Network Scanning using Nmap

Useful nmap commands to help you detect your hosts on the network.


A Simple Scan:
# nmap localhost

Scan a hostname with more info:
# nmap -v localhost

Only show open ports:
# nmap –open

Scan specific ports
# nmap –v -sU -sT -p U:53,111,T:21-25

TCP connect() scan (nmap –sT):
The TCP connect() scan is useful when you do not have root access to a computer.
Its weakness is that it leaves traces in the log files of the remote computer because
it opens TCP session to the remove machine.
# nmap –sT or

TCP SYN scan (nmap –sS):
Does not log files because the TCP connection is never initialized. Needs to run as root.
# nmap –sS or
# nmap –sS –O or

Ping scan (nmap –sP):
This is a very fast scan as it only sends ICMP Echo Requests.
# nmap –sP

UDP scan (nmap –sU):
This scan is the only way to detect UDP open ports.
# nmap –sU

Exclude hosts
You can exclude ips from the hosts…
# nmap –sP –exclude,
# nmap –sP –excludefile ex_ipsfile


Check if host/network is behind a fw
# nmap –sA

Scan if protected by a fw
# nmap –PN
# nmap –PS

Scan for SSL Certs
nmap –script ssl-enum-ciphers -p 443 <host> or subnet

Scaned Cloaked with decoys ( fake ips )
nmap -n -D5.6.7.7, subnet

Show all packets sent and received:
# nmap –packet-trace


Check the version:
# nmap –V

Detect services version numbers
# nmap –sV

Scan a Linux machine Control Scan speeds
nmap –A –T4
-A option enables operating system and version detection
-T4 (0-5) control scan speed to prevent network traffic, lower number lower traffic


Use a text file as input (nmap –iL):
Use a text file input to do a host scan.
# nmap –sU -iL myfile

 Save scan to an XML file and convert to HTML
# nmap -sS -oX file.xml
Download xalan-2.7.0.jar
Convert XML to HTML file
java -jar xalan-2.7.0.jar -IN Desktop/file.xml -OUT Desktop/nmap-output.html

If you are not a fan of command line nmap then you can install a gui version called:



No Comments Yet.

Leave a comment

You must be Logged in to post a comment.