One of the first and most adaptable networking tools is Nmap – Basic Commands for Linux Network. Nmap is used by network administrators to find, examine, and map networks in a variety of scenarios. The command-line tool’s wealth of features is essential for security and troubleshooting.
This article defines Nmap – Basic Commands for Linux Network and lists 17 fundamental Linux commands.
What is Nmap?
An open-source Linux program for network and security audits is called Nmap (Nmap – Basic Commands for Linux Network). Network administrators can view hosts and services on multiple platforms using the application.
Both locally and remotely, Nmap functions. Common applications include checking for open ports, identifying network vulnerabilities, network mapping, and maintenance. The tool is useful from both a networking and security perspective.
Commands for Nmap for Linux Networking
Depending on the circumstance, there are a variety of parameters and use cases available for the nmap command. The most popular and practical nmap commands for Linux are listed below with examples.
1: Using Nmap to Check for Open Ports
Nmap commands can employ server names, IPV4 addresses, or IPV6 addresses to scan hosts. A simple Nmap command will reveal details about the specified host.
As stated above, Nmap displays open services and ports on the specified host or hosts in the absence of any flags.
Nmap is able to show open services and ports by both IP address and domain name.
nmap -F 192.168.0.1
The -F flag can be used to swiftly complete a scan. The Nmap-services files’ ports are listed using the -F flag. The -F “Fast Scan” flag is less thorough because fewer ports are scanned.
2: Check Several Hosts
Instead of scanning a single host at a time, Nmap can scan many sites simultaneously. This is advantageous for larger network architectures. Depending on how many sites you need to scan at once, there are a variety of methods you can use.
To scan several hosts simultaneously, add numerous domains or IP addresses in a row.
nmap 192.168.0.1 192.168.0.2 192.168.0.3
To quickly scan a whole subnet, use the wildcard *.
nmap 192.168.0. *
Instead of entering out the complete IP address, separate the several address endings using commas.
To scan a range of IP addresses, use a hyphen.
3: Leaving Hosts Out of the Search
You might want to choose an entire group (such as a whole subnet) while omitting a single host when scanning a network.
168.0. * nmap 192.168.0.2 —exclude
The -exclude switch lets you exclude specific hosts from your search.
/file.txt nmap 192.168.0. * —exclude file
Using the -exclude flag and a specified file, you may also exclude a list of hosts from your search. The simplest way to eliminate several hosts from your search is to do it in this manner.
4: Find OS Information via Scanning
Nmap can provide general information as well as the operating system, script, traceroute, and version detection. It’s crucial to remember that, despite Nmap’s best efforts, its ability to detect elements like OS systems and versions may not always be perfect.
To learn the operating system details of the hosts that are mapped, add the -A flag to your Nmap command.
nmap -A 192.168.0.1
Other Nmap commands may be used in conjunction with the -A flag.
You can learn more about the mapped hosts’ operating systems by running Nmap with the -O switch. OS detection is enabled with the -O flag.
nmap -O 192.168.0.1
-osscan-limit and -osscan-guess are additional tags.
The command -osscan-limit will only attempt to predict simple operating system targets. The -osscan-guess command will guess operating systems more aggressively. Once more, operating systems are identified based on specific hallmarks; nevertheless, the accuracy of the information cannot be guaranteed.
5: Check for Firewall Configurations
During penetration tests and vulnerability scans, detecting firewall configurations might be helpful. The -sA flag is the most often used of several functions that may be used to find firewall configurations on the supplied hosts.
the address 192.168.0.1
You can determine whether a firewall is running on the host by using the -sA parameter. To obtain the data, this employs an ACK scan.
6: Discover Details Regarding Service Versions
You might occasionally need to gather service and version data from open ports. This can be used for troubleshooting, vulnerability detection, or finding out which services require updates.
168.0.1 nmap -sV
You’ll get the information you need about the services offered by the specified host from this.
The —version-intensity level option lets you choose the level of this search’s intensity, which ranges from 0 to 9. If the scan’s results are not what you would normally expect, you may also use —version-trace to provide more specific details about the scan.
7: Check for ports
One of the fundamental tools that Nmap provides is port scanning, thus there are a few different methods to personalize this command.
You can search for details about a particular port on a host by using the -p flag and port.
nmap -p 443 192.168.0.1
You can search for details about a certain sort of connection by putting a type of port before the port itself.
