nmap Command
Advanced Networking man(1)Network exploration tool and security scanner
👁 10 views
📅 Updated: Mar 15, 2026
SYNTAX
nmap [OPTION]... [TARGET]
What Does nmap Do?
nmap (Network Mapper) is the industry-standard network discovery and security auditing tool. It discovers hosts, services, operating systems, and vulnerabilities on a network.
nmap sends specially crafted packets and analyzes responses to determine what hosts are available, what services they run, what OS and versions they use, and what security measures are in place.
nmap is essential for security professionals, system administrators, and anyone who needs to understand their network. It is the first tool used in network assessment.
nmap sends specially crafted packets and analyzes responses to determine what hosts are available, what services they run, what OS and versions they use, and what security measures are in place.
nmap is essential for security professionals, system administrators, and anyone who needs to understand their network. It is the first tool used in network assessment.
Options & Flags
| Option | Description | Example |
|---|---|---|
| -sS | TCP SYN scan (stealth, default) | sudo nmap -sS target |
| -sV | Version detection | nmap -sV target |
| -O | OS detection | sudo nmap -O target |
| -p | Specify ports | nmap -p 80,443,8080 target |
| -A | Aggressive scan (OS, version, scripts, traceroute) | sudo nmap -A target |
| -sn | Ping scan (host discovery only) | nmap -sn 192.168.1.0/24 |
| -Pn | Skip host discovery (treat as online) | nmap -Pn target |
| --top-ports | Scan most common N ports | nmap --top-ports 100 target |
Practical Examples
#1 Quick scan
Scans the 1000 most common ports.
$ nmap example.com
Output:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
#2 Scan specific ports
Checks only specific ports.
$ nmap -p 22,80,443,3306,5432 server.com#3 Service versions
Detects service versions running on open ports.
$ nmap -sV example.com
Output:
80/tcp open http nginx 1.24.0\n443/tcp open ssl/http nginx 1.24.0
#4 Network discovery
Finds all active hosts on the local network.
$ nmap -sn 192.168.1.0/24#5 Full scan
Aggressive scan: OS, versions, scripts, and traceroute.
$ sudo nmap -A -T4 target.com#6 All ports
Scans all 65535 ports (takes longer).
$ nmap -p- target.comTips & Best Practices
Get permission first: Scanning networks without permission is illegal in many jurisdictions. Only scan systems you own or have written authorization to test.
-T4 for speed: Add -T4 for faster scanning. Timing levels: T0 (paranoid) to T5 (insane). T4 is good for most uses.
NSE scripts: nmap includes scripting engine (NSE) with hundreds of scripts: --script vuln for vulnerability detection, --script http-enum for web enumeration.
Frequently Asked Questions
How do I scan ports on a server?
nmap hostname scans the 1000 most common ports. Use -p PORT for specific ports, -p- for all 65535.
How do I find all devices on my network?
nmap -sn 192.168.1.0/24 discovers all active hosts. Requires appropriate network permissions.
Is port scanning legal?
Scanning your own systems is legal. Scanning others without permission may violate computer crime laws. Always get written authorization.
Related Commands
More Networking Commands
Master Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books →