Mohit Blog

Nmap | Basic Commands | For Beginners | By Mohit Damke

Nmap | Basic Commands | For Beginners | By Mohit Damke

Mohit Damke's photo
Mohit Damke
ยท

4 min read

Table of contents

1. Ping Scan:

The ping scan is a simple way to check if a host is alive on the network. It sends ICMP echo requests (commonly known as "pings") to the target host(s) and waits for responses.

nmap -sn <target>

  • -sn: This option tells Nmap to perform a ping scan.

  • <target>: Replace this with the IP address or range you want to scan.

Explanation: A ping scan helps you determine which hosts are active on your network without going into detailed port scanning. It's often used as a preliminary step in network reconnaissance.

2. Port Scan:

Port scanning is one of the primary functions of Nmap. It allows you to discover open ports on a target host, which can provide valuable information about available services.

nmap -p <ports> <target>

  • -p: This option specifies the ports you want to scan.

  • <ports>: Replace this with the port number or range you want to scan.

  • <target>: The IP address or hostname of the target system.

Explanation: Port scanning is essential for identifying which services are running on a target host and can help pinpoint potential vulnerabilities.

3. Scan a Range of Ports:

You can scan a range of ports by specifying the starting and ending port numbers separated by a hyphen.

nmap -p <start_port>-<end_port> <target>

  • <start_port>: The first port in the range.

  • <end_port>: The last port in the range.

Explanation: This command is useful when you want to scan a specific range of ports on a target host, rather than scanning individual ports.

4. Service Version Detection:

Service version detection helps you identify the specific software and its version running on open ports.

nmap -p <ports> -sV <target>

  • -sV: This option enables service version detection.

  • <ports>: The port or range of ports you want to scan.

  • <target>: The target host's IP address or hostname.

Explanation: Knowing the service version can be crucial for assessing vulnerabilities and ensuring that software is up to date.

5. Aggressive Scan:

The aggressive scan, also known as -A or "All-Script Scan," combines various Nmap scripts and scan techniques to gather extensive information about the target.

nmap -A <target>

  • -A: This option enables the aggressive scan mode.

  • <target>: The IP address or hostname of the target system.

Explanation: An aggressive scan provides a comprehensive assessment of a target, including OS detection, service enumeration, and vulnerability detection.

6. Scan All Ports:

Sometimes you may want to scan all possible ports to ensure no service is overlooked.

nmap -p- <target>

  • -p-: This option tells Nmap to scan all 65535 ports.

  • <target>: The IP address or hostname of the target system.

Explanation: Scanning all ports can be time-consuming but ensures you don't miss any open service.

7. Scan Multiple Hosts:

Nmap allows you to scan multiple hosts simultaneously by specifying their IP addresses or hostnames separated by spaces.

nmap <target1> <target2> <target3> ...

Explanation: This command is useful for scanning multiple hosts in a single command, making it efficient for network administrators.

These basic Nmap commands serve as a foundation for more advanced network scanning and security assessments. Understanding these commands is essential for anyone working with network security or administration.

Save the Result

You can save the results of an Nmap scan to a text file on your desktop by using the output redirection feature in your command. Here's how you can do it:

  1. Open your terminal or command prompt on your computer.

  2. Run the Nmap scan command you want to use, and add the output redirection (>) followed by the path to your desktop and the filename with a .txt extension. For example, let's say you want to perform a simple ping scan and save the results to a file called scan_results.txt on your desktop:

nmap -sn <target> > ~/Desktop/scan_results.txt

  • -sn: This is the ping scan command.

  • <target>: Replace this with the IP address or range you want to scan.

  • > ~/Desktop/scan_results.txt: This part of the command specifies that the output should be redirected to a file called scan_results.txt located on your desktop. Make sure to adjust the filename and path as needed.

  1. Press Enter to run the command. Nmap will perform the scan, and the results will be saved to the specified text file on your desktop.

After the scan is completed, you can go to your desktop, and you should find a file named scan_results.txt containing the output of your Nmap scan.

nmapmohitdamkeCommandslinux-commandslinux for beginners
ย