🛠️

Nmap Overview and Usage

Jul 17, 2025

Overview

This lecture covers using Nmap to scan open ports on remote systems, details installation, command syntax, common options, and practical scan examples.

Installing Nmap

  • Nmap is not pre-installed on most Linux distributions.
  • Install Nmap via your package manager, e.g., sudo apt install nmap for Ubuntu.

Basic Nmap Port Scanning

  • Command syntax: nmap [options] [target(s)].
  • Scanning a specific IP: sudo nmap 192.168.0.1.
  • Scanning a hostname: sudo nmap example.com.

Commonly Used Nmap Options

  • -p-: Scans all 65,535 TCP and UDP ports.
  • -p [port]: Scan a specific port.
  • -p [1-n]: Scan a range of ports.
  • -p [port1,port2]: Scan multiple specific ports.
  • -sT: Scan only TCP ports.
  • -sU: Scan only UDP ports.
  • --top-ports [n]: Scan the top n most common ports.
  • -O: Identify the target's operating system.
  • -F: Fast scan of the top 100 ports.
  • -iL: Scan targets from a text file list.
  • -sV: Detect service and version on open ports.
  • -T[n]: Set scan timing (0=safest, 5=fastest/aggressive).
  • --exclude [host1,host2]: Exclude hosts from scan.

Practical Nmap Scan Examples

  • Scan multiple IPs: sudo nmap 192.168.0.1 192.168.0.2.
  • Scan IP range: sudo nmap 192.168.200.1-10.
  • Ping scan subnet: sudo nmap 192.168.200.1/24.
  • Scan IPs from a file: sudo nmap -iL users.txt.
  • Scan specific ports: sudo nmap -p 22 192.168.200.1.
  • Scan port range: sudo nmap -p 1-100 192.168.200.1.
  • Fast scan: sudo nmap -F 192.168.200.1.
  • Scan all ports: sudo nmap -p- 192.168.200.1 or sudo nmap -p "*" for all.
  • TCP scan: sudo nmap -sT 192.168.200.1.
  • UDP scan: sudo nmap -sU 192.168.200.1.
  • Check OS: sudo nmap -O 192.168.10.1.
  • Detailed system info: sudo nmap -A 192.163.43.103.
  • Top ports scan: sudo nmap --top-ports 100 target.
  • Aggressive scan speed: sudo nmap -T5 example.com.

Nmap Scripting Engine

  • Automate scans with scripts, e.g., vulnerability scan: sudo nmap -Pn --script vuln 127.0.0.1.

Key Terms & Definitions

  • Nmap — Open-source network scanning tool for discovering open ports and services.
  • Port — Endpoint for communication on a networked device.
  • TCP/UDP — Transmission Control Protocol/User Datagram Protocol, types of network communication.
  • Subnet — Subdivision of an IP network.
  • Ping Scan — Checks which hosts are alive.
  • Timing Template — Option to adjust scan speed/aggressiveness.
  • Nmap Scripting Engine (NSE) — Feature allowing custom or predefined scan scripts.

Action Items / Next Steps

  • Practice running basic and advanced Nmap scans on a test system (e.g., scanme.nmap.org).
  • Review Nmap option flags and try combining multiple options.
  • Explore writing or using NSE scripts for common security checks.

View note source

https://linuxopsys.com/use-nmap-to-scan-ports