Introduction to Nmap Commands
In the domain of cybersecurity, vulnerability assessment comes at the top of the list while one thinks of securing their system. There are several vulnerability scanners available in the market to serve the enterprises better. Coming to the network scanning part, we have tools like Nexpose, Nessus and so on that help us to identify the existing vulnerability in the network. On the bottom of all these scanners, runs an amazing tool called Nmap. Nmap is the root of all these applications which actually makes the outcome of Nmap to be presented in a graphical manner. In this article, we will discuss Nmap Commands.
What is Nmap?
- Nmap may be defined as the inbuilt tool in Kali Linux that is used to scan the network to identify the vulnerability so that it could be remediated. There are various kinds of details that Nmap offers after scanning the target.
- It actually finds out the active or open ports which run any service on it. Nmap used ICMP ping to identify the speed of communication from the server and based on the speed, it performs the port scanning.
- Nmap is capable to make customs scan based on the requirements, It also makes it very easy to scan all the available ports in case if the outcome has to include as much detail as it can.
- Nmap can also be defined as the network vulnerability scanner that identifies the services running on different ports and if they are having any weakness that could be exploited by malicious users.
- In addition to the service details, it will also give a brief if the version of the service has any kind of vulnerability. One can also perform OS footprinting using Nmap. Based on the type of scan, the result produced by it ensured accuracy.
Below we will see some of the important Nmap commands that will be used to perform the scan in the desired manner.
1. Nmap -sT [IP Address]
It can be defined as the TCP connect scan which means Nmap will try to establish the TCP connection with the target in order to get the status of the ports. It is very noisy and can lead to huge log generation. As nmap tries to establish a connection with all the ports that will be scanning for, it usually takes much time as compared to the other methods of scanning.
Example – nmap -sT 220.127.116.11. If this command is given through the terminal, the nmap will try to establish the TCP connection of target 18.104.22.168 for all the specified ports.
2. Nmap -sS [IP Address]
This scan is called the SYN stealth scan which means the nmap will scan the target without actually creating the TCP connection and analyze the response from a server to estimate the status of the port. The scan performed by nmap in stealth mode is pretty faster as compared to the TCP connect scan. It leads to no log generation due to its stealth nature.
Example – Nmap -sS 22.214.171.124. The nmap will perform stealth scan in order to identify if the port is open, close or filtered. The scan will report the port as filtered if they did not receive any response from the port after sending it to the TCP Syn packet.
3. Nmap -sP [IP Address]
It may be defined as the ping scan. In this scan, the nmap actually sends the ICMP packet to check if the target is online rather than finding out the status of the ports. Since it just includes pinging the target system and not performing any kind of scan, it is way too fast than the above-mentioned scan mode. By default scanning, any target is the very first step performed in any of the scans.
Example – Nmap -sS 126.96.36.199. Nmap will only perform the ping test and will give you the outcome. As it is just to check if the target is online, it will take very less time as compared to the other methods that include performing actual scans.
4. Nmap -sU [IP Address]
It is considered as the UDP scan which is preferred when one needs to scan only the UDP ports. The outcome of this scan includes only the details about the services running on the UDP ports along with the status of the port. It is used while the target is supposed to be running service into the UDP ports due to their requirements. This scan will follow the entire process that the other scanning methods follow.
Example – Nmap -SU 188.8.131.52. This command will have the nmap scan the target 184.108.40.206 for all the UDP ports and the service running on it. It takes time to scan which is based on how many ports are required to be scanned.
5. Nmap -sV [IP Address]
It is the special kind of nmap scan which is used to get the version of the services running on the ports. The services that run on particular ports have some versions and by using this scan, we can find out the versions so that we can identify whether the existing version is vulnerable. The result of this test is anticipated to be precise so that the strength and weakness of the version can be checked to strengthen the scheme.
Example – Nmap -sV 220.127.116.11. This Nmap command will scan all the requested ports and will emphasize the version of services running over it.
The nmap is an inbuilt tool in Kali Linux which is used to perform network scanning. The outcome of nmap scanning includes the status of the ports and the service running over it so that it could be estimated if the system is vulnerable from anywhere. It is also the bottom line for many of the applications that use it for performing the scan. For instance, Nexpose is the vulnerability scanning tool that uses nmap to fulfill its purpose. One can learn nmap to grow their career in the domain of cybersecurity and can get them some extra edges to grow themselves technically and of course financially.
This has been a guide to Nmap Commands. Here we discussed the introduction and various types of Nmap Commands along with respective examples. You can also go through our other suggested articles to learn more –