30 Nmap Command Examples from nixCraft
Userful for Sys/Network Admins
The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.
The post propose a course of 30 commands that exposes the main features of nmap:
- Scan a single host or an IP address (IPv4)
- Scan multiple IP address or subnet (IPv4)
- Read list of hosts/networks from a file (IPv4)
- Excluding hosts/networks (IPv4)
- Turn on OS and version detection scanning script (IPv4)
- Find out if a host/network is protected by a firewall
- Scan a host when protected by the firewall
- Scan an IPv6 host/address
- Scan a network and find out which servers and devices are up and running
- How do I perform a fast scan?
- Display the reason a port is in a particular state
- Only show open (or possibly open) ports
- Show all packets sent and received
- Show host interfaces and routes
- How do I scan specific ports?
- The fastest way to scan all your devices/computers for open ports ever
- How do I detect remote operating system?
- How do I detect remote services (server / daemon) version numbers?
- Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
- Scan a host using IP protocol ping
- Scan a host using UDP ping
- Find out the most commonly used TCP ports using TCP SYN Scan
- Scan a host for UDP services (UDP scan)
- Scan for IP protocol
- Scan a firewall for security weakness
- Scan a firewall for packets fragments
- Cloak a scan with decoys
- Scan a firewall for MAC address spoofing
- How do I save output to a text file?
- Not a fan of command line tools?
Yes, the last point isn’t a real command, but a tip to install a graphical frontend for Nmap, Zenmap:
$ sudo apt-get install zenmap