Nmap Command in Linux with Examples
Nmap is Linux command-line tool for network exploration and security auditing. This tool is generally used by hackers and cybersecurity enthusiasts and even by network and system administrators. It is used for the following purposes:
- Real time information of a network
- Detailed information of all the IPs activated on your network
- Number of ports open in a network
- Provide the list of live hosts
- Port, OS and Host scanning
Installing Nmap Command
In case of Debian/Ubuntu
sudo apt-get install nmap
In case of CentOS/RedHat
yum install nmap
Working with Nmap Command
1. To scan a System with Hostname and IP address. First, Scan using Hostname
Now let’s Scan using IP Address
The nmap command allows scanning a system in various ways. In this we are performing a scan using the hostname as “geeksforgeeks” and IP address “126.96.36.199”, to find all open ports, services, and MAC addresses on the system.
2. To scan using “-v” option.
nmap -v www.geeksforgeeks.org
It is used to get more detailed information about the remote machines.
3. To scan multiple hosts
nmap 188.8.131.52 184.108.40.206 220.127.116.11
We can scan multiple hosts by writing IP addresses or hostnames with nmap.
4. To scan whole subnet
We can scan a whole subnet or IP range with nmap by providing “*” with it. It will scan a whole subnet and give the information about those hosts which are Up in the Network.
5. To scan to detect firewall settings.
sudo nmap -sA 18.104.22.168
Detecting firewall settings can be useful during penetration testing and vulnerability scans. To detect it we use “-sA” option. This will provide you with information about firewall being active on the host. It uses an ACK scan to receive the information.
6. To identify Hostnames
sudo nmap -sL 22.214.171.124
We use “sL” option to find hostnames for the given host by completing a DNS query for each one. In addition to this “-n” command can be used to skip DNS resolution, while the “-R” command can be used to always resolve DNS.
7. To scan from a file
nmap -iL input.txt
If we have a long list of addresses that we need to scan, we can directly import a file through the command line. It will produce a scan for the given IP addresses.
8. To get some help
We use the “-h” option if we have any questions about nmap or any of the given commands. It shows the help section for nmap command, including giving information regarding the available flags.
9. Here -A Indicates Aggressive it will let Us Know The Extra Information’s like OS Detection (-O), version detection, script scanning (-sC), and traceroute (–traceroute) even it provides a lot of valuable information About The Host.
nmap -A <Domain Name>
10. Using This Command we can even Discover our Target Hosting Service or Identify Additional Targets According to our Needs For Quickly Tracing the Path.
nmap --trace out <Domain Name>
11. Here It Will Display The Operating System Where The Domain or Ip Address is Running But Will Not Display Exact Operating System Available On Computer. It Will Only Display The Chance of Operating System Available in The Computer. This Will Just Guess the Running Operating System (OS) in the Host.
nmap -O <Domain Name>