From charlesreid1

How To Use

Nmap is a really really complicated tool, so consult the extensive manual to really use it properly.

The Man Page

$ man nmap

The Short Version

You run nmap like this:

Usage: nmap [Scan Type(s)] [Options] {target specification}

If you read through the manual, it is organized this way:

  • first, target specification is covered
  • then, increasingly intrusive levels of scan type are described in order
  • within each chapter on a scan type, the different options are described

Basic Network Scans

DNS Only for Host Discovery

The Host Discovery section ( starts by covering basic host discovery, with least intrusive first. In this case, a list lookup doesn't even send packets to the specified addresses, it just does a DNS lookup on them.

nmap -sS

The target specification section ( covers what the ip address range above means, and I'll explain here too. The trailing /24 means, all permutations of the last 24 bits (that is, 0-254, the normal range of IP addresses).

Fast Scan

To do a fast scan, which only scans the lowest 100 ports, use the -F flag:

$ nmap -F 192.168.0.*

This is a good way to quickly discover the most common services running on other network nodes.

Aggressive Network Scan

To do a more advanced/aggressive network scan, can do something like:

$ nmap -sS -sV -A

where -A is for aggressive, attempts to determine version numbers of running services as well as return information about the operating system.


See Nmap/UPnP