Scribd
Upload
460 views27 pages

Top 30 Nmap Command Examples For Sys - Network Admins

Nmap Command Examples For Sys_Network Admins

Uploaded by

oluninjaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
460 views27 pages

Top 30 Nmap Command Examples For Sys - Network Admins

Nmap Command Examples For Sys_Network Admins

Uploaded by

oluninjaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

ME NU

nixCraft
LinuxTips,Hacks,Tutorials,AndIdeasInBlog

Top30NmapCommandExamplesForSys/Network
Admins
byV I V E K GI TE onNOV E MB E R 26, 2012 las t updat ed DE CE MB E R 11, 2012
inCOMMA ND LI NE HA CK S ,HOWTO,NE TWORK I NG,S E CURI TY

mapisshortforNetworkMapper.Itisanopensourcesecuritytoolfornetwork
exploration,securityscanningandauditing.However,nmapcommandcomes

withlotsofoptionsthatcanmaketheutilitymorerobustanddifficulttofollowfornew
users.

Thepurposeofthispostistointroduceausertothenmapcommandlinetooltoscana
hostand/ornetwork,sotofindoutthepossiblevulnerablepointsinthehosts.Youwill
alsolearnhowtouseNmapforoffensiveanddefensivepurposes.

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

1/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

nmapinaction

Moreaboutnmap
Fromthemanpage:
Nmap(NetworkMapper)isanopensourcetoolfornetworkexplorationand
securityauditing.Itwasdesignedtorapidlyscanlargenetworks,althoughitworks
fineagainstsinglehosts.NmapusesrawIPpacketsinnovelwaystodetermine
whathostsareavailableonthenetwork,whatservices(applicationnameand
version)thosehostsareoffering,whatoperatingsystems(andOSversions)they
arerunning,whattypeofpacketfilters/firewallsareinuse,anddozensofother
characteristics.WhileNmapiscommonlyusedforsecurityaudits,manysystems
andnetworkadministratorsfinditusefulforroutinetaskssuchasnetworkinventory,
managingserviceupgradeschedules,andmonitoringhostorserviceuptime.

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

2/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

ItwasoriginallywrittenbyGordonLyonanditcananswerthefollowingquestions
easily:
1. Whatcomputersdidyoufindrunningonthelocalnetwork?
2. WhatIPaddressesdidyoufindrunningonthelocalnetwork?
3. Whatistheoperatingsystemofyourtargetmachine?
4. Findoutwhatportsareopenonthemachinethatyoujustscanned?
5. Findoutifthesystemisinfectedwithmalwareorvirus.
6. Searchforunauthorizedserversornetworkserviceonyournetwork.
7. Findandremovecomputerswhichdontmeettheorganizationsminimumlevelof
security.

Samplesetup(LAB)
Portscanningmaybeillegalinsomejurisdictions.Sosetupalabasfollows:

++
++|Network|++
|server1|+swtich+|server2|
++|(sw0)|++
+++
|
|
+++
|wks01Linux/OSX|
++

Where,
wks01isyourcomputereitherrunningLinux/OSXorUnixlikeoperatingsystem.It
isusedforscanningyourlocalnetwork.Thenmapcommandmustbeinstalledon
thiscomputer.
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

3/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

server1canbepoweredbyLinux/Unix/MSWindowsoperatingsystems.Thisis
anunpatchedserver.Feelfreetoinstallafewservicessuchasawebserver,file
serverandsoon.
server2canbepoweredbyLinux/Unix/MSWindowsoperatingsystems.Thisisa
fullypatchedserverwithfirewall.Again,feelfreetoinstallfewservicessuchasa
webserver,fileserverandsoon.
Allthreesystemsareconnectedviaswitch.

