Nmap, short for “Network Mapper”, is a free and open-source tool used for network discovery and security auditing. It can be used to detect hosts and services on a network by creating and analyzing raw packets. This tutorial covers basic to intermediate use of Nmap.
- Computer running a Linux distribution (for this tutorial), Windows, or macOS
- Sufficient privileges to install software and run network scans (usually root or administrator)
Step 1: Installation
For Debian-based Linux distributions (like Ubuntu), use the following command to install Nmap:
For other operating systems, you can find instructions on the official Nmap download page.
Step 2: Basic Scan
To perform a basic scan, you can use the command:
Replace [target] with the IP address or domain name of the machine you want to scan.
This will perform a basic SYN scan on the target and list out the open ports and running services.
Step 3: Scan Multiple Targets
You can scan multiple targets by separating them with spaces:
Or you can scan a range of IPs:
Step 4: Scan Types
Nmap can perform different types of scans. The most common are SYN scan (-sS), TCP connect scan (-sT), and UDP scan (-sU). For instance, to perform a TCP scan:
Step 5: Port Selection
By default, Nmap scans the 1,000 most common ports for each protocol. You can specify a different set of ports with the -p option:
Step 6: Detect OS and Services
You can detect the operating system and services running on a target with the -O and -sV options:
Step 7: Save Scan Results
You can save the output of your scan to a text file using the -oN option:
Step 8: Stealthy Scanning
To perform a scan without being detected by most intrusion detection systems, use the -T (timing) and -Pn (skip host discovery) options:
Step 9: Script Scanning
Nmap has a scripting engine for more advanced scanning scenarios. To use a script, use the –script option:
This tutorial covered only the basic and some intermediate features of Nmap. As a powerful network analysis tool, Nmap has many more features and options. Refer to the Nmap documentation or the man page (man nmap in a terminal) for more information.
- Remember to always use tools like Nmap responsibly. Unauthorized scanning can be illegal and unethical. Always have permission to scan any network or system.