How To Scan Open Ports With NMAP Scanner


NMAP scanner is an Open Source Suite For Network Discovery And Security Auditing.

  • Nmap Features
  • Installation and How to use Nmap
  • Nmap Commands
  • How To Scan Open Ports With NMAP

Nmap scanner uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

In real life, it’s most often used to locate available hosts and services on a network, determine the operating systems and versions utilised by machines on a network and pinpoint a network’s open ports.

While it’s a valuable software used by security professionals for performing a network inventory or a vulnerability assessment.

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

In addition to the classic command-line Nmap executable, to use Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

NMAP scanner is popular, flexible, powerful, portable, easy to use, open source, free software, well documented , supports by many vibrant community of developers and users and has acclaimed many awards.

One very important aspect of use NMAP to remember is that these scans should be ran with Root or Administrator access depending on the type of system you are using. This is required because the scans send raw packets which require privileged system access.

Must See – NMAP Commands Cheatsheet

Nmap features include:

  • Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
  • Port scanning – Enumerating the open ports on target hosts.
  • Version detection – Interrogating network services on remote devices to determine application name and version number.
  • OS detection – Determining the operating system and hardware characteristics of network devices.
  • Scriptable interaction with the target.

Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.

Let’s get started with installation and how to use Nmap :

  • Download nmap on your kali machine,type command
    • sudo apt install nmap
  • In order to run the ifconfig command, we need to have net-tools installed on machine, type command
    • sudo apt install net-tools
  • In order to get information about the network(s), type command
    • ifconfig

  • We can take help from manual to specify the type of scan, type command
  • NMAP Basic commands

    • Scan network for connected devices

    • How To Scan a single IP?

    • How to scan a host

    • How to scan open ports with nmap?

    • Scan using TCP connect

Some more basic NMAP commands which we can use are :-

  • Target Selection
    • Scan a range of IPs – nmap
    • Scan a subnet – nmap
    • Scan targets from Text file – nmap -iL ips.txt
  • Port Selection
    • Scan a range of ports – nmap -p 1-100
    • Scan 100 common ports – nmap -F
    • Scan all ports – nmap -p-
    • Specify UDP or TCP scan- nmap -p U:137,T:139
  • Scan Types
    • Scan using TCP SYN scan – nmap -sS
    • Scan UDP ports – nmap -sU -p 123,161,162
    • Scan Selected ports (Ignore Discovery) – nmap -Pn -F
  • Service and OS Detection
    • Detect OS and Services – nmap -A
    • Standard service detection – nmap -sV
    • Aggressive service detection – nmap -sV –version-intensity 5
  • Output Formats
    • Save default output to file – nmap -oN result.txt
    • Save results as XML – nmap -oX resultxml.xml
    • Save formatted results (Grep) – nmap -oG formattable.txt
    • Save in all formats – nmap -oA allformats
  • Scripting Engine
    • Scan using default safe scripts – nmap -sV -sC
    • Get help for a script – nmap –script-help=ssl-heartbleed
    • Scan using a specific script – nmap -sV -p 443 -script=ssl-heartbleed
    • Update script database – nmap –script-updatedb
  • Some Useful NSE Scripts
    • Scan for UDP DDOS reflectors – nmap -sU -A -PN -n -pU:19,53,123,161 -script=ntp-monlist,dns-recursion,snmp-sysdescr
    • Gather page titles from HTTP Servers – nmap –script=http-title
    • Get HTTP headers of web services – nmap –script=http-headers
    • Find web apps from known paths – nmap –script=http-enum
    • Find exposed Netbios servers – nmap -sU –script nbtstat.nse -p 137

We can perform many types of scan using NMAP and upgrade the scanning techniques. The thing to remember is that running different types of scans may produce different results as firewalls may limit the responses allowed from the specific hosts it protects.

This open source utility is very useful and powerful too, if we know how to use it properly in the network.

Also, you can directly download Nmap here

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Mac Malware

New MAC Malware Detected - OSX/CrescentCore

Next Article
FB WhatsApp and Instagram Down

Again! Facebook WhatsApp And Instagram Down To Everyone

Related Posts