bsdnerds logo

bsdnerds.org

8 nmap commands for linux sys admins

Nmap or Network Mapper represents an open source Linux command line tool meant to offer proper network exploration and security auditing. To get a proper understanding on how to use Nmap, here are the main Nmap commands used in Linux.

If you want to master nmap and other commands, I recommend these exercises

1 Nmap command for scanning open ports

One of the most frequent commands associated with Nmap is the scanning pre-set. It can make use of server names, IPV4 or IPV6 addresses, while a basic command can lead to data about a specific host. To do so, you will have to use the command:

nmap subdomain.server.com

2 Search through several hosts

Nmap can allow you to scan several locations at the same time. This is quite helpful for advanced network infrastructures. There are several approaches to this type of scan, but one of the most popular is:

nmap 192.168.0.1 192.168.0.2 192.168.0.3

3 Searching for OS data

Besides the general data you can access via Nmap command, you can always request individual or personalized info in regards to OS, script, traceroute or version detection. Keep in mind that the results can or cannot be accurate. The basic command for accessing such data is:

nmap -A 192.168.0.1

The -A flag is meant to provide info about the OS of the hosts mapped, and it can be used with other Nmap commands like -O flag. This command is the one that enables OS identification:

nmap -O 192.168.0.1

4 Identify firewall settings

Another useful command in Nmap is the one allowing scanning for Firewall settings. This is especially helpful when it comes to vulnerability scans. The command is:

nmap -sA 192.168.0.1

whereas the -sA flag is an indication that a firewall is active on the host.

5 Identify ports

Port scanning is a common utility accessed via Nmap, and there are different commands that can be used for it:

nmap -p 443 192.168.0.1

The -p flag is followed by a port number, to access specific data on a hosts port

nmap -p T:8888,443 192.168.0.1

introducing the port type in front of the port itself, allows accessing data about a specific type of connection

scan for open network ports with nmap

6 Scan in Stealth mode

For those that require a stealthy scan, the following Nmap command will do the job:

nmap -sS 192.168.0.1

the -sL flag is meant to spot the hostnames, and complete a DNS query for each.

7 Scan from a file

If you are in a situation in which you will have to go through a broad list of addresses, you can import a file via a command line in Nmap:

nmap -iL /file.txt

this will result in a scan for the selected IP addresses, being useful for those that have a set of hosts for which is required a reference.

8 Scan IPv6 addresses

Nmap command allows scanning for IPv6, and it needs a flag to do so:

nmap -6 ::ffff:c0a8:1

the -6 flag is standard for telling Nmap that you attempt to access data related to an IPv6 address.

9 Scan to identify active servers

Nmap allows you to ping active servers via the -sP command:

nmap -sP 192.168.0.0/24