HowdoIinstallnmap?
See:
1. Debian/UbuntuLinux:InstallnmapSoftwareForScanningNetwork
2. CentOS/RHEL:InstallnmapNetworkSecurityScanner
3. OpenBSD:InstallnmapNetworkSecurityScanner

#1:ScanasinglehostoranIPaddress(IPv4)
###Scanasingleipaddress###
nmap192.168.1.1

##Scanahostname###
nmapserver1.cyberciti.biz

##Scanahostnamewithmoreinfo###
nmapvserver1.cyberciti.biz

Sampleoutputs:

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

4/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Fig.01:nmapoutput

#2:ScanmultipleIPaddressorsubnet(IPv4)
nmap192.168.1.1192.168.1.2192.168.1.3
##workswithsamesubneti.e.192.168.1.0/24
nmap192.168.1.1,2,3

YoucanscanarangeofIPaddresstoo:

nmap192.168.1.120

YoucanscanarangeofIPaddressusingawildcard:

nmap192.168.1.*

Finally,youscananentiresubnet:

nmap192.168.1.0/24

#3:Readlistofhosts/networksfromafile(IPv4)
TheiLoptionallowsyoutoreadthelistoftargetsystemsusingatextfile.Thisisuseful
toscanalargenumberofhosts/networks.Createatextfileasfollows:
cat>/tmp/test.txt

Sampleoutputs:
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

5/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

server1.cyberciti.biz
192.168.1.0/24
192.168.1.1/24
10.1.2.3
localhost

Thesyntaxis:

nmapiL/tmp/test.txt

#4:Excludinghosts/networks(IPv4)
Whenscanningalargenumberofhosts/networksyoucanexcludehostsfromascan:

nmap192.168.1.0/24exclude192.168.1.5
nmap192.168.1.0/24exclude192.168.1.5,192.168.1.254

ORexcludelistfromafilecalled/tmp/exclude.txt

nmapiL/tmp/scanlist.txtexcludefile/tmp/exclude.txt

#5:TurnonOSandversiondetectionscanningscript(IPv4)
nmapA192.168.1.254
nmapvA192.168.1.1
nmapAiL/tmp/scanlist.txt

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

6/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

#6:Findoutifahost/networkisprotectedbyafirewall
nmapsA192.168.1.254
nmapsAserver1.cyberciti.biz

#7:Scanahostwhenprotectedbythefirewall
nmapPN192.168.1.1
nmapPNserver1.cyberciti.biz

#8:ScananIPv6host/address
The6optionenableIPv6scanning.Thesyntaxis:

nmap6IPv6AddressHere
nmap6server1.cyberciti.biz
nmap62607:f0d0:1002:51::4
nmapvA62607:f0d0:1002:51::4

#9:Scananetworkandfindoutwhichserversanddevicesareupand
running
Thisisknownashostdiscoveryorpingscan:

nmapsP192.168.1.0/24

Sampleoutputs:

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

7/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Host192.168.1.1isup(0.00035slatency).
MACAddress:BC:AE:C5:C3:16:93(Unknown)
Host192.168.1.2isup(0.0038slatency).
MACAddress:74:44:01:40:57:FB(Unknown)
Host192.168.1.5isup.
Hostnas03(192.168.1.12)isup(0.0091slatency).
MACAddress:00:11:32:11:15:FC(SynologyIncorporated)
Nmapdone:256IPaddresses(4hostsup)scannedin2.80second

#10:HowdoIperformafastscan?
nmapF192.168.1.1

#11:Displaythereasonaportisinaparticularstate
nmapreason192.168.1.1
nmapreasonserver1.cyberciti.biz

#12:Onlyshowopen(orpossiblyopen)ports
nmapopen192.168.1.1
nmapopenserver1.cyberciti.biz

#13:Showallpacketssentandreceived
nmappackettrace192.168.1.1
nmappackettraceserver1.cyberciti.biz

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

8/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

14#:Showhostinterfacesandroutes
Thisisusefulfordebugging(ipcommandorroutecommandornetstatcommandlike
outputusingnmap)

nmapiflist

Sampleoutputs:
StartingNmap5.00(http://nmap.org)at2012112702:01IST
************************INTERFACES************************
DEV(SHORT)IP/MASKTYPEUPMAC
lo(lo)127.0.0.1/8loopbackup
eth0(eth0)192.168.1.5/24ethernetupB8:AC:6F:65:31:E5
vmnet1(vmnet1)192.168.121.1/24ethernetup00:50:56:C0:00:01
vmnet8(vmnet8)192.168.179.1/24ethernetup00:50:56:C0:00:08
ppp0(ppp0)10.1.19.69/32point2pointup

