Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- If you need to scan your network, nmap is the tool to use.
- Nmap can be installed on any Linux distribution.
- Nmap has many very useful commands.
The nmap command (short for Network Mapper) is a network exploration/security auditing tool that can rapidly scan a network to help you find out which hosts are available. With nmap, you can discover open ports and services, and even find out what operating systems are on your network.
I’ve used nmap to find out what machines are on the network and what ports/services are open. If I find a port that shouldn’t be open, I can close it to avoid security issues.
Also: 5 Reasons You Should Leave Windows for Linux Today
In other words, Nmap is an essential tool for those who are serious about their network security.
The thing is that nmap can VeryIn fact, if you read the manual page (man nmap), you will probably get confused and frightened. This is unfortunate, because nmap can be very useful.
To avoid confusion and fear, I will demonstrate some of the more useful things you can do with nmap. Without further ado, open your Terminal app and get ready to scan.
installing nmap
If nmap is not already installed on your Linux distribution, this is actually quite easy to do. This way:
- Ubuntu/Debian-based distributions: sudo apt-get install nmap -y
- Fedora-based distributions: sudo dnf install nmap -y
- Arc-Based Distribution: sudo pacman -s nmap
1. Search for Operating System
This is one of the functions I use most often with nmap because I regularly need to find out which OS is associated with which IP address. Like many nmap commands, it can be run on a single address or a range of addresses. The command for OS discovery on a single IP address will look something like this:
nmap -a 192.168.1.176
Near the bottom of the results, you should find a line that looks like this:
Service Information: OS: Linux; cpe:cpe:/o:linux:linux_kernel
Now, you know which OS is associated with that IP address.
If you want to scan a range of addresses to find out which OS is associated with each host on your network, the command would look something like this:
nmap-a 192.168.1.0/24
Keep in mind that scanning the entire port range can take a long time (depending on the number of machines connected to your LAN).
2. List open ports
Sometimes you just need to know which ports are open on your network. You may find that there are machines with open ports that should not be open. If that’s the case, you’ll definitely want to turn them off (or risk security breaches). The thing about ports is that there are a lot of them (about 65,536). Many of those ports are not used regularly, but you never know, which is why it is important to run a scan of the ports on your LAN to see what is there.
Too: Best Linux Distros for Beginners
To run a port scan on a single host with nmap, the command would look something like this:
nmap -p0-65535 192.168.1.176
To run a port scan on your entire LAN, the command would look something like this:
nmap -p 0-65535 192.168.1.0/24
You can also scan for a single port. For example, let’s say you want to see if a host on your network has an open SMTP port. That scan will be:
nmap -p 25 192.168.1.0/24
3. Scan the entire network
If you want to run a general scan of your entire network, you can use nmap like this:
nmap 192.168.1.*
You can add more output with the verbose flag, like this:
nmap -v 192.168.1.*
Since the above orders are omnichannel, they may take a long time to complete.
3. Scan multiple machines (but not the entire network)
Let’s say you want to scan open ports on machines 192.168.1.11, 192.168.1.12, 192.168.1.13, and 192.168.1.14. Instead of typing the full address for each, you can use only the last octet, like this:
nmap -p0-65535 192.168.1.11,12,13,14
You can also scan these types of address ranges:
nmap -p0-65535 192.168.1.11-14
4. Locate the Firewall
You may need to find out if a host has a firewall running. Naturally, if you find a host whose firewall is disabled, you should make sure to enable it immediately.
Too: Linux desktop frozen? My 5 Tips Worth Trying – Before Forcing a Hard Reboot
Using nmap to find firewalls is a little trickier than other commands, because you’ll not only be using multiple options, but will also send the output to a file (for easier viewing). The command will look something like this:
sudo nmap -sF -g 25 -oN fw.txt 192.168.1.11
Although nmap sends the output to the terminal, it also saves it to a file (in the above case, fw.txt). If you see “Filtered” in the output, the firewall is up and running. If you see “Ignored states”, it means the firewall is disabled.
5. Find a ‘Live’ Host
You’ll probably also want to identify which hosts on your LAN are currently online and responsive (rather than hibernating and/or offline). Running this scan will look like this:
nmap -sp 192.168.1.0/24
If you see “Host is on,” you know the machine is on.
Those are the five nmap commands I run regularly. Given how much work nmap can do, I highly recommend that you read the nmap man page (man nmap) to find out everything else the command has to offer.
Get our top stories delivered to your inbox every morning Tech Today Newsletter,
