Network Mapper or NMAP is powerful open source network scanner, which may scan network hosts, subnets and ports. NMAP may be used as CLI tool or with GUI (Zenmap). Today we show how it works in command line interface.
How to install in Debian-like systems:
sudo apt install nmap -y After installation complete, check with nmap --help command:
user@localhost:~$ nmap --help Nmap 7.93 ( https://nmap.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} ... Host scanning. In case you want to scan one network node just give it's IP address or domain name to NMAP:
nmap 192.168.8.198 Result:
user@localhost:~$ nmap 192.168.8.198 Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:15 +05 Nmap scan report for 192.168.8.198 Host is up (0.00015s latency). Not shown: 999 closed tcp ports (conn-refused) PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds Here we see opened and listen 80 port.
For getting more information about target try agressive scan using -A key:
nmap -A example.com Result:
user@localhost:~$ nmap -A example.com Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:17 +05 Nmap scan report for example.com (93.184.215.14) Host is up (0.24s latency). Other addresses for example.com (not scanned): 2606:2800:21f:cb07:6820:80da:af6b:8b2c Not shown: 996 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http ECAcc (dcd/7D26) |_http-title: Example Domain | fingerprint-strings: | GetRequest: | HTTP/1.0 404 Not Found | Content-Type: text/html | Date: Sun, 15 Dec 2024 14:18:07 GMT | Server: ECAcc (dcd/7D26) | Content-Length: 345 | Connection: close | <?xml version="1.0" encoding="iso-8859-1"?> | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> ... Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 93.92 seconds Lets try with disabled ping-requests. -Pn key disable ping requests, for example if you want pass firewall unnoticed:
nmap -A -Pn 192.168.8.180 Result:
user@localhost:~$ nmap -A -Pn 192.168.8.180 Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:21 +05 Nmap scan report for 192.168.8.180 Host is up (0.0086s latency). Not shown: 980 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 21/tcp filtered ftp 23/tcp filtered telnet 80/tcp filtered http 110/tcp filtered pop3 113/tcp filtered ident 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 143/tcp filtered imap 199/tcp filtered smux 256/tcp filtered fw1-secureremote 445/tcp filtered microsoft-ds 554/tcp filtered rtsp 995/tcp filtered pop3s 1025/tcp filtered NFS-or-IIS 2638/tcp filtered sybase 3306/tcp filtered mysql 3389/tcp filtered ms-wbt-server 5900/tcp filtered vnc 8888/tcp filtered sun-answerbook 9011/tcp filtered d-star Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 2.64 seconds Scan entire subnet. This command return scan results from 192.168.8.1 to 192.168.8.255:
nmap 192.168.8.0/24 Finding MAC addresses of connected devices:
sudo nmap -sP 192.168.8.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort Result:
user@localhost:~$ sudo nmap -sP 192.168.8.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort 192.168.8.198 => XX:XX:XX:XX:XX:XX 192.168.8.150 => XX:XX:XX:XX:XX:XX 192.168.8.8 => XX:XX:XX:XX:XX:XX These methods may be used for operation system or firmware version detection:
sudo nmap -v -Pn -O 192.168.8.110 sudo nmap -vv -O 192.168.8.110 sudo nmap -T4 -A 192.168.8.110 sudo nmap -sV 192.168.8.110 
Top comments (0)