**************************ROUTES**************************
DST/MASKDEVGATEWAY
10.0.31.178/32ppp0
209.133.67.35/32eth0192.168.1.2
192.168.1.0/0eth0
192.168.121.0/0vmnet1
192.168.179.0/0vmnet8
169.254.0.0/0eth0
10.0.0.0/0ppp0
0.0.0.0/0eth0192.168.1.2

#15:HowdoIscanspecificports?
nmapp[port]hostName
##Scanport80
nmapp80192.168.1.1

##ScanTCPport80
nmappT:80192.168.1.1

##ScanUDPport53
nmappU:53192.168.1.1

##Scantwoports##
nmapp80,443192.168.1.1

##Scanportranges##
nmapp80200192.168.1.1

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

9/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

##Combinealloptions##
nmappU:53,111,137,T:2125,80,139,8080192.168.1.1
nmappU:53,111,137,T:2125,80,139,8080server1.cyberciti.biz
nmapvsUsTpU:53,111,137,T:2125,80,139,8080192.168.1.254

##Scanallportswith*wildcard##
nmapp"*"192.168.1.1

##Scantopportsi.e.scan$numbermostcommonports##
nmaptopports5192.168.1.1
nmaptopports10192.168.1.1

Sampleoutputs:
StartingNmap5.00(http://nmap.org)at2012112701:23IST
Interestingportson192.168.1.1:
PORTSTATESERVICE
21/tcpclosedftp
22/tcpopenssh
23/tcpclosedtelnet
25/tcpclosedsmtp
80/tcpopenhttp
110/tcpclosedpop3
139/tcpclosednetbiosssn
443/tcpclosedhttps
445/tcpclosedmicrosoftds
3389/tcpclosedmstermserv
MACAddress:BC:AE:C5:C3:16:93(Unknown)

Nmapdone:1IPaddress(1hostup)scannedin0.51seconds

#16:Thefastestwaytoscanallyourdevices/computersforopen
portsever
nmapT5192.168.1.0/24

#17:HowdoIdetectremoteoperatingsystem?
YoucanidentifyaremotehostappsandOSusingtheOoption:
nmapO192.168.1.1
nmapOosscanguess192.168.1.1
nmapvOosscanguess192.168.1.1

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

10/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Sampleoutputs:

StartingNmap5.00(http://nmap.org)at2012112701:29IST
NSE:Loaded0scriptsforscanning.
InitiatingARPPingScanat01:29
Scanning192.168.1.1[1port]
CompletedARPPingScanat01:29,0.01selapsed(1totalhosts)
InitiatingParallelDNSresolutionof1host.at01:29
CompletedParallelDNSresolutionof1host.at01:29,0.22selapsed
InitiatingSYNStealthScanat01:29
Scanning192.168.1.1[1000ports]
Discoveredopenport80/tcpon192.168.1.1
Discoveredopenport22/tcpon192.168.1.1
CompletedSYNStealthScanat01:29,0.16selapsed(1000totalports)
InitiatingOSdetection(try#1)against192.168.1.1
RetryingOSdetection(try#2)against192.168.1.1
RetryingOSdetection(try#3)against192.168.1.1
RetryingOSdetection(try#4)against192.168.1.1
RetryingOSdetection(try#5)against192.168.1.1
Host192.168.1.1isup(0.00049slatency).
Interestingportson192.168.1.1:
Notshown:998closedports
PORTSTATESERVICE
22/tcpopenssh
80/tcpopenhttp
MACAddress:BC:AE:C5:C3:16:93(Unknown)
Devicetype:WAP|generalpurpose|router|printer|broadbandrouter
Running(JUSTGUESSING):LinksysLinux2.4.X(95%),Linux2.4.X|2.
6.X(94%),MikroTikRouterOS3.X(92%),Lexmarkembedded(90%),Ent
erasysembedded(89%),DLinkLinux2.4.X(89%),NetgearLinux2.4.
X(89%)
AggressiveOSguesses:OpenWrtWhiteRussian0.9(Linux2.4.30)(95
%),OpenWrt0.97.09(Linux2.4.302.4.34)(94%),OpenWrtKamik
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

