$linuxjunkies
>

nmap(1)

nmap is a network mapper that scans hosts and ports to discover network topology, open services, and potential security weaknesses.

UbuntuDebianFedoraArch

Synopsis

nmap [SCAN TYPE] [OPTIONS] [TARGET]

Description

nmap is a powerful open-source tool for network discovery and security auditing. It sends specially crafted packets to target hosts and analyzes responses to map network topology, identify active hosts, detect open ports, and fingerprint services and operating systems.

Common use cases include network inventory, service version detection, vulnerability assessment, and security testing. nmap supports numerous scan types (SYN, UDP, FIN, etc.), output formats, and scripting capabilities through the Nmap Scripting Engine (NSE).

Common options

FlagWhat it does
-p PORT(S)Specify ports to scan (e.g., -p 22,80,443 or -p 1-65535 for all ports)
-sSTCP SYN scan (stealth scan; half-open connections, requires root)
-sTTCP connect scan (complete connections; works without root)
-sUUDP port scan (slower; identifies UDP services)
-OEnable OS detection (fingerprints target operating system)
-sVService version detection (probes open ports to identify software versions)
-AAggressive scan (OS detection, version detection, script scanning, traceroute)
-v / -vvVerbose output (shows detailed information; -vv for extra verbosity)
-oN FILESave results in normal format to file
-oX FILESave results in XML format to file
-PnSkip ping; treat hosts as online (useful when ping is blocked)
-T4Set timing template (T0-T5; T4 is aggressive, T1 is sneaky)

Examples

Scan specific ports (SSH, HTTP, HTTPS) on a single host

nmap -p 22,80,443 192.168.1.100

Perform a SYN scan of the first 1000 ports on an entire subnet

nmap -sS -p 1-1000 192.168.1.0/24

Scan all TCP ports and detect service versions on a domain name

nmap -sV -p 1-65535 example.com

Aggressive scan (OS + version + scripts) on a host, skip ping, save as XML

nmap -A -Pn -oX results.xml 192.168.1.50

UDP scan for DNS, NTP, and SNMP services

nmap -sU -p 53,123,161 192.168.1.1

Run NSE script to grab HTTP titles from web servers on a subnet

nmap --script http-title -p 80,443 192.168.1.0/24

Scan the 20 most common ports across a large network

nmap -Pn -sS --top-ports 20 10.0.0.0/8

Scan all ports and only display open ports on a target

nmap -p- --open 192.168.1.100

Related commands

masscanncnetstatss
← All commands