Network Mapper: nmap

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing.

SYNOPSIS
       nmap [Scan Type...] [Options] {target specification}


let's consider that we want to know which operating system is running on a remote computer system. To do this, use following command-

#nmap -O remote_system_ip

Remote OS detection
nmap uses TCP/IP Stack fingerprinting  to detect remote OS. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. Nmap compares the results to its nmap-os-db.


To scan range of IP address

#nmap 192.168.10.0/24       scan  192.168.10.0 to 192.168.10.255
or
#nmap 192.168.10.0-255
or
nmap 192.168.10-14.0-23

Only Ping scan -sP (Skip port scan)

This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts

#nmap -sP 192.168.6.24

Don’t ping -PN (No ping)

 If we use this option, nmap simply won’t send any ICMP echo requests to the target.

#nmap -PN 192.168.6.24

ARP Ping scan

#nmap -PR 192.168.6.24

This –PR option will start to execute an ARP (Address Resolution Protocol) ping scan on the specified target host.

All Ports Scan

The -p option along with a  “*” is used to scan all the TCP/IP ports (which are 65,535 in number) on the target host.

#nmap -p “*” 10.10.6.204

Select TCP or UDP protocol

Finally, using option -p we may also select some ports to scan depending upon which protocol they use- either TCP or UDP.

#nmap -p T:100-1000 10.10.6.204

#nmap -p U:100-1000 10.10.6.204
In examples a port range with (T), that implies TCP only, is specified. We can also mention U in case we want to scan UDP ports.

Service version detection

The -sV option is used to determine version of different services running on a host.

#nmap -sV localhost