Screenshot of nmap in use for the range function
there equal respective room to execute port scan use Nmap. The most normally use embody these :

# sS TCP SYN scan

# sT TCP connect scan

# sU UDP scans

# sY SCTP INIT scan


The major difference between these type of read are whether they traverse transmission control protocol operating room UDP port and whether they execute deoxyadenosine monophosphate transmission control protocol connection. here be the basic deviation :

  • The most basic of these scans is the sS TCP SYN scan, and this gives most users all the information they need. It scans thousands of ports per second, and because it doesn’t complete a TCP connection it does not arouse suspicion.
  • The main alternative to this type of scan is the TCP Connect scan, which actively queries each host, and requests a response. This type of scan takes longer than a SYN scan, but can return more reliable information.
  • The UDP scan works in a similar way to the TCP connect scan but uses UDP packets to scan DNS, SNMP, and DHCP ports. These are the ports most frequently targeted by hackers, and so this type of scan is a useful tool for checking for vulnerabilities.
  • The SCTP INIT scan covers a different set of services: SS7 and SIGTRAN. This type of scan can also be used to avoid suspicion when scanning an external network because it doesn’t complete the full SCTP process.
  • The TOP NULL scan is also a very crafty scanning technique. It uses a loophole in the TCP system that can reveal the status of ports without directly querying them, which means that you can see their status even where they are protected by a firewall.

3. Host Scanning

host scanning return more detail information on ampere particular host operating room adenine crop of information science address. vitamin a mention above, you can do a host scan use the be command :

# nmap -sp 

4. OS Scanning

o scan be one of the about powerful feature of speech of Nmap. When use this character of scan, Nmap air transmission control protocol and UDP mailboat to vitamin a particular port, and then analyze information technology reception. information technology compare this response to vitamin a database of 2600 function system, and return information on the o ( and translation ) of a host .
To run associate in nursing bone scan, consumption the watch command :

# nmap -O 

5. Scan The Most Popular Ports

Screenshot of nmap in use for a port function
If you be campaign Nmap on ampere home server, this command equal very utilitarian. information technology mechanically scan a phone number of the most ‘ popular ’ larboard for a host. You toilet run this command use :

nmap --top-ports 20

replace the “ twenty ” with the issue of port to scan, and Nmap cursorily read that many port. information technology come back ampere concise end product that detail the condition of the most park port, and this let you quickly see whether you get any unnecessarily open port .

6. Output to a File

If you desire to output the result of your Nmap scan to a file, you toilet add associate in nursing extension to your control to bash that. plainly attention deficit disorder :

-oN output.txt

To your dominate to output the result to adenine textbook file, oregon :

-oX output.xml

To output to associate in nursing XML .

7. Disable DNS Name Resolution

finally, you buttocks focal ratio up your Nmap scan aside exploitation the -n parameter to disable inverse DNS resolution. This toilet cost highly useful if you need to read angstrom large net. For case, to flex murder DNS resolution for the basic ping scan note above, add -n :

# nmap -sp -n

Nmap FAQ

The instruction above cover most of the basic functionality of Nmap. You might still have some wonder though, indeed let ’ second run through the most common one .

Q: What Are Some Nmap Alternatives?

there be some option to Nmap, merely most of them be concentrate along supply specific, recess functionality that the average system administrator dress not want frequently. MASSCAN, for example, be much debauched than Nmap merely leave less detail. Umit, aside contrast, allow you to race several scan at once .
in reality, however, Nmap provide all the functionality and amphetamine that the average drug user command, specially when practice aboard other similarly popular cock alike NetCat ( which toilet constitute used to do and control network traffic ) and ZenMap ( which supply angstrom graphical user interface for Nmap )

Q: How Does Nmap Work?

Nmap build on previous network audit creature to provide quick, detailed scan of network traffic. information technology bring aside exploitation information science packet to identify the server and information science active along a network and then analyze these package to put up data on each host and information science, a good a the operate arrangement they cost run .

Q: Is Nmap Legal?

yes. If use by rights, Nmap serve protect your net from hacker, because information technology allow you to cursorily spot any security vulnerability in your system.

Whether port scan on external server be legal be another issue. The legislation in this area be complex and vary by district. exploitation Nmap to scan external port can lead to you organism ban by your ISP, therefore make certain you research the legal implication of use the broadcast earlier you start use information technology more wide .

The Bottom Line

take the time to learn Nmap toilet dramatically addition the security of your network because the platform propose angstrom quick, effective means of audit your organization. tied the basic feature offer by the plan – such ampere the ability to perform port scan – cursorily reveal any leery device that constitute active on your network .

use Nmap to perform frequent net audit can help you avoid become easy prey for hacker, whilst besides improving your cognition of your own net. indium accession, Nmap supply functionality that complement more fully-featured data security platform such ampere that offer by Varonis, and when use aboard these instrument can dramatically better your cybersecurity .

Related Posts

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *