Start Nmap

Nmap is usually used through a command-line interface. To verify if Nmap is already installed in Linux, run the nmap --version command:

root@kali:~# nmap --version
Nmap version 7.01 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.2.4 openssl-1.0.2e libpcre-8.38 libpcap-1.7.4 nmap-libdn et-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

If you don’t have Nmap installed, install it using the sudo apt-get install nmap command.

The official website, nmap.org, offers a machine that can be scanned to help people learn about Nmap. It is available at scanme.nmap.org. To scan this machine with default settings, simply run nmap scanme.nmap.org:

root@kali:~# nmap scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-03 19:41 CET
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (1.5s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
514/tcp filtered shell
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 45.55 seconds

As you can see from the output above, Nmap provided a report indicating which ports are open on scanme.nmap.org. For example, the line 22/tcp open ssh indicates that the TCP port 22 is open, and that the ssh service is probably running on that port.

We can also scan a computer inside our LAN:

root@kali:~# nmap 192.168.5.102
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-03 19:46 CET
Nmap scan report for 192.168.5.102
Host is up (1.0s latency).
Not shown: 977 closed ports
PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
111/tcp open rpcbind
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
514/tcp filtered shell
593/tcp open http-rpc-epmap
636/tcp open ldapssl
2049/tcp open nfs
3260/tcp open iscsi
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 100.94 seconds

As you can see from the output above, the local machine 192.168.5.102 (it is a Windows Server 2012 instance) has been scanned.

Just like many other Linux commands and applications, Nmap offers a comprehensive man pages which can help you if you are in an environment without Internet connection. Simply run man nmap to get more information about the program.
Nmap course

Nmap tutorial

Geek University 2022