Nmap is one of the most popular free and open-source command-line utility network scannings. Nmap can be used to discover hosts and service use by the system on the same network.
A Nmap tool helps you to audit local and remote server open ports and the network details.
It is available in all major operating system such as Windows, Linux, and macOS. There is another nmap product known as zenmap, which is GUI based version of nmap.
Today we guide you on using nmap in all major Linux distribution like port status, multiple hosts and, many more.
A use of Nmap scanning on the server without proper consent is illegal. If you want to scan first take the proper consent from the owner; otherwise, they can take legal action against you.
In this guide, we will scan nmap on the local network, and server provided by nmap “scanme.nmap.com”.
Table of Contents
Install Nmap on Your Linux System
Before moving toward command guide you should install nmap on your system, follow the guide on how to Install nmap on various distribution.
I hope you have installed nmap on the Linux system now I’ll share the nmap commands with you.
Nmap Command
1. Scan Open port using nmap command
If you want to check the open port on specific IPv4,or IPv6, and server name you can pass the following command
To Scan Port Status for IPv4 address
In this you need to type pass ip address of the following network in excerpt I have used my local network.
$ nmap 192.168.1.110
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 10:24 IST
Nmap scan report for server.trendoceans.com (192.168.1.110)
Host is up (0.00016s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
When you want to perform nmap port scanning quicky, then you need to add parameter “-F” stands for Fast mode, this will scan less port than normal.
$ nmap -F 192.168.1.110
To Scan Port Status for server name
When you want to check port status of specific server name,In this you need to replace ip address to server name that’s it.
$ nmap server.trendoceans.com
$ nmap scanme.nmap.com
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 10:42 IST
Nmap scan report for scanme.nmap.com (45.33.32.156)
Host is up (0.24s latency).
Other addresses for scanme.nmap.com (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
rDNS record for 45.33.32.156: scanme.nmap.org
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 49.24 seconds
To get more details about host
Using parameter -v stands for verbose will give the information of host in more details.
$ sudo nmap -v 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 12:40 IST
Initiating Ping Scan at 12:40
Scanning 45.33.32.156 [4 ports]
Completed Ping Scan at 12:40, 0.28s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:40
Completed Parallel DNS resolution of 1 host. at 12:40, 0.00s elapsed
Initiating SYN Stealth Scan at 12:40
Scanning scanme.nmap.org (45.33.32.156) [1000 ports]
Discovered open port 80/tcp on 45.33.32.156
Discovered open port 22/tcp on 45.33.32.156
Discovered open port 31337/tcp on 45.33.32.156
Discovered open port 9929/tcp on 45.33.32.156
Completed SYN Stealth Scan at 12:41, 14.41s elapsed (1000 total ports)
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.24s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
9929/tcp open nping-echo
31337/tcp open Elite
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 14.87 seconds
Raw packets sent: 1082 (47.584KB) | Rcvd: 1074 (42.964KB)
2. Scan for specific port
We can also scan specific port status on local or server machine, To check specific port status we have to use the parameter -p stands for the port, provide the hostname.
In this example I’ll check the port number 25 status.
$ nmap -p 25 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 10:51 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.42s latency).
PORT STATE SERVICE
25/tcp filtered smtp
Nmap done: 1 IP address (1 host up) scanned in 4.72 seconds
Scan for specific port range
The nmap command utility provides us to scan from the specific port range. In this example, I’ll scan the port from 1 to 100.
$ nmap -p 1-100 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 11:16 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.25s latency).
Not shown: 97 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 5.30 seconds
If you want to scan port in sequence manner you can use -r parameter to nmap command.
Scan Multiple port
When you want to scan multiple port you need to pass -p parameters next the port number that you want to scan and host name.
$ nmap -p 80,443 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 11:11 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.27s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds
2. Scan Multiple Hosts using Nmap
A nmap provides you to scan or audit multiple hosts at a single command. This command is useful when you have multiple hosts to audit at a specific server. There are many ways which you can scan multiple ports at the time we will list down below.
For example, I will use set of IP address to scan multiple host
$ nmap 45.33.32.156 45.33.32.157 45.33.32.158 45.33.32.159
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 11:33 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.26s latency).Not shown: 989 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
255/tcp filtered unknown
1027/tcp filtered IIS
5910/tcp filtered cm
9929/tcp open nping-echo
18988/tcp filtered unknown
31337/tcp open Elite
32777/tcp filtered sometimes-rpc17
49155/tcp filtered unknown
Nmap scan report for thirdmode.com (45.33.32.157)
Host is up (0.27s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
443/tcp open https
873/tcp open rsync
Nmap scan report for li982-158.members.linode.com (45.33.32.158)
Host is up (0.25s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap scan report for li982-159.members.linode.com (45.33.32.159)
Host is up (0.72s latency).
