Nmap is an open-source, cross-platform tool used to scan networks and obtain information about services, operating systems, and vulnerabilities derived from the conjunction of these. In general, Nmap is used to scan the ports of one or more hosts.

A more exact definition is provided by the project’s website

Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

More about Nmap:

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

So if you are passionate about the world of computer security or auditing, then you need to learn how to use Nmap. Or at least get to know it.

Install Nmap on Linux

Fortunately, Nmap is available in the official repositories of many Linux distributions. So installing it will not be a problem for us.

In the case of distributions from the Debian family which includes Ubuntu and its derivatives such as Linux Mint in a terminal you have to execute

sudo apt update
sudo apt install nmap

On the other hand, in the case of the RHEL family including CentOS, Fedora, or Rocky Linux, you just need to run

sudo dnf install nmap

But you can also install it on OpenSUSE

sudo zypper in nmap

Then, to check that the installation has been successful, you can run

nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1j libssh2-1.9.0 libz-1.2.11 libpcre-8.39 libpcap-1.10.0 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Now we can use it.

Using Nmap on Linux

With Nmap installed correctly, you should be able to use it on your computer without any problems. We’ll go through several examples on how to use this tool.

To scan a host, you can run

sudo nmap [host]

For example

sudo nmap localhost

sample output:

Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-12 10:50 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Other addresses for localhost (not scanned): ::1
All 1000 scanned ports on localhost (127.0.0.1) are closed

As you can see some interesting information is displayed on the output screen which is useful for detecting problems.

To do a quick scan then you can use the -F option

sudo nmap -F [host]

You can replace [host] with the IP address of the computer you want to scan.

sudo nmap 192.168.2.3

Also, you can specify multiple hosts or IP addresses.

sudo nmap 192.168.2.3, 192.168.2.6, 192.168.1.1

Or a range

sudo nmap 192.168.2.3-20

In this case, it will scan IP addresses ranging from 192.168.2.3 to 192.168.2.20.

Another option is to scan the entire subnet

sudo nmap 192.168.1.1/24

You can change the frequency and timing of the network scans with the -T option and by specifying a number between 0-5, the higher the number the faster the scan.

For example

sudo nmap -T4 localhost

In this case response times will be lower and can be useful on slow or busy networks.

If you want to have information about the ports, you have to add the -p option and specify some or a range of ports

sudo nmap -p 25,80 192.168.2.1

In this case, the TCP port 25 and 80 of the host will be scanned.

If you want to scan UDP ports

sudo nmap -sU -p 25,80 192.168.2.1

Conclusion

Nmap is a vital tool for many sysadmin who need to find out some weaknesses.

The post How to install and use nmap on Linux appeared first on Linux Windows and android Tutorials.