11/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

aze7.09(Linux2.6.22)(94%),Linux2.4.212.4.31(likelyembedd
ed)(92%),Linux2.6.152.6.23(embedded)(92%),Linux2.6.152
.6.24(92%),MikroTikRouterOS3.0beta5(92%),MikroTikRouterOS3.
17(92%),Linux2.6.24(91%),Linux2.6.22(90%)
NoexactOSmatchesforhost(IfyouknowwhatOSisrunningonit,
seehttp://nmap.org/submit/).
TCP/IPfingerprint:
OS:SCAN(V=5.00%D=11/27%OT=22%CT=1%CU=30609%PV=Y%DS=1%G=Y%M=BCAEC5%TM=50B3CA
OS:4B%P=x86_64unknownlinuxgnu)SEQ(SP=C8%GCD=1%ISR=CB%TI=Z%CI=Z%II=I%TS=7
OS:)OPS(O1=M2300ST11NW2%O2=M2300ST11NW2%O3=M2300NNT11NW2%O4=M2300ST11NW2%O5
OS:=M2300ST11NW2%O6=M2300ST11)WIN(W1=45E8%W2=45E8%W3=45E8%W4=45E8%W5=45E8%W
OS:6=45E8)ECN(R=Y%DF=Y%T=40%W=4600%O=M2300NNSNW2%CC=N%Q=)T1(R=Y%DF=Y%T=40%S
OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=
OS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID
OS:=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptimeguess:12.990days(sinceWedNov1401:44:402012)
NetworkDistance:1hop
TCPSequencePrediction:Difficulty=200(Goodluck!)
IPIDSequenceGeneration:Allzeros
Readdatafilesfrom:/usr/share/nmap

OSdetectionperformed.Pleasereportanyincorrectresultsathttp://nmap.org
Nmapdone:1IPaddress(1hostup)scannedin12.38seconds
Rawpacketssent:1126(53.832KB)|Rcvd:1066(46.100KB)

Seealso:Fingerprintingawebserverandadnsservercommandlinetoolsformore
information.

#18:HowdoIdetectremoteservices(server/daemon)version
numbers?

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

12/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

nmapsV192.168.1.1

Sampleoutputs:

StartingNmap5.00(http://nmap.org)at2012112701:34IST
Interestingportson192.168.1.1:
Notshown:998closedports
PORTSTATESERVICEVERSION
22/tcpopensshDropbearsshd0.52(protocol2.0)
80/tcpopenhttp?
1serviceunrecognizeddespitereturningdata.

#19:ScanahostusingTCPACK(PA)andTCPSyn(PS)ping
IffirewallisblockingstandardICMPpings,trythefollowinghostdiscoverymethods:

nmapPS192.168.1.1
nmapPS80,21,443192.168.1.1
nmapPA192.168.1.1
nmapPA80,21,200512192.168.1.1

#20:ScanahostusingIPprotocolping
nmapPO192.168.1.1

#21:ScanahostusingUDPping
ThisscanbypassesfirewallsandfiltersthatonlyscreenTCP:

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

13/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

nmapPU192.168.1.1
nmapPU2000.2001192.168.1.1

#22:FindoutthemostcommonlyusedTCPportsusingTCPSYN
Scan
###Stealthyscan###
nmapsS192.168.1.1

###FindoutthemostcommonlyusedTCPportsusingTCPconnectscan(warning:nostealthscan)
###OSFingerprinting###
nmapsT192.168.1.1

###FindoutthemostcommonlyusedTCPportsusingTCPACKscan
nmapsA192.168.1.1

###FindoutthemostcommonlyusedTCPportsusingTCPWindowscan
nmapsW192.168.1.1

###FindoutthemostcommonlyusedTCPportsusingTCPMaimonscan
nmapsM192.168.1.1

#23:ScanahostforUDPservices(UDPscan)
MostpopularservicesontheInternetrunovertheTCPprotocol.DNS,SNMP,and
DHCParethreeofthemostcommonUDPservices.Usethefollowingsyntaxtofindout
UDPservices:

nmapsUnas03
nmapsU192.168.1.1

Sampleoutputs:
StartingNmap5.00(http://nmap.org)at2012112700:52IST
Stats:0:05:29elapsed;0hostscompleted(1up),1undergoingUDPScan
UDPScanTiming:About32.49%done;ETC:01:09(0:11:26remaining)
Interestingportsonnas03(192.168.1.12):
Notshown:995closedports
PORTSTATESERVICE
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

