Introduction
In the vast digital landscape of the internet, understanding the layout of networks is crucial. Whether you’re a curious enthusiast or an aspiring cybersecurity expert, Nmap (Network Mapper) is a tool you should be acquainted with. Nmap is a powerful and versatile open-source network scanner that helps you discover hosts and services on a computer network, thus creating a “map” of the network. In this beginner-friendly guide, we will walk you through the basic concepts of Nmap, how it works, and introduce you to 20 essential Nmap commands and flags along with their explanations.
What is Nmap?
Nmap is like a digital detective that probes a network to discover all active devices, open ports, services running, and their versions. It operates by sending packets to the target network and analysing the responses. This information is vital for network administrators and security professionals to understand their network’s vulnerabilities and secure it effectively.
How Nmap Works:
At its core, Nmap sends packets to the target network and analyses the responses. It determines which hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems they are running on, and which type of packet filters/firewalls are in use.
Basic Nmap Commands and Flags:
nmap [target]
: This is the most basic Nmap command. Replace[target]
with the IP address or hostname of the target system. It will scan the most common 1,000 TCP ports of the target.nmap -sP [target]
: This command performs a ping scan to check if the target hosts are online.nmap -F [target]
: Fast scan mode, scans fewer ports than the default scan.nmap -sS [target]
: Stealth scan mode, uses SYN packets to scan.nmap -O [target]
: OS detection, attempts to determine the operating system running on the target.nmap -A [target]
: Aggressive scan, combines OS detection, version detection, script scanning, and traceroute.nmap -p- [target]
: Scans all 65535 ports on the target.nmap --top-ports [number] [target]
: Scan the top N most common ports instead of the default 1000.nmap -v [target]
: Verbose mode, shows detailed information about the scan progress.nmap -sU [target]
: UDP scan, useful for scanning services such as DNS and DHCP.nmap -PN [target]
: Treats the target as online and does not perform host discovery.nmap --script [script] [target]
: Runs a specific Nmap script against the target.nmap -oN [filename] [target]
: Saves the scan results to a specified file in normal format.nmap -sV [target]
: Version detection, attempts to determine the version of the services running on the target.nmap --unprivileged [target]
: Allows unprivileged users to perform scans.nmap -T[0-5] [target]
: Specifies the timing template (from paranoid to insane) for the scan.nmap --reason [target]
: Displays the reason a port is in a particular state.nmap --open [target]
: Only shows open (and possibly open) ports.nmap -sC [target]
: Default script scan, runs a set of Nmap scripts against the target.nmap --exclude [host1[,host2],...] [target]
: Excludes specified hosts from the scan.
Remember, while Nmap is a powerful tool, always ensure you have proper authorization before scanning any network. With these basic commands and flags, you are on your way to understanding the fundamentals of network scanning using Nmap.
Happy scanning!
Ready to master the art of hacking safely? Join our free workshop and dive into the world of Penetration Testing today!
Follow us on Instagram, Facebook, YouTube, Telegram and LinkedIn for the latest updates and workshop details!