top of page
Search
GeekGuy
Oct 25, 20214 min read

Top popular NMAP Linux Command Examples - Part 2

Continue from previous part 1 of this article.


The Nmap aka Network Mapper is an open source and a very versatile tool for Linux system/network administrators. Nmap is used for exploring networks, perform security scans, network audit and finding open ports on remote machine. It scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts.

I’ll be covering most of NMAP usage in two different parts and this is the first part of nmap serious. Here in this setup, I have used two servers without firewall to test the working of the Nmap command.

  1. 192.168.100.4 – variant1.airwallet365.com

  2. 192.168.100.5 – variant2.airwallet365.com

Nmap command usage

# nmap [Scan Type(s)] [Options] {target specification}

How to Install NMAP in Linux

Most of the today’s Linux distributions like Red Hat, CentOS, Fedoro, Debian and Ubuntu have included Nmap in their default package management repositories called Yum and APT. The both tools are used to install and manage software packages and updates. To install Nmap on distribution specific use the following command.

# yum install nmap		[on Red Hat based systems]
$ sudo apt-get install nmap	[on Debian based systems]

Once you’ve install latest nmap application, you can follow the example instructions provided in this article.


11. Scan a Host to Detect Firewall

The below command will perform a scan on a remote host to detect if any packet filters or Firewall is used by host.

[root@server1 ~]# nmap -sA 192.168.100.5

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST
All 1680 scanned ports on variant2.airwallet365.com (192.168.100.5) are UNfiltered
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds
You have new mail in /var/spool/mail/root

12. Scan a Host to check its protected by Firewall

To scan a host if it is protected by any packet filtering software or Firewalls.

[root@server1 ~]# nmap -PN 192.168.100.4

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST
Interesting ports on variant2.airwallet365.com (192.168.100.5):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds

13. Find out Live hosts in a Network

With the help of “-sP” option we can simply check which hosts are live and up in Network, with this option nmap skips port detection and other things.

[root@server1 ~]# nmap -sP 192.168.100.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST
Host variant1.airwallet365.com (192.168.100.4) appears to be up.
Host variant2.airwallet365.com (192.168.100.5) appears to be up.
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds

14. Perform a Fast Scan

You can perform a fast scan with “-F” option to scans for the ports listed in the nmap-services files and leaves all other ports.

[root@server1 ~]# nmap -F 192.168.100.5

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST
Interesting ports on variant2.airwallet365.com (192.168.100.5):
Not shown: 1234 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds

15. Find Nmap version

You can find out Nmap version you are running on your machine with “-V” option

[root@server1 ~]# nmap -V

Nmap version 4.11 ( http://www.insecure.org/nmap/ )
You have new mail in /var/spool/mail/root

16. Scan Ports Consecutively

Use the “-r” flag to don’t randomize.

[root@server1 ~]# nmap -r 192.168.100.5

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST
Interesting ports on variant2.airwallet365.com (192.168.100.5):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds

17. Print Host interfaces and Routes

You can find out host interface and route information with nmap by using “–iflist” option

[root@server1 ~]# nmap --iflist

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST
************************INTERFACES************************
DEV  (SHORT) IP/MASK          TYPE     UP MAC
lo   (lo)    127.0.0.1/8      loopback up
eth0 (eth0)  192.168.100.4/24 ethernet up 08:00:27:11:C7:89

**************************ROUTES**************************
DST/MASK      DEV  GATEWAY
192.168.100.0/0 eth0
169.254.0.0/0 eth0

In above output, you can see that map is listing interfaces attached to your system and their respective routes.

18. Scan for specific Port

There are various options to discover ports on remote machine with Nmap. You can specify the port you want nmap to scan with “-p” option, by default nmap scans only TCP ports.

[root@server1 ~]# nmap -p 80 variant2.airwallet365.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST
Interesting ports on variant2.airwallet365.com (192.168.100.5):
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) sca

19. Scan a TCP Port

You can also specify specific port types and numbers with nmap to scan.

[root@server1 ~]# nmap -p T:8888,80 variant2.airwallet365.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST
Interesting ports on variant2.airwallet365.com (192.168.100.5):
PORT     STATE SERVICE
80/tcp   open  http
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

20. Scan a UDP Port

[root@server1 ~]# nmap -sU 53 variant2.airwallet365.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST
Interesting ports on variant2.airwallet365.com (192.168.100.5):
PORT     STATE SERVICE
53/udp   open  http
8888/udp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds


Tags:

122 views0 comments

Related Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
Stationary photo

Be the first to know

Subscribe to our newsletter to receive news and updates.

Thanks for submitting!

Follow us
bottom of page