168.0.1:8888,443 nmap –p
With the -p parameter, you can search for several ports by separating each one with a comma.
nmap -p 80,443 192.168.0.1
By indicating a range with a hyphen, you can use the -p flag to scan for multiple ports as well.
nmap -p 80-443 192.168.0.1
The parameter -r can be added to the command to scan ports sequentially rather than randomly. To find the most popular ports up to that number, you may alternatively use the command —top-ports followed by a number.
8: Conduct a Stealth Mode Scan.
Use the Nmap command below to perform a stealthy scan if necessary:
168.0.1 with nmap -sS
A TCP SYN stealth scan will start when the -sS flag is used. Other Nmap command types may be used in conjunction with the -sS parameter. This type of scan is slower than other options, and it might not be as aggressive.
9: Recognize hostnames
Nmap can be used to implement host discovery in a few different ways. The most typical of these is via -sL. For example
nmap -sL 192.168.0.1
By performing a DNS query for each hostname, the -sL flag will locate the hostnames for the specified host. Additionally, DNS resolution can be skipped with the -n option and always resolved with the -R flag. Using the -Pn switch will completely omit host discovery; otherwise, hosts will be assumed to be online.
10: Scan from a File
You can directly import a file using the command line if you need to scan a big list of addresses.
/file.txt nmap -iL
The supplied IP addresses will be scanned as a result of this. You can add more commands and flags in addition to scanning those IP addresses. If there is a collection of hosts that you often need to reference.
11: Use Verbose to Gather More Information
You typically get a lot more information about a command from a verbose output. This output is sometimes superfluous. However, you can set the provided command to verbose mode if you’re troubleshooting a particularly complex issue or you want more details.
nmap -v 192.168.0.1
The -v flag will reveal more details about an accomplished scan. Most commands can have it added to provide additional information. Without the -v flag, Nmap often just returns the most important data.
12: Detect IPv6 Addresses
Nmap supports IPv6, which is becoming more widespread, in the same way as it supports domains and earlier IP addresses. Any of the Nmap commands available supports IPv6.
However, a flag is necessary to inform Nmap that an IPv6 address is being referenced.
nmap -6: ffff:c0a8:1
If you want to use IPv6 for more difficult Nmap operations, combine the -6 option with other flags.
13: Check the Active Servers List
Pinging active machines is one of Nmap’s most basic capabilities. The -sP command can be used to find machines, check that they are responding, or find unanticipated machines on a network.
A list of the computers that are active and available will be generated by the -sP command.
14: Find Host Interfaces, Routes, and Packets versions
Locating host interfaces, print interfaces, and routes for debugging may be required.
Use the —iflist command to accomplish this.
The relevant interfaces and routes will be listed using the —list command.
A similar value for debugging is offered by —packet trace, which will display packets sent and received.
15: Rapid and aggressive scans
You might occasionally need to scan more aggressively or just quickly. The timing mechanisms can be used to control this. Timing governs the speed and depth of the scan in Nmap.
nmap -T5 192.168.0.1
Although an aggressive scan will be quicker, it may also be more disruptive and erroneous. T1, T2, T3, and T4 scans are among the alternatives. T3 and T4 timings are sufficient for the majority of scans.
16: Seek Assistance
Use a tag to acquire context-based information if you have any questions regarding Nmap or any of the provided commands.
The -h tag will display the Nmap command help screen, which includes details on the possible flags.
17: While Scanning, create decoys
In order to trick firewalls, decoys can also be made using Nmap. Although decoys can be used for evil, they are typically utilized for debugging.
nmap -D 192.168.0.1,192.168.0.2, ...
When using the -D command, you have the option of adding a list of dummy addresses after the command. These decoy addresses will likewise appear to be scanning the network in order to conceal the true scan that is taking place.
Similar to how —spoof-mac may be used to spoof a Nmap MAC address, the command -S can be used to spoof a source address.
You may quickly get information about ports, routes, and firewalls by using the appropriate Nmap for Linux Networking. A system administrator can investigate Nmap’s many settings and flags. Along with the ability to launch decoys, run in cloaked mode, and aggressively and quickly scan for potential vulnerabilities.
- How To Use Mkdir Command To Make Or Create A Linux Directory?
- Create Symbolic Links In Linux: A Step-By-Step Guide
- Different Between Linux Server Vs Windows Server: Which One Is Right For You?
- How To Change File Permissions Recursively With Chmod In Linux?