Nmap or Network Mapper represents an open source Linux command line tool meant to offer proper network exploration and security auditing. To get a proper understanding on how to use Nmap, here are the main Nmap commands used in Linux.
If you want to master nmap and other commands, I recommend these exercises
One of the most frequent commands associated with Nmap is the scanning pre-set. It can make use of server names, IPV4 or IPV6 addresses, while a basic command can lead to data about a specific host. To do so, you will have to use the command:
Nmap can allow you to scan several locations at the same time. This is quite helpful for advanced network infrastructures. There are several approaches to this type of scan, but one of the most popular is:
nmap 192.168.0.1 192.168.0.2 192.168.0.3
Besides the general data you can access via Nmap command, you can always request individual or personalized info in regards to OS, script, traceroute or version detection. Keep in mind that the results can or cannot be accurate. The basic command for accessing such data is:
nmap -A 192.168.0.1
The -A flag is meant to provide info about the OS of the hosts mapped, and it can be used with other Nmap commands like -O flag. This command is the one that enables OS identification:
nmap -O 192.168.0.1
Another useful command in Nmap is the one allowing scanning for Firewall settings. This is especially helpful when it comes to vulnerability scans. The command is:
nmap -sA 192.168.0.1
whereas the -sA flag is an indication that a firewall is active on the host.
Port scanning is a common utility accessed via Nmap, and there are different commands that can be used for it:
nmap -p 443 192.168.0.1
-p flag is followed by a port number, to access specific data on a hosts port
nmap -p T:8888,443 192.168.0.1
introducing the port type in front of the port itself, allows accessing data about a specific type of connection
For those that require a stealthy scan, the following Nmap command will do the job:
nmap -sS 192.168.0.1
the -sL flag is meant to spot the hostnames, and complete a DNS query for each.
If you are in a situation in which you will have to go through a broad list of addresses, you can import a file via a command line in Nmap:
nmap -iL /file.txt
this will result in a scan for the selected IP addresses, being useful for those that have a set of hosts for which is required a reference.
Nmap command allows scanning for IPv6, and it needs a flag to do so:
nmap -6 ::ffff:c0a8:1
the -6 flag is standard for telling Nmap that you attempt to access data related to an IPv6 address.
Nmap allows you to ping active servers via the
nmap -sP 192.168.0.0/24