Nmap
Nmap is a network scanning tool that uses IP packets to identify all the devices connected to a network and to provide information on the services and operating systems they are running.
Nmap Commands
1. Scan a Range of IP Address
If you wish to scan the entire CIDR(classless inter-domain routing) range of IP addresses, you can use this command.
Command: nmap <IP range>
Example: nmap 162.16.121.125-135
2. Port Scanning
Nmap is the best port scanning tool. Performing port scans will provide you with details about port services and states. And not just that Nmap also provides options to scan popular ports and discover open ports. We will see that in the latter section of the article.
Command: nmap -p <numeric value> <IP>
Example: nmap -p 80 192.168.20.128
3. Ping Scan Using Nmap
This command sends an ICMP (Internet Control Message Protocol) echo request to all IP addresses of the network. But the major disadvantage of this type of scan is that some remote hosts block IP-based ping packets. Its popular example is– Windows Firewall with advanced security blocks ICMP echoes requests packets by default. This command comes up with details about the host and in comparison to other scannings, it is less aggressive.
Command: Nmap -sP <target>
Example: Nmap -sP 192.168.2.1/24
4. Saving the Nmap Scan Output to a File
Security tool Nmap has become a crucial tool in the cyber security field. And Nmap allows its users to export or save scan results into the text file or XML.
Command: nmap -oN output.txt example.com (This command will export Nmap scan into a text file)
Command: nmap -oX output.xml example.com (This command will save the output of Nmap scanning in XML)
5. Most Popular Ports Scanning
In order to apply this command you have to use the “–top-ports” option with a specific numeric value. This option gives you the ability to scan top ports. However, in Nmap, you also have the option to select the number of top ports to scan. This command allows users to get better and faster results.
Command: nmap –top-ports <numeric value> <IP address/Domain>
Example: nmap –top-ports 15 196.134.5.67
6. Display Open Ports
Finding open ports (target ports that respond to UDP/TCP/SCTP requests) can be the first step to protecting and hacking any network. And if you only want to find ports you can connect to, then this command can be really useful to you.
Command: nmap — open<IP address/domain name>
Example: nmap — open 198.152.45.33
7. Exclude Host/ IP Addresses for the Scan
If you want to exclude hosts/ IP address/ network, Nmap provides you with a specific command for this purpose. As the name suggests this command excludes a single target/list of the target from the scan.
Command: nmap <range of IP address> — exclude<IP address to exclude>
Example: nmap 172.16.121.1/24 — exclude 172.16.121.10
8. Service Version Detection
Nmap has a database of more than 2000 services and associated ports for example– SSH(port 22) and HTTP (port 80). So while doing network inventories if you want to know which versions are running, you can use the Nmap version detection (-sV) command. Knowing the exact version number can be really helpful while finding which exploits your server is vulnerable to.
Command: nmap -sV<IP>
Example: nmap -sV 168.121.34.56