14/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

111/udpopen|filteredrpcbind
123/udpopen|filteredntp
161/udpopen|filteredsnmp
2049/udpopen|filterednfs
5353/udpopen|filteredzeroconf
MACAddress:00:11:32:11:15:FC(SynologyIncorporated)

Nmapdone:1IPaddress(1hostup)scannedin1099.55seconds

#24:ScanforIPprotocol
ThistypeofscanallowsyoutodeterminewhichIPprotocols(TCP,ICMP,IGMP,etc.)
aresupportedbytargetmachines:

nmapsO192.168.1.1

#25:Scanafirewallforsecurityweakness
ThefollowingscantypesexploitasubtleloopholeintheTCPandgoodfortesting
securityofcommonattacks:
##TCPNullScantofoolafirewalltogeneratearesponse##
##Doesnotsetanybits(TCPflagheaderis0)##
nmapsN192.168.1.254

##TCPFinscantocheckfirewall##
##SetsjusttheTCPFINbit##
nmapsF192.168.1.254

##TCPXmasscantocheckfirewall##
##SetstheFIN,PSH,andURGflags,lightingthepacketuplikeaChristmastree##
nmapsX192.168.1.254

SeehowtoblockXmaspackkets,synfloodsandotherconmanattackswithiptables.

#26:Scanafirewallforpacketsfragments
Thefoptioncausestherequestedscan(includingpingscans)tousetinyfragmented
IPpackets.TheideaistosplituptheTCPheaderover
severalpacketstomakeitharderforpacketfilters,intrusiondetectionsystems,and
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

15/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

otherannoyancestodetectwhatyouaredoing.

nmapf192.168.1.1
nmapffw2.nixcraft.net.in
nmapf15fw2.nixcraft.net.in
##Setyourownoffsetsizewiththemtuoption##
nmapmtu32192.168.1.1

#27:Cloakascanwithdecoys
TheDoptionitappeartotheremotehostthatthehost(s)youspecifyasdecoysare
scanningthetargetnetworktoo.ThustheirIDSmightreport510portscansfrom
uniqueIPaddresses,buttheywontknowwhichIPwasscanningthemandwhichwere
innocentdecoys:

nmapnDdecoyip1,decoyip2,yourownip,decoyip3,decoyip4remotehostip
nmapnD192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1192.168.1.5

#28:ScanafirewallforMACaddressspoofing
###SpoofyourMACaddress##
nmapspoofmacMACADDRESSHERE192.168.1.1

###Addotheroptions###
nmapvsTPNspoofmacMACADDRESSHERE192.168.1.1

###UsearandomMACaddress###
###Thenumber0,meansnmapchoosesacompletelyrandomMACaddress###
nmapvsTPNspoofmac0192.168.1.1

#29:HowdoIsaveoutputtoatextfile?
Thesyntaxis:
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

16/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

nmap192.168.1.1>output.txt
nmapoN/path/to/filename192.168.1.1
nmapoNoutput.txt192.168.1.1

#30:Notafanofcommandlinetools?
Tryzenmaptheofficialnetworkmapperfrontend:
ZenmapistheofficialNmapSecurityScannerGUI.Itisamultiplatform(Linux,
Windows,MacOSX,BSD,etc.)freeandopensourceapplicationwhichaimsto
makeNmapeasyforbeginnerstousewhileprovidingadvancedfeaturesfor
experiencedNmapusers.Frequentlyusedscanscanbesavedasprofilestomake
themeasytorunrepeatedly.Acommandcreatorallowsinteractivecreationof
Nmapcommandlines.Scanresultscanbesavedandviewedlater.Savedscan
resultscanbecomparedwithoneanothertoseehowtheydiffer.Theresultsof
recentscansarestoredinasearchabledatabase.
Youcaninstallzenmapusingthefollowingaptgetcommand:
$sudoaptgetinstallzenmap

Sampleoutputs:

[sudo]passwordforvivek:
Readingpackagelists...Done
Buildingdependencytree
Readingstateinformation...Done
ThefollowingNEWpackageswillbeinstalled:
zenmap
0upgraded,1newlyinstalled,0toremoveand11notupgraded.
Needtoget616kBofarchives.
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

17/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Afterthisoperation,1,827kBofadditionaldiskspacewillbeused.

