Hello, friends. In this post, you will learn how to install and use Nmap on Linux. This tool allows you to scan the ports of one or several hosts and can be useful in auditing tools.
Nmap is an open-source, cross-platform tool used to scan networks and obtain information about services, operating systems, and vulnerabilities derived from the conjunction of these. In general, Nmap is used to scan the ports of one or more hosts.
A more exact definition is provided by the project’s website
Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
More about Nmap:
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
So if you are passionate about the world of computer security or auditing, then you need to learn how to use Nmap. Or at least get to know it.
Install Nmap on Linux
Fortunately, Nmap is available in the official repositories of many Linux distributions. So installing it will not be a problem for us.
In the case of distributions from the Debian family which includes Ubuntu and its derivatives such as Linux Mint in a terminal you have to execute
sudo apt update sudo apt install nmap
On the other hand, in the case of the RHEL family including CentOS, Fedora, or Rocky Linux, you just need to run
sudo dnf install nmap
But you can also install it on OpenSUSE
sudo zypper in nmap
Then, to check that the installation has been successful, you can run
nmap --version Nmap version 7.80 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.3.3 openssl-1.1.1j libssh2-1.9.0 libz-1.2.11 libpcre-8.39 libpcap-1.10.0 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select
Now we can use it.
Using Nmap on Linux
With Nmap installed correctly, you should be able to use it on your computer without any problems. We’ll go through several examples on how to use this tool.
To scan a host, you can run
sudo nmap [host]
For example
sudo nmap localhost
sample output:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-12 10:50 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.0000040s latency). Other addresses for localhost (not scanned): ::1 All 1000 scanned ports on localhost (127.0.0.1) are closed
As you can see some interesting information is displayed on the output screen which is useful for detecting problems.
To do a quick scan then you can use the -F option
sudo nmap -F [host]
You can replace [host] with the IP address of the computer you want to scan.
sudo nmap 192.168.2.3
Also, you can specify multiple hosts or IP addresses.
sudo nmap 192.168.2.3, 192.168.2.6, 192.168.1.1
Or a range
sudo nmap 192.168.2.3-20
In this case, it will scan IP addresses ranging from 192.168.2.3 to 192.168.2.20.
Another option is to scan the entire subnet
sudo nmap 192.168.1.1/24
You can change the frequency and timing of the network scans with the -T option and by specifying a number between 0-5, the higher the number the faster the scan.
For example
sudo nmap -T4 localhost
In this case response times will be lower and can be useful on slow or busy networks.
If you want to have information about the ports, you have to add the -p option and specify some or a range of ports
sudo nmap -p 25,80 192.168.2.1
In this case, the TCP port 25 and 80 of the host will be scanned.
If you want to scan UDP ports
sudo nmap -sU -p 25,80 192.168.2.1
Conclusion
Nmap is a vital tool for many sysadmin who need to find out some weaknesses.
