How To Use

Nmap is a really really complicated tool, so consult the extensive manual to really use it properly.

The Man Page

$ man nmap

The Short Version

You run nmap like this:

Usage: nmap [Scan Type(s)] [Options] {target specification}

If you read through the manual, it is organized this way:

first, target specification is covered
then, increasingly intrusive levels of scan type are described in order
within each chapter on a scan type, the different options are described

Basic Network Scans

DNS Only for Host Discovery

The Host Discovery section (http://nmap.org/book/man-host-discovery.html) starts by covering basic host discovery, with least intrusive first. In this case, a list lookup doesn't even send packets to the specified addresses, it just does a DNS lookup on them.

nmap -sS 10.0.0.0/24

The target specification section (http://nmap.org/book/man-target-specification.html) covers what the ip address range above means, and I'll explain here too. The trailing /24 means, all permutations of the last 24 bits (that is, 0-254, the normal range of IP addresses).

Fast Scan

To do a fast scan, which only scans the lowest 100 ports, use the -F flag:

$ nmap -F 192.168.0.*

This is a good way to quickly discover the most common services running on other network nodes.

Aggressive Network Scan

To do a more advanced/aggressive network scan, can do something like:

$ nmap -sS -sV -A 10.0.0.27

where -A is for aggressive, attempts to determine version numbers of running services as well as return information about the operating system.

UPnP

See Nmap/UPnP

Nmap

From charlesreid1

Contents