Links
- Homepage
- https://nmap.org/
- Book
- https://nmap.org/book/
Simple scan
Mostly just to figure out what hosts are on the network:
$ nmap -n 192.168.1.0-254 Starting Nmap 7.94 ( https://nmap.org ) at 2024-01-29 13:37 PST Nmap scan report for 192.168.1.░░ Host is up (0.012s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 443/tcp open https 515/tcp open printer 631/tcp open ipp 9100/tcp open jetdirect Nmap scan report for 192.168.1.░░ Host is up (0.0074s latency). All 1000 scanned ports on 192.168.1.░░ are in ignored states. Not shown: 1000 closed tcp ports (conn-refused) Nmap scan report for 192.168.1.░░ Host is up (0.00014s latency). Not shown: 996 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 81/tcp open hosts2-ns 8000/tcp open http-alt Nmap scan report for 192.168.1.░░░ Host is up (0.057s latency). Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 255 IP addresses (4 hosts up) scanned in 36.63 seconds
You can just do a ping scan like so:
$ nmap -sn -n 192.168.1.0-254 -oG - # Nmap 7.94 scan initiated Mon Jan 29 13:33:37 2024 as: nmap -sn -n -oG - 192.168.1.0-254 Host: 192.168.1.░░ () Status: Up Host: 192.168.1.░░ () Status: Up Host: 192.168.1.░░ () Status: Up Host: 192.168.1.░░░ () Status: Up # Nmap done at Mon Jan 29 13:33:38 2024 -- 255 IP addresses (4 hosts up) scanned in 7.27 seconds
Where -n
prevents DNS resolution, -sn
does the actual scan, and -oG -
puts greppable output to stdout.
You can also play around with -oX -
to output XML.