Revision as of 04:52, 27 August 2016

How To Use

Nmap is a really really complicated tool, so consult the extensive manual to really use it properly.

The Man Page

$ man nmap

The Short Version

You run nmap like this:

Usage: nmap [Scan Type(s)] [Options] {target specification}

If you read through the manual, it is organized this way:

first, target specification is covered
then, increasingly intrusive levels of scan type are described in order
within each chapter on a scan type, the different options are described

Basic Network Scans

DNS Only for Host Discovery

The Host Discovery section (http://nmap.org/book/man-host-discovery.html) starts by covering basic host discovery, with least intrusive first. In this case, a list lookup doesn't even send packets to the specified addresses, it just does a DNS lookup on them.

nmap -sS 10.0.0.0/24

The target specification section (http://nmap.org/book/man-target-specification.html) covers what the ip address range above means, and I'll explain here too. The trailing /24 means, all permutations of the last 24 bits (that is, 0-254, the normal range of IP addresses).

Fast Scan

To do a fast scan, which only scans the lowest 100 ports, use the -F flag:

$ nmap -F 192.168.0.*

This is a good way to quickly discover the most common services running on other network nodes.

Advanced Network Scan

To do a more advanced network scan, can do something like:

$ nmap -sS -sV -A 10.0.0.27

UPnP

See Nmap/UPnP

@@ Line 45: / Line 45: @@
 This is a good way to quickly discover the most common services running on other network nodes.
-=Advanced Network Scan=
+==Advanced Network Scan==
 To do a more advanced network scan, can do something like:
@@ Line 52: / Line 52: @@
 $ nmap -sS -sV -A 10.0.0.27
 </pre>
 =UPnP=

Nmap: Difference between revisions

From charlesreid1