Updated March 14, 2023
Introduction to Nmap Commands
In the cybersecurity domain, vulnerability assessment comes at the top of the list while securing their system. There are several vulnerability scanners available in the market to serve enterprises better. Coming to the network scanning part, we have tools like Nexpose, Nessus and so on that help us to identify the existing vulnerability in the network. On the bottom of all these, scanners run an amazing tool called Nmap. Nmap is the root of all these applications, which actually makes the outcome of Nmap to be presented graphically. In this article, we will discuss Nmap Commands.
What is Nmap?
- Nmap may be defined as the inbuilt tool in Kali Linux that is used to scan the network to identify the vulnerability so that it could be remediated. There are various kinds of details that Nmap offers after scanning the target.
- It actually finds out the active or open ports which run any service on it. Nmap used ICMP ping to identify the speed of communication from the server and its speed; it performs the port scanning.
- Nmap can make customs scan based on the requirements; It also makes it very easy to scan all the available ports in case the outcome has to include as much detail as it can.
- Nmap can also be defined as the network vulnerability scanner that identifies the services running on different ports and if they are having any weakness that malicious users could exploit.
- In addition to the service details, it will also give a brief if the service version has any kind of vulnerability. One can also perform OS footprinting using Nmap. Based on the type of scan, the result produced by it ensured accuracy.
Below we will see some of the important commands that will be used to perform the scan in the desired manner.
1. Nmap -sT [IP Address]
It can be defined as the TCP connect scan, which means Nmap will try to establish the TCP connection with the target to get the ports’ status. It is very noisy and can lead to huge log generation. As nmap tries to establish a connection with all the ports that will be scanning for, it usually takes much time compared to the other scanning methods.
Example – nmap -sT 184.108.40.206. If this command is given through the terminal, the nmap will try to establish the TCP connection of target 220.127.116.11 for all the specified ports.
2. Nmap -sS [IP Address]
This scan is called the SYN stealth scan, which means the nmap will scan the target without actually creating the TCP connection and analysing the response from a server to estimate the port’s status. The scan performed by nmap in stealth mode is pretty faster as compared to the TCP connect scan. It leads to no log generation due to its stealth nature.
Example – Nmap -sS 18.104.22.168. The nmap will perform a stealth scan in order to identify if the port is open, close or filtered. The scan will report the port as filtered if they did not receive any response from the port after sending it to the TCP Syn packet.
3. Nmap -sP [IP Address]
It may be defined as the ping scan. In this scan, the nmap sends the ICMP packet to check if the target is online rather than finding out the ports’ status. Since it just includes pinging the target system and not performing any kind of scan, it is way too fast than the above-mentioned scan mode. By default scanning, any target is the very first step performed in any of the scans.
Example – Nmap -sS 22.214.171.124. Nmap will only perform the ping test and will give you the outcome. As it is just to check if the target is online, it will take very less time as compared to the other methods that include performing actual scans.
4. Nmap -sU [IP Address]
It is considered as the UDP scan, which is preferred when one needs to scan only the UDP ports. The outcome of this scan includes only the details about the services running on the UDP ports and the status of the port. It is used while the target is supposed to be running service into the UDP ports due to their requirements. This scan will follow the entire process that the other scanning methods follow.
Example – Nmap -SU 126.96.36.199. This command will have the nmap scan the target 188.8.131.52 for all the UDP ports and the service running on them. It takes time to scan, which is based on how many ports are required to be scanned.
5. Nmap -sV [IP Address]
It is the special kind of nmap scan that is used to get the version of the services running on the ports. The services that run on particular ports have some versions, and by using this scan, we can find out the versions so that we can identify whether the existing version is vulnerable. This test’s result is anticipated to be precise so that the strength and weakness of the version can be checked to strengthen the scheme.
Example – Nmap -SV 184.108.40.206. This Nmap command will scan all the requested ports and emphasise the services running over them.
The nmap is an inbuilt tool in Kali Linux which is used to perform network scanning. The outcome of nmap scanning includes the status of the ports and the service running over them to estimate if the system is vulnerable from anywhere. It is also the bottom line for many of the applications that use it for performing the scan. For instance, Nexpose is the vulnerability scanning tool that uses Nmap to fulfil its purpose. One can learn nmap to grow their career in cybersecurity and get them some extra edges to grow themselves technically and, of course, financially.
This has been a guide to Nmap Commands. Here we discussed what Nmap commands are and their various types of Commands, along with respective examples. You can also go through our other suggested articles to learn more –