nmap is a network mapping utility that you can use to gather information regarding the nodes on your network. With nmap, you can perform port scanning, OS fingerprinting, and more! In this tutorial, you’ll learn the basics of using nmap.
nmap cheat sheet
Installing nmap
Debian/Ubuntu:
sudo apt install nmapArch Linux
pacman -S nmapAlma Linux, CentOS, Fedora, Rocky Linux, Red Hat (etc)
sudo dnf install nmapViewing the version number of the installed nmap
nmap -vScan an IP address or fully-qualified domain name
Note: IP addresses shown for example purposes only
nmap 172.16.249.2nmap myhost.mydomain.comScan an IP address or fully-qualified domain name, and show more verbose output
nmap -v 172.16.249.2Scan multiple IP addresses
nmap 172.16.249.2 172.16.249.6Scan a range of IP addresses
nmap 172.16.249.2-6Scan a range of IP addresses, but exclude a single IP address
nmap 172.16.249.2-6 --exclude 172.16.249.4View service and version information for individual ports on a host
nmap -sV 172.16.249.4Attempt to determine the operating system of a host
nmap -A 10.10.10.21Scan an entire subnet
nmap 10.10.30.0/24Determine if a host or network is behind a firewall
nmap -sA 172.16.254.10View condensed output for a host
nmap -sP 10.10.30.0/24Scan a host that’s behind a firewall
nmap -PN 172.16.254.10Perform a fast scan (not as accurate on slower networks)
nmap -T5 10.10.30.0/24Display the reason a port is in the state that it’s in
nmap --reason 192.168.1.1Show incoming and outgoing packets
nmap --packet-trace 172.16.254.10Show host network and route info
nmap --iflistScan a specific port
nmap -p 80 172.16.249.2Scan a specific port (and specify TCP)
nmap -p T:80 172.16.249.2Scan a specific port (and specify UDP)
nmap -p U:80 172.16.249.2Scan more than one specific port
nmap -p 80,443 172.16.254.10Scan a range of ports
nmap -p 80-200 172.16.254.10