Home Learn Linux 10 nmap commands every Linux user should know

10 nmap commands every Linux user should know

nmap, a powerhouse in network scanning, boasts a wealth of functionality in Linux. Our guide sheds light on essential nmap commands, empowering you to proficiently analyze and secure your networks.

by Arun Kumar
By Arun Kumar
nmap commands linux

Nmap, which stands for Network Mapper, is a versatile and powerful tool that is essential for anyone who manages a network or is involved in cybersecurity. Its primary function is to scan a network and identify all connected devices, along with open ports and other network attributes. However, Nmap is more than just a simple scanner. It’s a comprehensive tool that can be customized to fit specific needs.

As a long-time Linux user, I have had the opportunity to explore and experiment with Nmap’s various features and functionalities. In this blog, I’ll share ten of my favorite Nmap commands, along with personal insights and tips. Whether you’re a seasoned cybersecurity expert or a beginner, this journey into the world of Nmap on Linux is sure to be informative and exciting.

Understanding nmap

Before diving into commands, let’s understand what nmap is. Standing for “Network Mapper,” nmap is a powerful open-source tool used for network discovery and security auditing. It can discover devices running on a network and find open ports along with various attributes of the network.

Installing nmap in Linux

Nmap is not installed by default on all Linux distributions. However, it is available in the package repositories of most major Linux distributions, so it can be easily installed.

To check if Nmap is installed on your Linux system, you can open a terminal window and type the following command:

nmap --version

If Nmap is installed, you will see a message like this:

Nmap 7.93 ( https://nmap.org )

If Nmap is not installed, you will see an error message like this:

nmap: command not found

If Nmap is not installed on your Linux system, you can install it using your distribution’s package manager.

Here are some examples of how to install Nmap on popular Linux distros:

  • Ubuntu: sudo apt install nmap
  • Fedora: sudo dnf install nmap
  • CentOS: sudo yum install nmap
  • Debian: sudo apt install nmap
  • Arch Linux: sudo pacman -S nmap

Once Nmap is installed, you can start using it to scan networks for open ports and services.

10 nmap command uses in Linux

1. Basic Nmap scan

Every beginner’s first step into the realm of Nmap starts with the basic scan. It’s the simplest way to scan a target IP or a range of IPs to find out which hosts are up and running.

Command:

nmap [target_IP]

Output:

Starting Nmap (https://nmap.org)
Nmap scan report for 192.168.1.1
Host is up (0.0011s latency).
Not shown: 995 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
443/tcp   open  https

2. Scan multiple IP addresses or subnets

I often find myself wanting to scan multiple hosts or even an entire subnet. This command is a lifesaver in such situations. It helps in getting a quick overview of the network.

Command:

nmap [IP1,IP2,IP3] or nmap [IP_range]

Output:

Nmap scan report for 192.168.1.1
Host is up (0.0012s latency).
...
Nmap scan report for 192.168.1.2
Host is up (0.0018s latency).
...

3. Scan with a specific port number

While I adore the basic scan, sometimes, I need to dig deep into a particular port. This command focuses on that very task. If you ever wonder about the status of a specific port, this is your go-to.

Command:

nmap -p [port_number] [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE
22/tcp   open   ssh

4. Detect OS and services

This is among my personal favorites. I cannot count how many times I’ve relied on it to determine the operating system and services of a mysterious device on the network.

Command:

nmap -O [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE  VERSION
22/tcp   open   ssh      OpenSSH 7.2p2 Ubuntu 4
80/tcp   open   http     Apache httpd 2.4.18
...
Aggressive OS guesses: Linux 3.x (95%), Linux 4.x (93%), ...

5. Fast scan

When I’m in a hurry, and who isn’t these days, the fast scan comes to the rescue. It checks fewer ports, thus speeding up the scan.

Command:

nmap -F [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http

6. Stealth scan (SYN scan)

This is the James Bond of scans. Stealthy and incognito! If you want to scan without ringing too many bells, this is the way.

Command:

nmap -sS [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http

7. UDP scan

Sometimes, I’ve had to venture beyond the TCP realm. This command is great for when you need insights into UDP ports.

