DEV Community

Shakhzhakhan Maxudbek
Shakhzhakhan Maxudbek

Posted on • Edited on • Originally published at args.tech

Working with Network Mapper (NMAP) in Linux

Network Mapper or NMAP is powerful open source network scanner, which may scan network hosts, subnets and ports. NMAP may be used as CLI tool or with GUI (Zenmap). Today we show how it works in command line interface.

How to install in Debian-like systems:

sudo apt install nmap -y
Enter fullscreen mode Exit fullscreen mode

After installation complete, check with nmap --help command:

user@localhost:~$ nmap --help
Nmap 7.93 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
...
Enter fullscreen mode Exit fullscreen mode

Host scanning. In case you want to scan one network node just give it's IP address or domain name to NMAP:

nmap 192.168.8.198
Enter fullscreen mode Exit fullscreen mode

Result:

user@localhost:~$ nmap 192.168.8.198
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:15 +05
Nmap scan report for 192.168.8.198
Host is up (0.00015s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
Enter fullscreen mode Exit fullscreen mode

Here we see opened and listen 80 port.

For getting more information about target try agressive scan using -A key:

nmap -A example.com
Enter fullscreen mode Exit fullscreen mode

Result:

user@localhost:~$ nmap -A example.com
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:17 +05
Nmap scan report for example.com (93.184.215.14)
Host is up (0.24s latency).
Other addresses for example.com (not scanned): 2606:2800:21f:cb07:6820:80da:af6b:8b2c
Not shown: 996 filtered tcp ports (no-response)
PORT     STATE  SERVICE   VERSION
80/tcp   open   http      ECAcc (dcd/7D26)
|_http-title: Example Domain
| fingerprint-strings:
|   GetRequest:
|     HTTP/1.0 404 Not Found
|     Content-Type: text/html
|     Date: Sun, 15 Dec 2024 14:18:07 GMT
|     Server: ECAcc (dcd/7D26)
|     Content-Length: 345
|     Connection: close
|     <?xml version="1.0" encoding="iso-8859-1"?>
|     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|     <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
...
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 93.92 seconds
Enter fullscreen mode Exit fullscreen mode

Lets try with disabled ping-requests. -Pn key disable ping requests, for example if you want pass firewall unnoticed:

nmap -A -Pn 192.168.8.180
Enter fullscreen mode Exit fullscreen mode

Result:

user@localhost:~$ nmap -A -Pn 192.168.8.180
Starting Nmap 7.93 ( https://nmap.org ) at 2024-12-15 19:21 +05
Nmap scan report for 192.168.8.180
Host is up (0.0086s latency).
Not shown: 980 closed tcp ports (conn-refused)
PORT     STATE    SERVICE          VERSION
21/tcp   filtered ftp
23/tcp   filtered telnet
80/tcp   filtered http
110/tcp  filtered pop3
113/tcp  filtered ident
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
143/tcp  filtered imap
199/tcp  filtered smux
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
554/tcp  filtered rtsp
995/tcp  filtered pop3s
1025/tcp filtered NFS-or-IIS
2638/tcp filtered sybase
3306/tcp filtered mysql
3389/tcp filtered ms-wbt-server
5900/tcp filtered vnc
8888/tcp filtered sun-answerbook
9011/tcp filtered d-star

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.64 seconds
Enter fullscreen mode Exit fullscreen mode

Scan entire subnet. This command return scan results from 192.168.8.1 to 192.168.8.255:

nmap 192.168.8.0/24
Enter fullscreen mode Exit fullscreen mode

Finding MAC addresses of connected devices:

sudo nmap -sP 192.168.8.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort
Enter fullscreen mode Exit fullscreen mode

Result:

user@localhost:~$ sudo nmap -sP 192.168.8.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort
192.168.8.198 => XX:XX:XX:XX:XX:XX
192.168.8.150 => XX:XX:XX:XX:XX:XX
192.168.8.8 => XX:XX:XX:XX:XX:XX
Enter fullscreen mode Exit fullscreen mode

These methods may be used for operation system or firmware version detection:

sudo nmap -v -Pn -O 192.168.8.110
sudo nmap -vv -O 192.168.8.110
sudo nmap -T4 -A 192.168.8.110
sudo nmap -sV 192.168.8.110
Enter fullscreen mode Exit fullscreen mode

Are my posts is helpful? You may support me on Patreon.

Top comments (0)