Mastering Nmap: Essential Network Scanning and Security for Linux

Nmap is a scanning tool.

As one It can help us determine what hosts is available on specific network, what services are open, what programs run on each port and OS systems of clients.

It used for security and administrations purposes. 

Scan example

Under the “PORT” heading, next to the port number, NMAP tells us whether it is TCP or UDP port. Notice that by default, NMAP will conduct a TCP scan unless you specifically requeste to perform a UDP scan by adding -sU to the command.

Under the “STATE” heading we can learn if the port status. In this example all of the ports are open. sometimes we will see other states:

NMAP States

•  Closed: A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it
• Filtered: Nmap cannot determine whether the port is open because packet filtering prevent reaching the port. It can happen, for example, if there is a firewall rule that blocks the connection.
• Unfiltered:  a port is accessible, but it is not possible to determine whether it is open or closed.
• open|filtered: it is not possible to determine whether a port is open or filtered.
• closed|filtered: it is not possible to determine whether a port is closed or filtered. 

• -sL: List Scan – simply list targets to scan 
• -sn: Ping Scan – disable port scan 
• -Pn: Treat all hosts as online — skip host discovery 
• -p <port ranges>: Only scan specified ports 
•     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9 
• –exclude-ports <port ranges>: Exclude the specified ports from scanning 
• -F: Fast mode – Scan fewer ports than the default scan 
• -r: Scan ports consecutively – don’t randomize 
• -sU: UDP Scan 
• -sV: Probe open ports to determine service/version info 
• -O: Enable OS detection 
• -V: Print version number 
• -h: Print this help summary page