In this article, we are going to explain what are Nmap commands and how to install Nmap. We will also be providing some Nmap command examples.
In addressing and performing this, there is a large pool of monitoring and scanning utilities being offered to monitor the network proficiently, perform actions like security auditing and network mapping, avoid the possible vulnerabilities or, if ever, solve the problems caused by these vulnerabilities.
Suppose this is new to you and don’t have any idea, no worries! In this article, we will guide you. We will help you know what is Nmap and, most importantly, how you will use it as your monitoring tool.
In the realm of network security and exploration, understanding ports and conducting port scans is essential. Ports are endpoints that enable communication between different devices over a network. To ensure the security and accessibility of a network, it is crucial to identify open ports and potential vulnerabilities. One powerful tool for conducting port scans is Nmap (Network Mapper), a versatile and widely used open-source network scanning utility.
With this blog post, we will delve into the world of Nmap port scan and explore how to use it for port scanning. We will cover the basics of ports, walk you through the process of conducting port scans with the Nmap port scan command, and introduce you to some essential Nmap commands. By the end of this article, you will have a solid understanding of how to utilize Nmap to identify open ports and evaluate the security of your network.
Last Words
We hope that the above-mentioned Nmap command list will help you through the network monitoring journey. Networks have been one of the most important parts of continuing virtual essentials as well as innovation. However, there are still people with dark intentions who attacks and hacks these networks for their self-interest and purposes. Good security practice would be to flush the DNS periodically.
Knowing how Network mapping or Nmap works is one of the enormous points for you against these people to accumulate security and avoid the lurking troubles; you can also watch out for your network.
Watching these aftermath scenarios of hacking makes us learn that security scanning and monitoring are crucial. This will lead us to the next step after watching and learning, watching for our network status and security, and looking after the possible threats that happened and will happen.
People also read:
Nmap…Nmap?
The Nmap or Network Mapping is a free monitoring tool or open-source network scanner that can detect services, open ports, and even security risks. It can also detect and scan the operating system (OS) by just scanning the networks. It will show and report the IP addresses or packets of all the units or computers in a said network, and custom scanning is one of the choices that provide more information and detailed results.
Nmap was created by Gordon Lyon or known by his pseudonym It was first time introduced in September 1997, which was written in C++ with source code in the Phrack Magazine for further years, Nmap has been extended with Python, Perl, and C.
Nmap scan all ports command
TCP Connect Scan (-sT)
The TCP Connect Scan is the default scan type used by Nmap ports. It establishes a full TCP connection with the target system by completing the three-way handshake. It sends SYN packets to the target ports and waits for SYN-ACK responses to determine if the ports are open, closed, or filtered.
Note : Nmap is indicating that it couldn’t establish if the host is up or not. Adding the -Pn option disables host discovery, and it might allow you to perform a TCP scan
Command: nmap -sT <target>
SYN Stealth Scan (-sS)
Also known as a half-open scan, the SYN Stealth Scan is one of the most popular and commonly used scan types. It transmits SYN packets to the ports that are targeted, but instead of completing the full TCP connection, it analyzes the response packets to decide if the ports are open, closed, or filtered. This scan is often faster and more stealthy than the TCP Connect Scan.
Command: nmap -sS <target>
UDP Scan (-sU)
While TCP is the most prevalent employed protocol, some services and applications rely on the UDP protocol. The UDP Scan allows Nmap to send UDP packets to specific ports and analyze the responses to identify open, closed, or filtered ports. This scan can be useful for discovering services that may be running on UDP ports.
Command: nmap -sU <target>
Comprehensive Scan (-sC)
The Comprehensive Scan, also known as the Script Scan, combines multiple Nmap scripts to gather detailed information about the target system. It performs a variety of tests, including version detection, vulnerability assessment, and enumeration of services and protocols.
Command: nmap -sC <target>
Operating System Detection (-O)
Nmap can attempt to identify the operating system of the target system by analyzing various network characteristics and comparing them against its database. This can provide valuable information about the target’s underlying infrastructure.
Command: nmap -O <target>
Ping Scan (-sn)
Command: nmap -sn <target>
Each scan type offers different capabilities and advantages depending on the goals of your network reconnaissance. It’s critical to choose the appropriate scan type based on your specific requirements and objectives.
Also Read: DNS Cache Flushing: Troubleshooting Guide for All Operating Systems
Nmap commands in Linux
After installing and using the Nmap, it is essential to be familiar with the Command-Line Interface to write scripts or use the Nmap commands correctly to perform the common automated tasks, sometimes in basic network monitoring if necessary.
