Start Nmap

Nmap is usually used through a command-line interface. To verify if Nmap is already installed in Linux, run the nmap --version command:

root@kali:~# nmap --version
Nmap version 7.01 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.2.4 openssl-1.0.2e libpcre-8.38 libpcap-1.7.4 nmap-libdn et-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

If you don’t have Nmap installed, install it using the sudo apt-get install nmap command.

The official website, nmap.org, offers a machine that can be scanned to help people learn about Nmap. It is available at scanme.nmap.org. To scan this machine with default settings, simply run nmap scanme.nmap.org:

root@kali:~# nmap scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-03 19:41 CET
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (1.5s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
514/tcp filtered shell
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 45.55 seconds

As you can see from the output above, Nmap provided a report indicating which ports are open on scanme.nmap.org. For example, the line 22/tcp open ssh indicates that the TCP port 22 is open, and that the ssh service is probably running on that port.

We can also scan a computer inside our LAN:

root@kali:~# nmap 192.168.5.102
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-03 19:46 CET
Nmap scan report for 192.168.5.102
Host is up (1.0s latency).
Not shown: 977 closed ports
PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
111/tcp open rpcbind
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
514/tcp filtered shell
593/tcp open http-rpc-epmap
636/tcp open ldapssl
2049/tcp open nfs
3260/tcp open iscsi
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 100.94 seconds

As you can see from the output above, the local machine 192.168.5.102 (it is a Windows Server 2012 instance) has been scanned.

Just like many other Linux commands and applications, Nmap offers a comprehensive man pages which can help you if you are in an environment without Internet connection. Simply run man nmap to get more information about the program.
Geek University 2022