Nmap (Network Mapper) is a free port scanner for scanning and evaluating hosts in a network. The tool, published under the GNU Public License, was developed by a resourceful hacker known as Fydor. Of course, I advise you to only scan networks that you own or that you administer - anything else could be illegal and punishable.

Nmap runs under:

1Windows
2macOS
3Linux
4Unix

Installation:

macOS

1brew install nmap

Linux (Ubuntu / Debian):

1sudo apt-get install nmap

Usage:

1$ nmap -h

What can you use nmap for?

Nmap is primarily a port scanner, i.e. nmap checks the running protocols of a domain that you give nmap to see if they are available. Ports are, as already mentioned, protocols and parts of a network address that handle the assignment of TCP and UDP connections and data packets between server and client. Each connection always has two identical ports, one on the server and one on the client side. Ports therefore serve as a feature to distinguish between multiple connections between the same pair of endpoints and ports can identify network protocols and services. A list of all standardized ports can be found here:

Portlist

If you want to play around yourself, you can

1nmap -h

Display the list of all options and parameters.

Simple port scan

The simplest scan variant of nmap is:

1nmap 127.0.0.1

and it produces the following output:

1Host is up (0.00026s latency)

This means that the scanned host responded and took 0.00026 seconds to do so.

output

1Not shown: 999 closed Ports
2999 ports are not displayed because they are not open
3
4631/TCP open ipp
5
6   
7Port 631 is open and is used by the IPP service. IPP is a printing service provided over the network.
8 

Definition of targets

Lines of a scan with nmap can be IP addresses (e.g. 127.0.0.1), hostnames (www.nerdbude.com), network ranges (127.0.0.1-255) and so on. If there are several target systems to be scanned, there are also various parameters that you can give nmap:

-iL (processes a file with a list of destinations)

-iR (selects a random number of targets)

–exclude host1[,host2]… (ignores the defined goals)

–excludefile filename (ignores the targets in the passed file)

Definition of ports

Similar to the targets, the ports that should be scanned can also be defined.

-p (scans only certain ports (z.B. -p22 / -p1-65535 usw.)

–exclude-ports (excludes defined ports from the scan)

-F (Fast-Mode / Scans only the first 100 ports)

-r (Scans ports one by one, not in a random order)

Scans

After we have defined our targets and the port, the scanning can begin.

1nmap -sn 127.0.0.1

Just ping the target and see if it responds and is online

1nmap -p1-65535 127.0.0.1

Scans the target for all 65535 existing ports and their state.

1	nmap -PO [Protocollist] 127.0.0.1

Only scans IP protocol services running on the target.

1	nmap -O 127.0.0.1

This parameter activates the OS (Operating System) check, so that at the end of the scan the OS used is eliminated.

These are just a few scan options that nmap offers, but they should be a start and a basic understanding. If you want the full list of current parameters and options, you can find them here:

NMap Usage

and the nmap page is here:

NMAP