nmap scanning

4 min readJan 1, 2021

why should i use nmap?

Nmap (“Network Mapper”) is a free and open source utility for network exploration and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

nmap functionalities:

•Host discovery

•Port scanning

•Operating system detection

•Version detection

•Vulnerability detection

Malware detection
Exploitation

nmap basic commands:

“--help” or sometimes its “-h”, this flag drops out every possible option that a tool can do for us.

nmap -h

nice it is very helpful it tells what command should we use and when, so lets follow it…

how to scan ip address or domain names present in a file?

Passing a huge list of hosts is often awkward on the command line, yet it is a common need.

nmap -iL <file name>

how to scan random ip address?

For Internet-wide surveys and other research, you may want to choose targets at random. This is done with the -iR option, which takes as an argument the number of IPs to generate. Nmap automatically skips certain undesirable IPs, such as those in private, multicast, or unallocated address ranges. The argument 0 can be specified for a never-ending scan.

nmap -iR <number of ip to scan>

how to ping using nmap?

nmap -sn <target>

TCP Connect (-sT) :

Connect scan uses the system call of the same name to scan machines, rather than relying on raw packets as most of the other methods do. It is usually used by unprivileged Unix users and against IPv6 targets because SYN scan doesn’t work in those cases.

SYN stealth scan:

This is far and away the most popular scan type because it the fastest way to scan ports of the most popular protocol (TCP). It is stealthier than connect scan, and it works against all functional TCP stacks

nmap -sS -Pn <target>

TCPACK(-sA):

ACK scan is commonly used to map out firewall rulesets. In particular, it helps understand whether firewall rules are stateful or not. The downside is that it cannot distinguish open from closed ports.