How to Use Nmap: Commands and It’s Illustration’s

Reading Time: 3 minutes
Everything about Nmap | The Network Mapper - Latest Hacking News, Data  Breaches, Hacking Tools, Cyber Security Jobs

What is Nmap?

At its core, Nmap is a network scanning tool that uses IP packets to identify all the devices connected to a network and to provide information on the services and operating systems they are running.

The program is most commonly used via a command-line interface (though GUI front-ends are also available) and is available for many different operating systems such as Linux, Free BSD, and Gentoo. Its popularity has also been bolstered by an active and enthusiastic user support community.

What Does Nmap Do?

core processes of Nmap

At a practical level, Nmap is used to provide detailed, real-time information on your networks, and on the devices connected to them.

The primary uses of Nmap can be broken into three core processes. First, the program gives you detailed information on every IP active on your networks, and each IP can then be scanned.

Secondly, Nmap provides information on your network as a whole.

It can be used to provide a list of live hosts and open ports, as well as identifying the OS of every connected device. This makes it a valuable tool in ongoing system monitoring, as well as a critical part of pentesting. 

How To Use Nmap

Nmap is straightforward to use, and most of the tools it provides are familiar to system admins from other programs. The advantage of Nmap is that it brings a wide range of these tools into one program, rather than forcing you to skip between separate and discrete network monitoring tools.

How To Install Nmap

Linux users can either compile from source or use their chosen package manager. To use apt, for instance, you can run Nmap –version to check if it is installed, and sudo apt-get install Nmap to install it.

Nmap Commands

1. Ping Scanning

As mentioned above, a ping scan returns information on every active IP on your network. You can execute a ping scan using this command.


2. Port Scanning

There are several ways to execute port scanning using. The most commonly used are these:

# sS TCP SYN scan
# sT TCP connect scan
# sU UDP scans
# sY SCTP INIT scan

3. Host Scanning

Host scanning returns more detailed information on a particular host or a range of IP addresses. As mentioned above, you can perform a host scan using the following command:

# nmap -sp <target IP range>

4. OS Scanning

OS scanning is one of the most powerful features of Nmap. When using this type of scan, Nmap sends TCP and UDP packets to a particular port, and then analyze its response. It compares this response to a database of 2600 operating systems, and return information on the OS (and version) of a host.

To run an OS scan, use the following command:

 nmap -O <target IP>

If you are running Nmap on a home server, this command is very useful. It automatically scans a number of the most ‘popular’ ports for a host. You can run this command using:

nmap --top-ports 20

6. Output to a File

If you want to output the results of your Nmap scans to a file, you can add an extension to your commands to do that. Simply add:

-oN output.txt

To your command to output the results to a text file, or:

-oX output.xml

To output to an XML.

7. Disable DNS Name Resolution

Finally, you can speed up your Nmap scans by using the -n parameter to disable reverse DNS resolution. This can be extremely useful if you want to scan a large network. For example, to turn off DNS resolution for the basic ping scan mentioned above, add -n:

# nmap -sp -n

For More Information:

Written by 

I am an enthusiastic , hard-working and determine girl with strong attention to detail and eager to learn about new technologies.