Not shown: 983 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
264/tcp filtered bgmp
311/tcp filtered asip-webadmin
888/tcp filtered accessbuilder
1027/tcp filtered IIS
1839/tcp filtered netopia-vo1
3905/tcp filtered mupdate
4444/tcp filtered krb524
7402/tcp filtered rtps-dd-mt
7676/tcp filtered imqbrokerd
8087/tcp filtered simplifymedia
10025/tcp filtered unknown
10566/tcp filtered unknown
30951/tcp filtered unknown
32784/tcp filtered unknown
Nmap done: 4 IP addresses (4 hosts up) scanned in 378.70 seconds
Scan Multiple Host using comma
In the above command I have type all the IP address one by one, If you don’t want to repeat the complete IP address you just need provide the ending address following , comma.
In the example I will scan port from 157 to 160 using comma.
$ nmap 45.33.32.156,157,158,159,160
Scan Multiple Host using wildcard *
When you want to scan complete subnet you just need to provide wildcard asterisk symbol.This process will take time to get result on your terminal screen.
$ nmap 45.33.32.*
Scan Multiple Host using range –
As you know, we can check the port status using range “-” hyphen, We can also scan multiple host instead of typing an IP address. You just need to provide a range from where to start and endpoint.
In this is example I’ll start range from 156 to 160
$ nmap 45.33.32.156-160
A result time depends upon the number of the range you have mentioned on a command.
Read this:- Notepadqq: Notepad++ alternative for Linux
3. Scan OS Information
This nmap command utility will discover the Operating System, detection, version detection, script scanning, and traceroute of the host IP.
To find out the Operating System details you need to pass parameters -A with the host details.
In this example I’ll pass the command as follow to detect the Operating System
$ nmap -A 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 12:19 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.24s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA)
| 2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA)
| 256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA)
|_ 256 33:fa:91:0f:e0:e1:7b:1f:6d:05:a2:b0:f1:54:41:56 (ED25519)
25/tcp filtered smtp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
|_http-favicon: Nmap Project
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: Go ahead and ScanMe!
9929/tcp open nping-echo Nping echo
31337/tcp open tcpwrapped
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 37.96 seconds
This command will show you more details than operating system like service which is running on active port.
When you want to Enable OS detection, you just need pass parameter -O this will find the Operating System Information.
This utility require sudo privileges to run on your terminal
$ sudo nmap -O 45.33.32.156
There are other parameters like -–osscan-limit will guess the operating system and –-osscan-guess will work in an aggressive manner to find OS Infor.
It may be the information which you receive from nmap is not accurate but It will give you the overview.
If you find the information is incorrect, which is discovered from nmap, you can report incorrect results at https://nmap.org/submit/.
4. Scan version info of running service
This command will help you to find which version of the application host is using. To check the version, you need to type a command with parameters -sV.
$ nmap -sV 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 12:54 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.24s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
25/tcp filtered smtp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
9929/tcp open nping-echo Nping echo
31337/tcp open tcpwrapped
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.94 seconds
You can use several parameters to detect version are as follows
–version-intensity <level> You can set the intensity to detect version 0 from light and 9 high intensity
$ nmap --version-intensity 5 45.33.32.156
- –version-trace Use to get detail version with the scan activity.
5. Scan to Detect Firewall Settings
You can check easily firewall setting of host server using nmap command utility this will ensure you don’t left the any loop holes.
To check firewall is enable require sudo privileges, type the command:
$ sudo nmap -sA 45.33.32.156
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-24 13:08 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.30s latency).
All 1000 scanned ports on scanme.nmap.org (45.33.32.156) are filtered
Nmap done: 1 IP address (1 host up) scanned in 271.21 seconds
In the above output will show all the port are filtered. It means the firewall is enabled on the host server.
That’s it for the nmap guide,There are many other command which you can use,If you want me to continue writing on nmap please comment me down.
A man with a tech effusive who has explored some of the amazing technology stuff and is exploring more. While moving towards, I had a chance to work on Android development, Linux, AWS, and DevOps with several open-source tools.
great work, can you make more article like this on nmap?
For sure, Keep supporting.