What is Nmap Tool? | How to Use Nmap | Command of Nmap |

Nmap tool (“Network Mapper”) is a free and open source utility for network discovery and security auditing.

Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap tool uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Nmap tool is a wonderful tool that every administrator network should know about. Despite its popularity, Nmap isn’t widely known outside of technically elite circles.

Port Scanning

The packets that Nmap sends out return with IP addresses and a wealth of other data, allowing you to identify all sorts of network attributes, giving you a profile or map of the network and allowing you to create a hardware and software inventory.

Different protocols use different types of packet structures. Nmap employs transport layer protocols including TCP (Transmission Control Protocol), UDP (User Datagram Protocol), and SCTP (Stream Control Transmission Protocol), as well as supporting protocols like ICMP (Internet Control Message Protocol), used to send error messages.

The various protocols serve different purposes and system ports. For example, the low resource overhead of UDP is suited for real-time streaming video, where you sacrifice some lost packets in return for speed, while non-real time streaming videos in YouTube are buffered and use the slower, albeit more reliable TCP.

How To Use Nmap :

There is a wide range of free network monitoring utilities as well as free open-source vulnerability scanners available to network administrators and security auditors. What makes Nmap stand out as the tool IT and network managers need to know is its flexibility and power. While the basis of Nmap’s functionality is port scanning, it allows for a variety of related capabilities including:

• Network Mapping: Nmap can identify the devices on a network (also called host discovery), including servers, routers and switches, and how they’re physically connected.
• OS Detection: Nmap can detect the operating systems running on network devices (also called OS fingerprinting), providing the vendor name, the underlying operating system, the version of the software and even an estimate of devices’ uptime.
• Service Discovery: Nmap can not only identify hosts on the network, but whether they’re acting as mail, web or name servers, and the particular applications and versions of the related software they’re running.
• Security Auditing: Figuring out what versions of operating systems and applications are running on network hosts lets network managers determine their vulnerability to specific flaws. If a network admin receives an alert about a vulnerability in a particular version of an application, for example, she can scan her network to identify whether that software version is running on the network and take steps to patch or update the relevant hosts. Scripts can also automate tasks such as detecting specific vulnerabilities.

Nmap Cheatsheat:-

Basic Scanning

Scan a Single Target :- nmap [ target]
Scan Multiple Targets :- nmap [target1, target2, etc]
Scan a List of Targets :- nmap -iL [list.txt]
Scan a Range of Hosts :- nmap [range of ip addresses]
Scan an Entire Subnet :- nmap [ip address/cdir]
Scan Random Hosts :- nmap -iR [number]
Excluding Targets from a Scan :- nmap [targets] -exclude [targets]
Excluding Targets Using a List :- nmap [targets] -excludefile [list.txt]
Perform an Aggressive Scan :- nmap -A [target]
Scan an IPv6 Target :- nmap -6 [target]

Discovery Options

Perform a Ping Only Scan :- nmap -sP [target]
Don’t Ping :- nmap -PN [target]
TCP SYN Ping :- nmap -PS [target]
TCP ACK Ping :- nmap -PA [target]
UDP Ping :- nmap -PU [target]
SCTP INIT Ping :- nmap -PY [target]
ICMP Echo Ping :- nmap -PE [target]
ICMP Timestamp Ping :- nmap -PP [target]
ICMP Address Mask Ping :- nmap -PM [target]
IP Protocol Ping :- nmap -PO [target]
ARP Ping ;- nmap -PR [target]
Traceroute :- nmap -traceroute [target]
Force Reverse DNS Resolution :- nmap -R [target]
Disable Reverse DNS Resolution :- nmap -n [target]
Alternative DNS Lookup :- nmap -system-dns [target]
Manually Specify DNS Server(s) :- nmap -dns-servers [servers] [target]
Create a Host List :- nmap -sL [targets]

Advance Scanning

TCP SYN Scan :- nmap -sS [target]
TCP Connect Scan :- nmap -sT [target]
UDP Scan :- nmap -sU [target]
TCP NULL Scan :- nmap -sN [target]
TCP FIN Scan :- nmap -sF [target]
Xmas Scan :- nmap -sX [target]
TCP ACK Scan :- nmap -sA [target]
Custom TCP Scan :- nmap -scanflags [flags] [target]
IP Protocol Scan :- nmap -sO [target]
Send Raw Ethernet Packets :- nmap -send-eth [target]
Send IP Packets :- nmap -send-ip [target]

Port Scanning

Perform a Fast Scan :- nmap -F [target]
Scan Specific Ports :- nmap -p [ports] [target]
Scan Ports by Name :- nmap -p [port name] [target]
Scan Ports by Protocol :- nmap -sU -sT -p U:[port] T:[port] [target]

Version Detection

Operating System Detection :- nmap -O [target]
Attempt to Guess an Unknown :- nmap -o -osscan-guess [target]
Service Version Detection :- nmap -sV [target]
Troubleshooting Version Scans :- nmap -sV -version-trace [target]
Perform a RPC Scan :- nmap -sR [target]

If you got any problem or need some more information you can comment below we will help you soon. To learn more about Hacking you can check more.

Originally published at https://exploitbyte.com on March 24, 2020.