Nmap, short for “Network Mapper”, is a free and open-source tool used for network discovery and security auditing. It can be used to detect hosts and services on a network by creating and analyzing raw packets. This tutorial covers basic to intermediate use of Nmap.
System Requirements
- Computer running a Linux distribution (for this tutorial), Windows, or macOS
- Sufficient privileges to install software and run network scans (usually root or administrator)
Step 1: Installation
For Debian-based Linux distributions (like Ubuntu), use the following command to install Nmap:
[coding-blocks block=”nmaptutorial1″]
For other operating systems, you can find instructions on the official Nmap download page.
Step 2: Basic Scan
To perform a basic scan, you can use the command:
[coding-blocks block=”nmap-tutorial-2″]
Replace [target] with the IP address or domain name of the machine you want to scan.
Example:
[coding-blocks block=”nmap-tutorial-3″]
This will perform a basic SYN scan on the target and list out the open ports and running services.
Step 3: Scan Multiple Targets
You can scan multiple targets by separating them with spaces:
[coding-blocks block=”nmap-tutorial-4″]
Or you can scan a range of IPs:
[coding-blocks block=”nmap-tutorial-5″]
Step 4: Scan Types
Nmap can perform different types of scans. The most common are SYN scan (-sS), TCP connect scan (-sT), and UDP scan (-sU). For instance, to perform a TCP scan:
[coding-blocks block=”nmap-tutorial-6″]
Step 5: Port Selection
By default, Nmap scans the 1,000 most common ports for each protocol. You can specify a different set of ports with the -p option:
[coding-blocks block=”nmap-tutorial-7″]
Step 6: Detect OS and Services
You can detect the operating system and services running on a target with the -O and -sV options:
[coding-blocks block=”nmap-tutorial-8″]
Step 7: Save Scan Results
You can save the output of your scan to a text file using the -oN option:
[coding-blocks block=”nmap-tutorial-9″]
Step 8: Stealthy Scanning
To perform a scan without being detected by most intrusion detection systems, use the -T (timing) and -Pn (skip host discovery) options:
[coding-blocks block=”nmap-tutorial-10″]
Step 9: Script Scanning
Nmap has a scripting engine for more advanced scanning scenarios. To use a script, use the –script option:
[coding-blocks block=”nmap-tutorial-11″]
Conclusion
This tutorial covered only the basic and some intermediate features of Nmap. As a powerful network analysis tool, Nmap has many more features and options. Refer to the Nmap documentation or the man page (man nmap in a terminal) for more information.
- Remember to always use tools like Nmap responsibly. Unauthorized scanning can be illegal and unethical. Always have permission to scan any network or system.
