Role of Nmap in Network


What is Nmap?

Nmap is an open source network mapper that can be used over windows and Linux, Mac platform. This is a freely available tool, which is used for exploring the overall network, network audits, perform security scans and moreover for finding open ports of machine. Nmap scans live hosts of network, operating system running, packet filter and open ports of machine. Nmap has its own unique scripting engine which handles all the vulnerability and exploitations scans popularly known as NSE (Nmap Scripting Engine). Now, one can write their own scrips and run that scripts against the target host.

How to download Nmap?

One can use following links for downloading Nmap for different platform such as Windows, Linux, Mac.

Why use Nmap?

Nmap uses raw packets of the network in order to determine how many hosts are available on the network and what type of services (with application version and name, operating system) those hosts are offering. This tool is found very useful by many system administrators for various tasks such as network inventory, monitoring of host, managing service upgrade and service uptime. Nmap is used by Penetration tester, security auditors and many others for vulnerability scanning in their own system as well as in the target system. This tool is capable of scanning vulnerabilities in Server, Networks, websites and router etc. Now, lest is discuss how to use Nmap in a Linux system.

How to use Nmap in Linux

Today, most of Linux distribution operating system such as CentOS, Debian, Red Hat, Ubuntu have already included Nmap utility by default package management repositories called “apt” and “Yum”. Both yum and apt are used for installation and managing software updates and packages. In order to install Nmap in Debian based system one has to use the command “sudo apt-get install nmap” and for installing in Red Hat based system one has to use command “yum install nmap”.

  1.  Nmap tool provides various options for scanning a system. Now, I am performing a system scan using hostname in order to find out open ports, services and MAC address of the system.

Firstly, we will scan using hostname of system as shown below.


Now, we will scan system using IP address.



2.In order to get more details about the system one can use the “-v” option with nmap command as shown below.



3.For scanning, multiple hosts using single command one can use the following command as shown below. In the result, one can see that result shows that one host is up from two IP addresses.



4.For scanning whole subnet or IP range with Nmap one has to use the following command given in the screenshot. This command will scan all the IP address in the current subnet.



5.Now, we will scan multiple systems using last octet of IP address. In this command we have to simple specify the last number of IP address as shown below.



6.Now, we will scan hosts from a file.

Firstly, create a “.txt” file in the system in which specify IP address, hostname and server address for scanning.


Now, run following command using “iL” which will help in scanning specific file.



7. For scanning IP address Range use following command. User can scan multiple IP address using this command in which he can specify the range which likely to be scanned.


8.Now, we will scan a network excluding Remote Hosts. User can specify particular host which should not be scanned during scanning process using following command.


9.Using Nmap we will detect OS and current version which is running on a system using following command.



10.Enabling OS detection using Nmap.



11.Now, we will scan a host to detect firewall.

This command will help in determining a firewall over the host machine.


12.Scanning a host machine to check whether it is protected by a firewall or not.



13.The following command shows all the Live host running in the network.



14.Performing a fast scan.



15. For scanning ports consecutively.


16. For printing host interfaces and routes.



17. Scanning specific Port



18. Scanning a TCP Port


19.Scanning multiple ports



20.Finding out host services version numbers



21.Scanning host using TCP ACK (PA) and TCP Syn (PS)

Sometimes, firewalls block standard ICMP request, in this case, one can use TCP ACK and TCP Syn technique for scanning host.


22.Scanning host for specific ports using TCP ACK


Scanning host for specific ports using TCP Syn


23.Performing a stealthy Scan


24.2Checking used port with TCP Syn





In the above section, we have discussed what is Nmap and why Nmap is used all over the world. We have also discussed some of the important commands for scanning of the network using Nmap.