Network Mapper or NMAP is powerful open source network scanner, which may scan network hosts, subnets and ports. NMAP may be used as CLI tool or with GUI (Zenmap). Today we show how it works in command line interface.
sudo apt install nmap -y
user@localhost:~$ nmap --help
Nmap 7.93 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
...
nmap 192.168.8.198
user@localhost:~$ nmap 192.168.8.198
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:15 +05
Nmap scan report for 192.168.8.198
Host is up (0.00015s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
nmap -A example.com
user@localhost:~$ nmap -A example.com
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:17 +05
Nmap scan report for example.com (93.184.215.14)
Host is up (0.24s latency).
Other addresses for example.com (not scanned): 2606:2800:21f:cb07:6820:80da:af6b:8b2c
Not shown: 996 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
80/tcp open http ECAcc (dcd/7D26)
|_http-title: Example Domain
| fingerprint-strings:
| GetRequest:
| HTTP/1.0 404 Not Found
| Content-Type: text/html
| Date: Sun, 15 Dec 2024 14:18:07 GMT
| Server: ECAcc (dcd/7D26)
| Content-Length: 345
| Connection: close
| <?xml version="1.0" encoding="iso-8859-1"?>
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 93.92 seconds
nmap -A -Pn 192.168.8.180
user@localhost:~$ nmap -A -Pn 192.168.8.180
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:21 +05
Nmap scan report for 192.168.8.180
Host is up (0.0086s latency).
Not shown: 980 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
21/tcp filtered ftp
23/tcp filtered telnet
80/tcp filtered http
110/tcp filtered pop3
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp filtered imap
199/tcp filtered smux
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
554/tcp filtered rtsp
995/tcp filtered pop3s
1025/tcp filtered NFS-or-IIS
2638/tcp filtered sybase
3306/tcp filtered mysql
3389/tcp filtered ms-wbt-server
5900/tcp filtered vnc
8888/tcp filtered sun-answerbook
9011/tcp filtered d-star
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.64 seconds
nmap 192.168.8.0/24
sudo nmap -sP 192.168.8.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort
Result:
user@localhost:~$ sudo nmap -sP 192.168.8.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort
192.168.8.198 => XX:XX:XX:XX:XX:XX
192.168.8.150 => XX:XX:XX:XX:XX:XX
192.168.8.8 => XX:XX:XX:XX:XX:XX
These methods may be used for operation system or firmware version detection:
sudo nmap -v -Pn -O 192.168.8.110
sudo nmap -vv -O 192.168.8.110
sudo nmap -T4 -A 192.168.8.110
sudo nmap -sV 192.168.8.110