Get:1http://debian.osuosl.org/debian/squeeze/mainzenmapamd645.003[616k
Fetched616kBin3s(199kB/s)
Selectingpreviouslydeselectedpackagezenmap.
(Readingdatabase...281105filesanddirectoriescurrentlyinstalled.)
Unpackingzenmap(from.../zenmap_5.003_amd64.deb)...
Processingtriggersfordesktopfileutils...
Processingtriggersforgnomemenus...
Processingtriggersformandb...
Settingupzenmap(5.003)...
Processingtriggersforpythoncentral...

Typethefollowingcommandtostartzenmap:
$sudozenmap

Sampleoutputs

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

18/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Fig.02:zenmapinaction

HowdoIdetectandblockportscanning?
Trythefollowingresources:
1. Howtousepsadtooltodetectandblockportscanattacksinrealtime.
2. Debian/UbuntuLinux:InstallandConfigureShorelineFirewall(Shorewall).
3. CentOS/RedhatIptablesFirewallConfigurationTutorial.
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

19/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

4. Linux:20IptablesExamplesForNewSysAdmins.
5. 20LinuxServerHardeningSecurityTips.
References:

TheofficialNmapprojectguidetonetworkdiscoveryandsecurityScanning.
TheofficialNmapprojecthomepage.
Thenmapcommandhasmanymoreoptions,pleasegothroughmanpageorthe
documentationformoreinformation.Whataresomeofyourfavoritenmapcommand
linetricks?Shareyourfavoritetips,tricks,andadviceinthecommentsbelow.
Sharethison:
Twitter

Facebook

Google+

DownloadPDFversion

Foundanerror/typoonthispage?

Abouttheauthor:VivekGiteisaseasonedsysadminandatrainerfortheLinux/Unix&shell
scripting.FollowhimonTwitter.ORreadmorelikethis:
15GreatestOpenSourceTerminalApplicationsOf2012
LinuxifdataCommand:SeeNetworkInterfaceInfoWithoutParsingifconfig
5Linux/UnixCommandsForConnectingToTheSerialConsole
agedu:Unix/LinuxCommandForTrackingDownWastedDiskSpace
Goldendict:AFeaturerichDictionaryLookupLinuxProgram
HowTo:ConnectTwoWirelessRouterWirelessly(Bridge)WithOpenSource
CollectingUbuntuLinuxSystemInformation
30CoolOpenSourceSoftwareIDiscoveredin2013
BookReview:FreeBSDMastery:SpecialtyFilesystem
TestingHTTPStatus:206PartialContentandRangeRequests

Taggedas:Apple,DebianLinux,FreeBSD,Linux,Ubuntu,Unix

{22commentsaddone}
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

20/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Ar3xXx May13,2016,12:47pm
ThxmateIwillusethisascheatsheet:)
Reply

phoenix6142 March16,2016,12:15am
Ifoundthisarticleveryhelpful.ImdefinitelysavingthisBookmarkforfuturereference.
IvebeenusingnmapsP192.168.1.0/24foraverylongtimejusttoseewhichclients
areonline.OSDetectisalsoveryusefulinArmitageandMetasploit.LongliveLinux!
Reply

P4 January5,2016,1:36pm
forblockingaportscangiveportsentryatry:)
https://plus.google.com/+RemikPi/posts/TB3Wu2xJMsB
Reply

BobCynic November10,2014,5:29am
Beautifullyformattedmanpagethanks!)
Reply

far November4,2014,3:30am
whatdoesnmapsnPI192.168.1.0/24do?
Reply

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

21/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Scott September22,2014,6:00pm
AnyonegotanyexamplesofusingnmaptogenerateaRARPmessage?
Reply

MurphyMason June21,2014,4:52pm
veryinterreting
Reply

HD May6,2014,12:09pm
Thequestionishowtomonitorpeoplewhouse/runNMAPandcreateareportaboutit

Thanks
Reply

benhuan December10,2013,9:41am
Loveit,Thanksforsharing
Reply

s33d3r November7,2013,5:59am
VeryUsefulandThanksfortheinformation
Reply

Andrew July23,2013,3:46pm
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

22/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Oneoftheusesfornmap,asstatedabove,istofindoutifthesystemisinfectedwith
malwareorvirus.Howisthisaccomplished?Areyoureferringtousingthescript,http
malwarehost?
Reply

