nmap is a network mapping utility that you can use to gather information regarding the nodes on your network. With nmap, you can perform port scanning, OS fingerprinting, and more! In this tutorial, you’ll learn the basics of using nmap.

nmap cheat sheet

Installing nmap

Debian/Ubuntu:

sudo apt install nmap

Arch Linux

pacman -S nmap

Alma Linux, CentOS, Fedora, Rocky Linux, Red Hat (etc)

sudo dnf install nmap

Viewing the version number of the installed nmap

nmap -v

Scan an IP address or fully-qualified domain name

Note: IP addresses shown for example purposes only

nmap 172.16.249.2

nmap myhost.mydomain.com

Scan an IP address or fully-qualified domain name, and show more verbose output

nmap -v 172.16.249.2

Scan multiple IP addresses

nmap 172.16.249.2 172.16.249.6

Scan a range of IP addresses

nmap 172.16.249.2-6

Scan a range of IP addresses, but exclude a single IP address

nmap 172.16.249.2-6 --exclude 172.16.249.4

View service and version information for individual ports on a host

nmap -sV 172.16.249.4

Attempt to determine the operating system of a host

nmap -A 10.10.10.21

Scan an entire subnet

nmap 10.10.30.0/24

Determine if a host or network is behind a firewall

nmap -sA 172.16.254.10

View condensed output for a host

nmap -sP 10.10.30.0/24

Scan a host that’s behind a firewall

nmap -PN 172.16.254.10

Perform a fast scan (not as accurate on slower networks)

nmap -T5 10.10.30.0/24

Display the reason a port is in the state that it’s in

nmap --reason 192.168.1.1

Show incoming and outgoing packets

nmap --packet-trace 172.16.254.10

Show host network and route info

nmap --iflist

Scan a specific port

nmap -p 80 172.16.249.2

Scan a specific port (and specify TCP)

nmap -p T:80 172.16.249.2

Scan a specific port (and specify UDP)

nmap -p U:80 172.16.249.2

Scan more than one specific port

nmap -p 80,443 172.16.254.10

Scan a range of ports

nmap -p 80-200 172.16.254.10