Learn Nmap with 5 examples

Here are five examples of Nmap commands for host discovery, port scanning, and their expected outputs:

  1. Host Discovery with Ping Scan
   nmap -sn 192.168.1.0/24

This command performs a ping scan (-sn) to quickly discover hosts that are up in the specified subnet without performing a port scan.

Expected Output:

   Starting Nmap 7.70 ( https://nmap.org ) at 2024-06-05
   Nmap scan report for 192.168.1.1
   Host is up (0.0010s latency).
   Nmap scan report for 192.168.1.2
   Host is up (0.0011s latency).
   ...
   Nmap done: 256 IP addresses (5 hosts up) scanned in 2.53 seconds
  1. Port Scan on Top Ports
   nmap --top-ports 10 192.168.1.105

This scans the top 10 most common ports on the host 192.168.1.105.

Expected Output:

   Starting Nmap 7.70 ( https://nmap.org ) at 2024-06-05
   Nmap scan report for 192.168.1.105
   PORT     STATE    SERVICE
   21/tcp   open     ftp
   22/tcp   open     ssh
   23/tcp   closed   telnet
   ...
   Nmap done: 1 IP address (1 host up) scanned in 0.58 seconds
  1. OS Detection and Version Scanning
   nmap -A 192.168.1.105

The -A option enables OS detection, version detection, script scanning, and traceroute.

Expected Output:

   Starting Nmap 7.70 ( https://nmap.org ) at 2024-06-05
   Nmap scan report for 192.168.1.105
   Host is up (0.00080s latency).
   Not shown: 998 closed ports
   PORT     STATE SERVICE VERSION
   22/tcp   open  ssh     OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
   80/tcp   open  http    Apache httpd 2.4.38 ((Debian))
   ...
   Device type: general purpose
   Running: Linux 3.X|4.X
   OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
   OS details: Linux 3.2 - 4.9
   Network Distance: 1 hop
  1. TCP SYN Scan
   nmap -sS 192.168.1.105

The -sS option performs a SYN scan, which is less intrusive and stealthier than a connect scan.

Expected Output:

   Starting Nmap 7.70 ( https://nmap.org ) at 2024-06-05
   Nmap scan report for 192.168.1.105
   All 1000 scanned ports on 192.168.1.105 are closed
   Nmap done: 1 IP address (1 host up) scanned in 2.97 seconds
  1. Save Output to a File
   nmap -oN output.txt 192.168.1.105

The -oN option saves the scan results to a file named output.txt.

Expected Output:

   # The output will be saved to output.txt and will not be displayed on the screen.

These examples should give you a good starting point for using Nmap for various network scanning tasks.

Leave a Comment