Scribd
Upload
2 views6 pages

Lecture-17-NMAP

Nmap is an open-source tool for network discovery and security auditing, widely used for host discovery, port scanning, and vulnerability detection. It is available on multiple platforms, with enhanced capabilities in Linux environments. The document outlines key features, basic syntax, installation instructions, common usage examples, and options for effective network scanning.

Uploaded by

fareenashahbaz42
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views6 pages

Lecture-17-NMAP

Nmap is an open-source tool for network discovery and security auditing, widely used for host discovery, port scanning, and vulnerability detection. It is available on multiple platforms, with enhanced capabilities in Linux environments. The document outlines key features, basic syntax, installation instructions, common usage examples, and options for effective network scanning.

Uploaded by

fareenashahbaz42
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Introduction to Nmap

Nmap (Network Mapper) is an open-source network discovery and security auditing tool. It is
widely used for:

 Network exploration
 Host discovery
 Port scanning
 Service version detection
 OS detection
 Vulnerability detection (with scripts)

Nmap is available for Linux, Windows, and macOS but is most powerful in Linux environments.

Key Features of Nmap


1. Host discovery (finding live hosts in a network)
2. Port scanning (detecting open, closed, and filtered ports)
3. Service detection (identifying running services and versions)
4. OS detection (guessing the OS and hardware details)
5. Scriptable Interaction (Nmap Scripting Engine — NSE — for vulnerability scanning)

Basic Syntax
nmap [Scan Type(s)] [Options] {target specification}

Target specification can be IP addresses, hostname, or IP ranges.

Installation in Linux

sudo apt update


sudo apt install nmap
sudo yum install nmap
Common Usage and Examples
1. Ping Scan (Discovering Live Hosts)

nmap -sn 192.168.1.0/24

This will ping all devices in the subnet and show which hosts are up.

2. Scanning a Single Host

nmap 192.168.1.10

Scans for open ports on the given IP address.

3. Scanning Multiple Hosts

nmap 192.168.1.10 192.168.1.15 192.168.1.20

Scan multiple IPs at once.

4. Scanning a Range of IPs

nmap 192.168.1.1-50

Scan IPs from .1 to .50.

5. Scanning a Subnet

nmap 192.168.1.0/24
Scan all devices on a subnet.

6. Port Scanning (TCP by default)

nmap -p 22,80,443 192.168.1.10

Check if specific ports (22, 80, 443) are open.

nmap -p 1-1000 192.168.1.10

Scan port range from 1 to 1000.

7. Service Version Detection

nmap -sV 192.168.1.10

Detect services and versions running on open ports.

8. Operating System Detection

nmap -O 192.168.1.10

Attempt to detect the operating system.

9. Aggressive Scan (OS + Version + Script Scan + Traceroute)

nmap -A 192.168.1.10

Performs a deep scan.


10. Scan Top 1000 Common Ports

nmap 192.168.1.10

🔹 By default, Nmap scans top 1000 ports.

11. Stealth Scan (SYN scan)

nmap -sS 192.168.1.10

🔹 Performs a stealthy TCP SYN scan (default for privileged users).

12. UDP Scan

nmap -sU -p 53,123,161 192.168.1.10

🔹 Scans for open UDP ports (e.g., DNS, NTP, SNMP).

13. Using Nmap Scripts (NSE)

nmap --script vuln 192.168.1.10

Run vulnerability detection scripts.

14. Scan and Output to File

nmap -A -oN output.txt 192.168.1.10

Save the scan results in a text file.


nmap -A -oX output.xml 192.168.1.10

🔹 Save output in XML format.

15. Scan with Timing Options (faster scanning)

nmap -T4 192.168.1.10

-T0 to -T5 (T0 slowest, T5 fastest — T3 is default).

16. Detect Firewall and Filtered Ports

nmap -sA 192.168.1.10

Perform ACK scan to detect presence of a firewall.

17. Detect Devices Using MAC Address

nmap -sP 192.168.1.0/24

Show hosts and their MAC addresses.


Common Nmap Options
Option Purpose
-sn Ping scan only (host discovery)
-p Specify ports to scan
-sS Stealth TCP SYN scan
-sU UDP scan
-sV Service version detection
-O OS detection
-A Aggressive scan (OS detection + services + scripts)
-T0 to -T5 Timing template (from slowest to fastest)
-oN Output in normal text file
-oX Output in XML format
--script Use Nmap scripting engine for vulnerability detection

Findings
Nmap is one of the most powerful tools for network mapping and security auditing. Mastery of
Nmap allows security professionals to understand network configurations, detect vulnerabilities,
and prepare defenses against network-based attacks.

You might also like