Signup/Sign In

How To Use nmap Command In Linux

Nmap is a network exploration and security auditing command-line program for Linux. Hackers and cybersecurity specialists, as well as network and system administrators, often utilize this program. It serves the following functions:

  • Network information in real-time
  • All of the active IPs on your network are listed in detail.
  • The number of open ports in a network
  • provide a list of live hosts.
  • Scanning of ports, operating systems, and hosts

Nmap Command Installation

When it comes to Debian/Ubuntu,

apt-get install Nmap sudo

When it comes to CentOS/RedHat,

install Nmap with yum

Using Nmap Command

1. To scan a system using the Hostname and IP address Scan using Hostname first.


Let's do a scan using IP addresses now.

172.217.27.174 map

The Nmap command may be used to scan a system in various ways. We're going to run a scan using the hostname and the IP address "172.217.27.174" to see any open ports, services, or MAC addresses on the system.

2. Scan using the "-v" option.


It's utilized to find out more about the remote machines in detail.

3. Scanning of several hosts

nmap 103.76.228.244 157.240.198.35 172.217.27.174 

Using Nmap, we may scan many hosts by entering IP addresses or hostnames.

4. Scanning the whole subnet

103.76.228.* nmap

Bypassing "*" to nmap, we may scan a complete subnet or IP range. It will scan an entire subnet and report on the hosts currently connected to the network.

5. Scan for firewall configurations.

nmap -sA 103.76.228.244 sudo

During penetration testing and vulnerability scanning, detecting firewall settings might be valuable. We utilize the "-sA" option to detect it. This will tell you whether or not the firewall on the host is active. The information is received via an ACK scan.

6. Identifying Hostnames

nmap -sL 103.76.228.244 sudo

We utilize the "sL" option to locate hostnames for the provided host by performing a DNS query for each Hostname. Furthermore, the "-n" option may be used to omit DNS resolution, but the "-R" command will always resolve DNS.

7. Scanning from a file

input.txt Nmap -iL

We may import a file straight from the command line if we have many addresses to scan. It will do a scan for the IP addresses specified.

8. To seek assistance

Nmap -h 

If we have any queries concerning nmap or any of the commands, we utilize the "-h" option. It displays the Nmap command's help section, including information on the possible flags.

9. Using -A

Here, -A stands for aggressive, and it will supply us with additional information such as OS detection (-O), version detection (-sC), and traceroute (–traceroute), as well as a wealth of information about the host.

Nmap -A<Domain Name>

10. Finding Host

We can also use this command to find our target hosting service or choose other marks based on our requirements for quickly tracing the path.

Nmap —trace out <Domain Name>

11. Operating System

It will show the operating system that is running where the domain or IP address is, but not the same operating system installed on the computer. It will only show the possibility of an operating system being installed on the computer. This will guess the host's current operating system (OS).