Scribd
Upload
397 views2 pages

10 Practical Nmap Commands

If you are a network admin, these essential command-line tools should be at your finger tips when troubleshooting networks

Uploaded by

B.Jay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
397 views2 pages

10 Practical Nmap Commands

If you are a network admin, these essential command-line tools should be at your finger tips when troubleshooting networks

Uploaded by

B.Jay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

10 Practical ‘nmap’ Commands

Nmap is a tool used for determining the hosts that are running and what services the hosts are running.

n this article, we will cover some useful practical examples of Linux namp command. The primary Uses of
nmap is:

 Determining open ports and services running in an host


 Determine the Operating System running on a host
 Alter the source IP of the scan (One way is to use –S option)

Discover IP’s in a subnet


This command is commonly refereed to as a “ping scan”, and tells nmap to send an icmp echo request to all
hosts in the specified subnet.

$ nmap -sP 172.16.0.0/24

Check and Scan for open ports


This command is the default use of nmap allowing nmap to perform a DNS reverse lookup on the identified
IPs.

$ nmap 172.16.0.0/24 – Subnet


$ nmap 172.16.0.233 – Host

When scanning individual hosts, use the decoy mode:


e.g:
sudo nmap -n -D172.16.5.95,172.16.5.90,172.16.5.12,192.168.1.5 172.16.5.233

Identify the Operating System of a host


To identify the operating system of a host using nmap, you can do it with option -O.
$ sudo nmap -O 172.16.0.15

Scan TCP and UDP port


This command nmap -sS -sU -PN will check about 2000 common tcp and udp ports to see if they are
responding.

$ sudo nmap -sS -sU -PN 172.16.5.233

Scan TCP Connection


This command will ask the OS to establish a TCP connection to the 1000 common ports.
$ nmap -sT 172.16.0.14

Fast Scan
You can use this scan to check the most common 100 ports.
$ nmap -T4 -F 172.16.0.14

Aggressive and obtrusive Scan


Not like the earlier commands this scan is very aggressive and very obtrusive. The option -A will tell nmap to
perform OS checking and version checking. The -T4 is for the speed template, these templates are what tells
nmap how quickly to perform the scan.
$ nmap -T4 -A 172.16.0.0/24
Verbose [Use this!]
The last command is verbose. When you add verbose to the commands line above you will get a better info
into what nmap is doing and also get DNS name of Host.
$ nmap -T4 -A -v 172.16.0.16

e.g:

sudo nmap -T4 -A -v -D172.16.5.90,172.16.5.95,172.16.5.12,192.168.1.15


172.23.0.231

Scan for MAC Address


You can issue the same command to identify device MAC address
sudo nmap -T4 -A -v -D172.16.5.90,172.16.5.95,172.16.5.12,192.168.1.15
172.16.0.3

nmap -T4 -sP -D172.16.1.221,192.168.0.236,172.16.1.20 172.16.0.34

However, this only works if the device is in the same network with the scanning host. If you are scanning a
10.x.x.x network in 172.16.0.x network, MAC address won’t display

You might also like