What is the nmap command used for?

nmap (Network Mapper) is a powerful tool for network discovery and security auditing. It can discover hosts, scan ports, detect operating systems, and identify services running on network devices.

How do I scan a single host for open ports?

Use 'nmap hostname' or 'nmap IP_address' to scan a single host. For more detailed port information, use 'nmap -p- hostname' to scan all 65535 ports, or 'nmap -sS -sV hostname' for service version detection.

What are the different scan types in nmap?

Common scan types include: -sS (TCP SYN scan), -sT (TCP connect scan), -sU (UDP scan), -sA (ACK scan), -sW (Window scan), and -sN (NULL scan). Each has different characteristics for stealth and detection avoidance.

nmap

Network discovery and security auditing tool

Syntax

nmap [scan type(s)] [options] {target specification}

Basic Usage

Scan a single host

nmap hostname

Performs a basic scan of the specified host.

Scan by IP address

nmap 192.168.1.1

Scan a network range

nmap 192.168.1.0/24

Scan multiple hosts

nmap host1 host2 host3

Common Options

-sS: TCP SYN scan (stealthy)
-sT: TCP connect scan
-sU: UDP scan
-sA: TCP ACK scan
-sN: TCP NULL scan
-sF: TCP FIN scan
-sX: TCP Xmas scan
-sV: Service version detection
-O: OS detection
-p: Specify ports to scan
-F: Fast scan (top 100 ports)
-A: Aggressive scan (OS, version, script)
-T: Timing template (0-5)
-v: Verbose output
-oN: Output to file
-oX: Output to XML file

Practical Examples

Basic host discovery

nmap -sn 192.168.1.0/24

Scan specific ports

nmap -p 22,80,443 hostname

Service version detection

nmap -sV hostname

OS detection

nmap -O hostname

Aggressive scan

nmap -A hostname

Fast scan of top ports

nmap -F hostname

UDP scan of common ports

nmap -sU -p 53,67,68,69,123,161 hostname

Save output to file

nmap -oN scan_results.txt hostname

Custom timing

nmap -T4 hostname

Scan Types

TCP Scans

-sS (SYN scan): Stealthy, doesn't complete connections
-sT (Connect scan): Completes full TCP handshake
-sA (ACK scan): Tests firewall rules
-sN (NULL scan): Sends packets with no flags
-sF (FIN scan): Sends packets with FIN flag
-sX (Xmas scan): Sets FIN, PSH, and URG flags

UDP Scans

-sU: Scans UDP ports (slower than TCP)
-sU -p 53,67,68: Scan specific UDP ports

Port States

open: Port is accepting connections
closed: Port is accessible but not accepting connections
filtered: Port is blocked by firewall
unfiltered: Port is accessible but nmap can't determine state
open|filtered: Port might be open or filtered
closed|filtered: Port might be closed or filtered

Best Practices

When to Use nmap

Network discovery and inventory
Security auditing and penetration testing
Network troubleshooting
Service monitoring and verification
Firewall and IDS testing

Important Warnings

Only scan networks you own or have permission to scan
Some scans may trigger security alerts
Aggressive scans can impact network performance
Always respect network policies and legal requirements
Use appropriate timing to avoid overwhelming targets