SMohamed May15,2013,12:40pm
MyfavoritenmaptoscanforOSofarangeofIPs,withoutputasaXMLfile:
nmapAT3oXMyFile.xml192.168.56.101120
(A:OSdetection,versiondetection,scriptscanning,tracerouteT3:Speedmedium)
Reply

Ksdyathish December7,2012,6:18pm
Veryveryusefulandsimplecommands!Thankyou.
Reply

Awhitehatter November30,2012,10:48pm
SeveralplacesmentionedthePNswitch,butthisisdepreciated,usePninstead.
Pn(Noping).
ThisoptionskipstheNmapdiscoverystagealtogether.Normally,Nmapusesthisstage
todetermineactivemachinesforheavierscanning.Bydefault,Nmaponlyperforms
heavyprobingsuchasportscans,versiondetection,
orOSdetectionagainsthoststhatarefoundtobeup.DisablinghostdiscoverywithPn
causesNmaptoattempttherequestedscanningfunctionsagainsteverytargetIP
addressspecified.SoifaclassBtargetaddress
space(/16)isspecifiedonthecommandline,all65,536IPaddressesarescanned.
Properhostdiscoveryisskippedaswiththelistscan,butinsteadofstoppingand
printingthetargetlist,Nmapcontinuestoperform
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

23/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

requestedfunctionsasifeachtargetIPisactive.Toskippingscanandportscan,while
stillallowingNSEtorun,usethetwooptionsPnsntogether.
Formachinesonalocalethernetnetwork,ARPscanningwillstillbeperformed(unless
sendipisspecified)becauseNmapneedsMACaddressestofurtherscantarget
hosts.InpreviousversionsofNmap,PnwasP0.
andPN..
Reply

DUNGNA November28,2012,1:49pm
Thanksyouforsharing!
Reply

Chris November27,2012,8:07pm
Thanksforthisveryusefullpost!!
Reply

JalalHajigholamali November27,2012,5:49am
Hi,
Veryniceandusefularticle
Thanksagain
Reply

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

24/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

cycop November27,2012,4:58am
NiceInfo,,,
Reply
Nullyman January16,2015,6:48pm
hellopleasihavedownloadnmapandinstall,butidntknowwhertoevenrunit
Reply
HoppingBunny May14,2015,3:20am
Ifyouareonalinuxorsimilarsystem,itshouldbeavailableonthecommand
linelikethis:
sudonmapFhttp://www.gmail.com<==typethisonthecommandline
youwillgettheoutputbelow:
StartingNmap5.51(http://nmap.org)at2015051323:18EDT
Nmapscanreportforhttp://www.gmail.com(216.58.219.197)
Hostisup(0.010slatency).
rDNSrecordfor216.58.219.197:lga25s40inf5.1e100.net
Notshown:98filteredports
PORTSTATESERVICE
80/tcpopenhttp
443/tcpopenhttps
Reply

Roy November27,2012,4:30am
Ilovenamp.GreatpostSir.
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

25/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Reply

Felipe November26,2012,10:32pm
Wow!Prettygoodandeasy.Thankyousomuchforthegreattopic,Imahugefanof
nmap/zenmap
Reply

Security:Areyouarobotorhuman?
I'm not a robot
reCAPTCHA
Privacy - Terms

LeaveaComment
Name

Email

Comment

ReceiveEmailNotifications?
yes,repliestomycomment
Or,youcansubscribewithoutcommenting.
http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

instantly

26/27

9/24/2016

Top30NmapCommandExamplesForSys/NetworkAdmins

Submit

Nextpost:DownloadSamba4:ActiveDirectoryCompatibleServer
Previouspost:diffCommand:ColorizeOutputOnTheUnix/LinuxCommandLine

20002016nixCraft.Allrightsreserved.PrivacyPolicyTermsofServiceQuestionsorComments
ThecontentiscopyrightedtonixCraftandmaynotbereproducedonotherwebsites.

http://www.cyberciti.biz/networking/nmapcommandexamplestutorials/

27/27

You might also like