Command:

nmap -sU [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE
53/udp   open   domain
123/udp  open   ntp

8. Aggressive scan

For those moments when you want all the information and you want it now! This scan gives a detailed overview, but I’d advise caution; it’s loud and might be detected.

Command:

nmap -A [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE   VERSION
22/tcp   open   ssh       OpenSSH 7.2p2 Ubuntu 4
80/tcp   open   http      Apache httpd 2.4.18
...

9. Vulnerability scan

As a security enthusiast, this holds a special place in my heart. This scan provides insights into potential vulnerabilities. However, remember always to have permission before scanning for vulnerabilities.

Command:

nmap --script vuln [target_IP]

Output:

Nmap scan report for 192.168.1.1
PORT     STATE  SERVICE
22/tcp   open   ssh
|_ ssh-vuln-cve2018-15473: VULNERABLE
80/tcp   open   http
|_ http-vuln-cve2017-5638: VULNERABLE

10. Saving the scan results

Lastly, what good is a scan if you cannot store its results? This command ensures that the outputs are saved for future reference.

Command:

nmap [target_IP] -oN outputfile.txt

You would not see an immediate output on the terminal, but the scan results will be saved in ‘outputfile.txt’.

Frequently Asked Questions (FAQs) on nmap

Navigating nmap’s capabilities often brings a myriad of questions. Let’s address some of the most common ones:

Why use nmap?

Answer: nmap is an indispensable tool for network discovery and security auditing. It provides a comprehensive view of open ports, active hosts, services, and even the operating system versions on the network, enabling both network admins and security professionals to secure and optimize their environments.

Is it legal to use nmap?

Answer: Using nmap in itself is legal. However, scanning networks that you don’t own or have explicit permission to scan is illegal in many jurisdictions. Always ensure you have proper authorization and are adhering to local laws and regulations.

Can nmap scans be detected?

Answer: While nmap offers “stealthy” scanning techniques, no method is entirely invisible. Intrusion Detection Systems (IDS) and some firewalls can detect even the most covert scans. It’s always wise to assume that your scan might be detected.

How long does an nmap scan typically take?

Answer: Scan duration varies widely based on the range of IPs, the type of scan, network conditions, and the number of ports scanned. While a basic scan on a local network might complete within minutes, more comprehensive scans can take hours or even longer.

What is the difference between TCP and UDP scans?

Answer: TCP and UDP are two primary transport protocols. TCP is connection-oriented, meaning it establishes a connection before transferring data, while UDP is connectionless and sends data without formal connections. nmap provides different scanning techniques for both, with TCP scans often being faster but more detectable, and UDP scans being slower but essential for services running on UDP.

How do I protect my network against nmap scans?

Answer: A few strategies include:

  • Using a good firewall to filter incoming traffic.
  • Employing an Intrusion Detection System to recognize and alert on scanning activities.
  • Regularly updating and patching systems to guard against known vulnerabilities.
  • Limiting the number of open ports and services running on network devices.

Conclusion

Nmap is a highly sophisticated and versatile tool that offers a plethora of commands to meet diverse needs. Whether you are a beginner or an advanced user, Nmap has got something to offer to everyone. From basic port scanning to more advanced network mapping and vulnerability detection, Nmap has it all. Its intuitive interface and powerful features make it a popular choice among security professionals worldwide. So, if you’re looking for a tool that can help you accomplish your network scanning goals, Nmap is the way to go.

You may also like

How to Properly Execute Shell Scripts in Linux

How to Get Detailed CPU Information on Your...

How to Easily Change the Hostname on Your...

How to Build a Random Word Generator with...

How to Use Systemctl to List All Services...

How to find the largest directories in Linux

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

fl_logo_v3_footer

ENHANCE YOUR LINUX EXPERIENCE.


FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

More About Us

MORE FROM US

Follow Us

Facebook Rss Envelope

Subscribe

Newsletter Subscribe
©2016-2023 FOSS LINUX

A PART OF VIBRANT LEAF MEDIA COMPANY.

ALL RIGHTS RESERVED.

“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.

@2023 - All Right Reserved.