Nmap functions can be done within a single command or “shortcut” commands. Here are some performances being done on Nmap (Nmap tutorial).
you can check our previous article on how to disable ping in Linux VPS.
2. Executing Host Scan
Distinct from the ping scan, the host scan could be executed by sending active request packets of ARP to the hosts within the network. When the host receives this, it will respond through an ARP but contain its information and address. Host scan will run under the command # nmap –sp <target IP range>. If there’s any unusual or suspicious host in the list, the command # nmap –sl <IP address> can be used to execute a DNS query to a specific host.
3. Executing Port Scan
Port scanning in Nmap comes in various ways based on the port they cover. Here are some Nmap commands used in port scanning:
- # sS TCP SYN scan
- # sT TCP connect scan
It actively asks search hosts and requests their responses. This port scanning command takes a longer time than an SYN scan to change more convenient and reliable data.
- # sU UDP scans
It is quite similar to the second port command in this list; however, it was used in scanning DNS by using UDP packets and is one of the useful tools to check vulnerabilities.
- # sY SCTP INIT scan
It covers SIGTRAN and SS7. It was also meant to avoid vulnerabilities or suspicions while scanning the external network due to the incomplete total SCTP process.
- # sN TCP Null
This command uses a ‘crenel’ in the TCP system wherein it could reveal or show the ports’ status even if it’s firewall protected.
4. Executing OS Scan
It is counted as one of the most essential and potent features that Nmap possessed. Performing this, it sends UDP and TCP packets to a specific port and analyzes its response which will be compared to over 2600 OS. To run the OS scanning, execute the command Nmap –O <target IP>
5. Most Popular Ports Scanning
6. File Output
Adding extensions to your commands helps get a copy of the outcomes of your Nmap scanning outputs is possible by the command The result in XML format is
7. Disabling Name Resolution of DNS
This is used to expedite the Nmap scanning, and you can use the –n to incapacitate the DNS resolution that is reversed. It is very convenient and useful if you’re going to a broad pool of network scanning. For example, if your want to disable the DNS resolution of ping scanning, add after the –sp; # nmap –sp –n 192.100.1.1/24
The Nmap installation is relatively easy, but it depends on the operating system you have.
There’s a Nmap custom installer; , download this and activate the said installer. It would automatically configure the Nmap on the system.
In macOS, Nmap has a dedicated installer. To start the installer, run the file. There are some cases or possibilities that you will encounter a warning regarding Nmap as an unidentified developer. However, you can skip the said warning.
What Are Nmap Ports?
In computer networking, ports serve as virtual endpoints that enable communication between devices over a network. They play a crucial role in the transmission of data, ensuring that the right information reaches the correct destination.
Each port is identified by a unique number, known as the port number, which helps in distinguishing between various types of network traffic. The Internet Assigned Numbers Authority (IANA) has standardized and assigned specific port numbers to commonly used protocols and services. These standardized port numbers make it easier for devices and applications to communicate with each other effectively.
Let’s take a closer look at the two main types of ports:
Transmission Control Protocol (TCP) Ports:
TCP ports are connection-oriented and provide reliable and ordered communication between devices. When data is transmitted over TCP, it is broken down into smaller chunks called packets. Each packet contains information about the source and destination ports, ensuring that the data arrives in the correct order and without any loss or corruption.
UDP ports, in contrast to TCP, are connectionless and provide faster but less reliable communication. When data is sent over UDP, it is divided into packets, similar to TCP. However, UDP does not establish a dedicated connection or perform error checking to ensure the delivery of packets.
It’s important to note that ports range from 0 to 65535, with certain port numbers reserved for specific purposes. The well-known ports, numbered from 0 to 1023, are commonly used by standard protocols and services. Registered ports that range from 1024 to 49151 are assigned by IANA for particular applications or services. Dynamic ports, from 49152 to 65535, are available for use by applications dynamically as needed.
By analyzing the open ports on a device, one can gain insights into the available services and potentially detect any unauthorized access or exposed services.
Nmap is a powerful command-line tool that can perform various network scanning tasks, including port scanning. It is available for multiple operating systems and provides a wide range of options and flexibility. Here’s a step-by-step guide on how to perform port scans with Nmap:
Step 1: Install Nmap: Start by installing Nmap on your operating system. You can download Nmap from the official website (https://nmap.org/) or use the package manager specific to your operating system.
Step 2: Identify the Target: Determine the IP address of the target system you wish to scan for open ports. For example, let’s say the target system’s IP address is 192.168.0.100.
nmap 192.168.0.100Replace “192.168.0.100” with the actual IP address of your target system. This command will initiate a scan on the target system and display a list of open ports and the services associated with them.
Also Read: Learn to use SCP Command in Linux (with Examples)
