Nmap

How to Run a Quick Network Scan with Nmap

Network Mapper, commonly known by its acronym Nmap, is an effective open-source network scanning and auditing tool. By default, Nmap comes with a wide range of tools and functionalities to perform host discovery, port scanning, operating systems and services, and versions. Nmap is quite capable and, at the same time, remains of the easiest cybersecurity and network auditing tools available. This tutorial will show you how to perform a quick network scan against a target and save the output to a file.

Installing Nmap

Nmap is open-source, which means that it is readily available for all major Linux distributions, as well as other operating systems, such as Windows, Mac OS, Solaris, and more. To download the binary for your system or compile it on your own, check out the nmap download resources provided.

To install it on Ubuntu/Debian, use the apt package manager:

sudo apt-get update && sudo apt-get -y install nmap

Once Nmap is installed, you can run network scans by calling the Nmap command from the terminal.

Quick Network Host Discovery

To perform a quick network host discovery using Nmap, use the -sn flag with the Nmap command. This flag tells Nmap to determine whether the hosts are active without conducting any port scans.

Consider the following scan for the network 192.168.0.1/24:

$ sudo nmap -sn 192.168.0.1/24
Starting Nmap 7.91 (https://nmap.org)
Nmap scan report for 192.168.0.1
Host is up (0.0020s latency).
MAC Address: 44:32:C8:70:29:7E (Technicolor CH USA)
Nmap scan report for 192.168.0.10
Host is up (0.0080s latency).
MAC Address: 00:10:95:DE:AD:07 (Thomson)
Nmap scan report for 192.168.0.12
Host is up (0.080s latency).
MAC Address: AC:2D:A9:B2:C8:A0 (Tecno Mobile Limited)
Nmap scan report for 192.168.0.25
Host is up (0.084s latency).
MAC Address: 18:5E:0F:7C:2D:65 (Intel Corporate)
Nmap scan report for 192.168.0.26
Host is up (0.083s latency).
MAC Address: 9C:B7:0D:88:34:4D (Liteon Technology)
Nmap scan report for 192.168.0.29
Host is up (0.082s latency).
MAC Address: 82:10:2A:BC:41:66 (Unknown)
Nmap scan report for 192.168.0.30
Host is up.
Nmap done: 256 IP addresses (7 hosts up) scanned in 3.31 seconds

The above command scans the entire network and tells you which devices are active, as well as their respective IP addresses.

You can also pass multiple networks by passing them as arguments. For example:

sudo nmap -sn 192.168.0.1/24 10.10.0.0/24

Quick Host Scan for Open Ports

To perform a quick network scan and determine the open ports on a network, use the Nmap command, followed by the host IP address or subnet range. For example:

sudo nmap 192.168.0.1/24

You should get an output like the one shown below. If you have a large subnet, it may take a while to complete the scan.

Starting Nmap 7.91 ( https://nmap.org )
Host is up (0.0089s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE
23/tcp   open   telnet
80/tcp   open   http
1900/tcp closed upnp
8080/tcp open   http-proxy
MAC Address: 44:32:C8:70:29:7E (Technicolor CH USA)

Nmap scan report for 192.168.0.10
Host is up (0.0034s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE
23/tcp  open  telnet
80/tcp  open  http
111/tcp open  rpcbind
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:10:95:DE:AD:07 (Thomson)

Nmap scan report for 192.168.0.25
Host is up (0.099s latency).
All 1000 scanned ports on 192.168.0.25 are filtered
MAC Address: 18:5E:0F:7C:2D:65 (Intel Corporate)

If you know which ports are running on the system or want confirmation of the running ports, you can tell Nmap to scan only those ports to check if they are available. The command for this is as follows:

sudo nmap -p 22, 21, 80, 443 192.168.0.1/24

Save Nmap Scan to File

In most cases, when performing a network scan, you will need a copy of the results to reference the open ports or the running service. Nmap allows you to save the output of a scan to a file.

To save the output of an Nmap scan to a file, use the -oA argument and pass the file name, as follows:

sudo nmap 192.168.0.1/24 -oA ~/Desktop/nmap/quick_scan

The -oA flag saves the output in all formats to the specified file. To specify a specific file format, such as XML, use the -oX flag:

sudo nmap 192.168.0.1/24 -oX ~/Desktop/nmap_xml

To specify a normal output, use the -oN flag:

sudo nmap 192.168.0.1/24 -oN ~/Desktop/nmap_normal

Conclusion

As shown in this article, Nmap provides several quick methods for performing simple network scans. Nmap is a powerful tool that you can use to your advantage to exploit and secure networks.

To expand your knowledge, consider the main nmap documentation.

About the author

John Otieno

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list