User Tools

Site Tools


network_nmap

If you want to send us your comments, please do so. Thanks
More on comments


nmap

Based on nmap 6.00 The reference guide can be found at the nmap reference guide page

GeoIP databases

Used Options

Run

nmap

to see a list with the most common options. For the up to date list of the latest nmap version see the nmap.usage.txt file
More information can be found in the manpage

man nmap

Runtime options

dIncrease debugging levelHandy during portscan to see which ports are being scanned
DDecrease debugging level
vIncrease verbosity
VDecrease verbosity
pTurn on packet tracing
PTurn off packet tracing
?Print out a status messageValid for any other key. ? is just an example (and meaning every single character)
OptionFunctionRemark
-dxDebugging / verbosity levelx 0-9. If -v (verbose) is not enough. The higher the number the more output
-AAggressive scan optionsPresently this enables OS detection (-O), version scanning (-sV), script scanning (-sC) and traceroute (--traceroute).. More features may be added in the future
-nNo DNS resolution
-OEnable OS detection
-O -vNow it gets visible if a forged TCP connection attack is possible
-pOnly scan specified ports / port rangesExamples: -p 1,2,3,4,5 -p 0-65535
-PnNo pingSkips host up discovery. Scans with the requested scanning functions against every target IP address specified
-PYSCTP INIT PingSCTP: Stream Control Transmission Protocol. There can be no space between -PY and the port list. Example: -PY22,80,179,5060
-sFFIN scan. Sets just the TCP FIN bitTo close a TCP connection the FIN and ACK bits have to be set
-sLLists each host on the network(s)
-snNo port scanList the hosts that respond to the scan
-sNNull scanDoes not set any bits (TCP flag header is 0)
-sOIP protocol scanDetermine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines. It cycles through IP protocol numbers rather than TCP or UDP port numbers
-sSTCP SYN scanPerforms quick scanning of thousands of ports per second on a fast network not hampered by restrictive firewalls
-sTTCP connect scanThe default TCP scan type when SYN scan is not an option
-T4Set a timing template, the scan agressiveness. -T[0-5]Or with words -T paranoid (= -T0), sneaky (= -T1), polite (= -T2), normal (= -T3), aggressive (= -T4), insane (= -T5)
--tracerouteTracerouteCan omit some hosts compared to the traceroute command (which can omit hosts after a certain point)
--scan-delay 2Take action every 2 seconds
--stats-every 2Show an update on the progress every 2 secondsHitting the spacebar also gives an progress update

Command examples

Output example

Nmap scan report for 192.168.1.102
Host is up (0.0072s latency).
Not shown: 997 closed ports
PORT   STATE SERVICE
21/tcp open  ftp
22/tcp open  ssh
80/tcp open  http
MAC Address: TheMACaddress (The name of the manufacturer of the equipment. If not available: Unknown)


CommandFunctionRemark
nmap 192.168.1.102Scan IP adress 192.168.1.102It is not clear to us which implicit options are used
nmap 192.168.1.100 192.168.1.101 192.168.1.102Scan the given IP addresses
nmap 192.168.1.100-102Scan the 192.168.1.10[0-2] IP addresses. This is the same as the previous example
nmap 192.168.1.0/24Scan the 192.168.1.[0-255] network
nmap -A -T4 192.168.1.10
nmap -A -T4 192.168.1.0/24
nmap -n -p 1080 192.168.1.0
nmap -n -p1-65535 192.168.1.0
nmap -n -Pn -p 22 192.168.1.0
nmap -O 192.168.1.10
nmap -v -PE 192.168.0.0/24Ping scan with extra information about fonund hosts
nmap -PY 192.168.1.10
nmap -PY22,23 192.168.1.10
nmap -sF -p 22 -O 192.168.1.0-255
nmap -sF -p22 -O 192.168.1.0-255
nmap -sL 192.168.1.0/24
nmap -sL 192.168.1.10
nmap -sL -O 192.168.1.0-255
nmap -sL -p 22 192.168.1.0-255
nmap -sL -sN -O 192.168.1.0-255
nmap -sn 192.168.1.0/24
nmap -sN 192.168.1.0/24
nmap -sn 192.168.1.0/28
nmap -sN 192.168.1.0/28
nmap -sn -O 192.168.1.0-255
nmap -sn -O -p 22 192.168.1.0-255
nmap -sn -v 192.168.1.0/24 grep -v down
nmap -v -sn 192.168.0.0/27 | grep -v "host down" | grep "scan report"Shows al list of hosts that are probably up
nmap -sO -p22 192.168.1.0-255
nmap -sO -p22 -O 192.168.1.0-255
nmap -sO -v 192.168.1.0/24
nmap -sS 192.168.1.0/2
nmap -sS 192.168.1.0/24
nmap -sS 192.168.1.0-255
nmap -sS -O 192.168.1.0/24
nmap -sS -O -v 192.168.1.0/24
nmap -sS -p 1-65535 192.168.1.0/24
nmap -sS -v 192.168.1.0/24
nmap -sT -Pn 192.168.1.0-255
nmap -sT -Pn -O 192.168.1.0-255
nmap -v --stats-every 10s -Pn -sT -p 0-65535 192.168.1.1Scan all ports on IP address 192.168.1.1 and show the status of the scan every 10 seconds
nmap -v –stats-every 30s -sS -p 0-65535 192.168.1.1Scan all ports on IP address 192.168.1.1 and show the status of the scan every 10 seconds
nmap --scan-delay 0.5 -vv --stats-every 10s -Pn -sT -p 15000-65535 xxx.xxx.xxx.xxxProbe every 0,5 seconds, very verbose, stats every 10 seconds, skip host discovery, TCP connect scan (use -sS if posible) Scan given ports on given IPnumber
nmap -sL -vv --stats-every 1s 192.168.0.0/24Check out which hosts are on the networkThis is fast
nmap -v -PR -sn 192.168.1.0/24 grep -v “host down” grep 'MAC Address:\

Alternative and fast portscanner using parallel and some nice output coloring (syntax)


Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy

RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2021 Webevaluation.nl and the authors
Changes reserved.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
network_nmap.txt · Last modified: 14-09-2021 22:36 by wim