Introduction to Linux - A Hands on Guide | Linux Bible | Linux From Scratch | A Newbie's Getting Started Guide to Linux | Linux Command Line Cheat Sheet | More Linux eBooks



Sunday, 14 July 2013

Linux Command : "NMAP"


nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap  
One might be curious to understand how network intruders get to know which ports are open on a computer? Or may be how they detect which services are being run by the system that too without any prior permission of network admin. Well, anybody can do this stuff and even more than this using an easy-to-use utility called Nmap.

Nmap is short for "Network MAPper," nmap is a port scanner used by network security experts, network researchers and network admins. It is often used for security scanning, simply to determine which services the system is running, to take the records of the operating system and various applications running on a system, the version of firewall a system is utilizing, or to have a quick inspection of the local network. In brief, a very useful tool to deal with.

This article explains several Nmap Scans,  techniques, knowing the intentions and objectives of every scan , pluses and minuses over other such similar scanning tools, which might be better at escaping from firewalls and much more.

Basic Usage

The fundamental syntax of nmap command is as follows :

nmap [Scan Type] [Options] [Target]

To begin with, let's consider that we want to know which operating system is running on our computer system. To do this, use following command-

nmap -O target.host.com

nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap


Of course, you will need root privileges to run this command along with some patience.

The most basic and default scan among all, the one which doesn't use any parameters but the target is your local IP address.

sudo nmap 10.10.6.204

nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap


One can also add multiple IP addresses with a space after each complete IP address.

sudo nmap 10.10.6.75 10.10.6.180 10.10.6.204



nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap nmap


Prior to scanning any target port, Nmap will try to transmit ICMP request to check whether the remote system is active. This will save time at the time of scanning a number of hosts as nmap don't waste time in making attempts to explore the hosts that are offline.

Don’t ping -PN

 If we use this option, nmap simply won’t send any ICMP echo requests to the target/s.

sudo nmap -PN 10.10.6.204

nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command,



Only Ping scan -sP


This option will start executing simple ping scan of the target host.

sudo nmap -sP 10.10.6.204

nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command,


This type of scan is helpful when we want to perform a quick survey of the target network to observe the hosts that are active, without any need to scan the target hosts for open ports.

ARP Ping scan


This –PR option will start to execute an ARP (Address Resolution Protocol) ping scan on the specified target host.

sudo nmap –PR 10.10.6.204


nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command,


-PR option is applied by default at the time of scanning the local network. This sort of search is much quicker than other ping processes. As LAN hosts can not block ARP requests, this method is more appropriate to be used.

NOTE: ARP Ping scan will work only on those targets which are in your subnet range.

Port Scanning Choices

Fast scan

The –F option will execute a scan for only 100 ports that are  used most frequently.

sudo nmap –F 10.10.6.204

nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command,


Typically, nmap will scan the 1000 most frequently used ports. This option decreases  that to 100 which improves the port scanning speed drastically.

Scan only specific ports

The -p option will inform nmap to scan the specific port(s).

To check if the http port is open:

sudo nmap –p 80 10.10.6.204

You may also scan several ports by separating the port numbers with a comma (,). You can also mention a port range to be scanned with the use of hyphen (-).


sudo nmap –p 22,23,443,50-100 10.10.6.204

Above command will scan ports 22, 23, 443 and ports ranging from 50 to 100 and will show only OPEN ports among them.

Scan Ports by name

We can also use -p option to scan well-known ports by their names.

nmap -p telnet,ftp 10.10.6.204

Above command will scan telnet (23) and ftp (21) ports and show their status.

All Ports Scan


The -p option along with a  “*” is used to scan all the TCP/IP ports (which are 65,535 in number) on the target host.

nmap -p “*” 10.10.6.204

Select TCP or UDP protocol


Finally, using option -p we may also select some ports to scan depending upon which protocol they use- either TCP or UDP.

nmap -p T:100-1000 10.10.6.204

nmap -p U:100-1000 10.10.6.204
In examples a port range with (T), that implies TCP only, is specified. We can also mention U in case we want to scan UDP ports.

Service version detection

 The -sV option is used to determine version of different services running on a host.

nmap -sV 10.10.6.204

nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command, nmap command,



This finishes an overview of a most commonly used Linux command by network experts - NMAP and it's parameters that are frequently used.



1 comment: