Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.  

How To Install Nmap

Nmap should be installed by default on your system, but if it isn’t, you can install it with the package manager of your distro. Also, you can install the GUI for nmap: Zenmap.

sudo apt-get install zenmap

Basic Nmap Scan

Scanning a single ip address:

Scan an ip address:# nmap 192.168.100.1

         2. Scan a host name:# nmap www.google.com          3. Scan an ip and get more information:

nmap -v 192.168.100.1

Nmap Commands To Discover Your LAN

If you want to make a simple scan you can try scanning your LAN.

Typeifconfigas root to know the broadcast ip address.Search the Bcast ip in the active interface, for example, wlan0

3. In my LAN the Bcast ip is: 192.168.100.255 4. Make an nmap scan to the LAN:

nmap -sP 192.168.100.1-254

         5. With this scan you can discover the hosts presents in your LAN.  

Scanning multiple IP addresses With Nmap

nmap ip1 ip2 ip3

Example: 

nmap 192.168.100.1 192.168.100.3

       2. Working with the same subnet:

nmap 192.168.100.1,2,3

  1. Scanning an ip range:

nmap 192.168.100.1-5

  1. Scanning an entire subnet:

nmap 192.168.100.0/24

  1. Excluding hosts:

nmap 192.168.100.1-5 –exclude 192.168.100.3

Working with Functional Options

Detecting the OS

You must use the “A” option to detect the target’s operating system:

nmap -A 192.168.100.1

Also, you can use the “O” option. 2. Checking if the target is protected by a firewall You must use the “sA” option to detect the target’s firewall:

nmap -sA 192.168.100.1

  1. Discovering which devices are up You must make a ping scan with the “sP” option: 

nmap -sP 192.168.100.0/24

  1. Performing a fast scan If you want a fast scan you can use the “F” option:

nmap -F 192.168.100.1

5. Showing host interfaces and routers Use the “iflist” option:

nmap –iflist 192.168.100.3

Nmap Commands To Scan Ports

Nmap is able to recognize six port states:     

  1. open: An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port.
  2. closed: A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it.
  3. filtered: Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. 4. unfiltered: The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed.
  4. open | filtered: Nmap places ports in this state when it is unable to determine whether a port is open or filtered.
  5. closed | filtered This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.  

Port Scanning Techniques

Using Zenmap

Open Zenmap as rootEnter the targetChoose a profile, also you can type the scan in the command field or create a new profileClick “Scan”With Zenmap you can see the ports, host details, and topology of the scanAlso, you can save your scan as xml

This is a basic tutorial about Nmap, but this tool is very powerful, the number of things that you can do with Nmap is incredible. Also, you can find other powerful tools at Nmap’s website, and you can see the reference guide.

More information about Nmap

If you want to know more information visit: https://nmap.org/Also, you can buy the book: https://nmap.org/book/