4 hours ago
13
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
- If you need to scan your network, nmap is the tool to use.
- Nmap can be installed on any Linux distribution.
- Nmap has several very handy commands.
The nmap command (short for network mapper) is a network exploration/security auditing tool that can rapidly scan networks to help you find out what hosts are available. With nmap, you can discover open ports and services, and even find out what operating systems are on your network.
I've used nmap to find out what machines are on a network and what ports/services are open. If I find a port that shouldn't be open, I can close it to avoid security issues.
Also: 5 reasons you should ditch Windows for Linux today
In other words, nmap is an essential tool for anyone who's serious about their network security.
The thing is, nmap can do a lot. In fact, if you were to read the manual page (man nmap), you'd likely come away confused and intimidated. That's unfortunate, because nmap can come in very handy.
To avoid the confusion and intimidation, I'll demonstrate some of the more useful things you can do with nmap. Without further ado, open your terminal app and get ready to scan.
Installing nmap
If nmap isn't already installed on your Linux distribution, it's actually quite easy to do. Here's how:
- Ubuntu/Debian-based distributions: sudo apt-get install nmap -y
- Fedora-based distributions: sudo dnf install nmap -y
- Arch-based distributions: sudo pacman -S nmap
1. Operating system discovery
This is one of the tasks I frequently use with nmap because I regularly need to locate which OS is associated with an IP address. As with many nmap commands, this can be run on a single address or a range of addresses. The command for OS discovery on a single IP address would look something like this:
nmap -A 192.168.1.176
Near the bottom of the results, you should find a line that looks like this:
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Now, you know what OS is associated with that IP address.
If you want to scan a range of addresses to find out which OS is associated with every host on your network, the command would look something like this:
nmap -A 192.168.1.0/24
Keep in mind that scanning an entire port range can take quite a bit of time (depending on the number of machines attached to your LAN).
2. List open ports
Sometimes you just need to know what ports are open on your network. You might discover that there are machines with open ports that shouldn't be open. If that's the case, you would definitely want to close them (or risk security breaches). The thing about ports is that there are a lot of them (to the tune of 65,536). Many of those ports aren't regularly used, but you never know, which is why it's important to run a scan of ports on your LAN to see what's what.
Also: The best Linux distros for beginners
To run a port scan on a single host with nmap, the command would look something like this:
nmap -p 0-65535 192.168.1.176
To run a port scan on your entire LAN, the command would look something like this:
nmap -p 0-65535 192.168.1.0/24
You can also scan for a single port. Say, for instance, you want to check and see if any host on your network has its SMTP port open. That scan would be:
nmap -p 25 192.168.1.0/24
3. Scan an entire network
If you just want to run a general scan of your entire network, you could use nmap like so:
nmap 192.168.1.*
You could even add more output with the verbose flag, like this:
nmap -v 192.168.1.*
Because the above commands are all-encompassing, they can take quite a bit of time to complete.
3. Scan multiple machines (but not an entire network)
Let's say you want to scan for open ports on the machines 192.168.1.11, 192.168.1.12, 192.168.1.13, and 192.168.1.14. Instead of typing out the entire address for each, you can instead use just the last octets like so:
nmap -p 0-65535 192.168.1.11,12,13,14
You could also scan an address range like this:
nmap -p 0-65535 192.168.1.11-14
4. Detect firewalls
You might need to find out if a host has a firewall running. Naturally, if you find a host with its firewall disabled, you should make sure to enable it immediately.
Also: Linux desktop frozen? My 5 go-to tricks to try - before forcing a hard reboot
To use nmap to discover firewalls is a bit trickier than the other commands, because you'll not only use multiple options, but also send the output to a file (for easier viewing). The command would look something like this:
sudo nmap -sF -g 25 -oN fw.txt 192.168.1.11
Although nmap sends the output to the terminal, it also saves it to a file (in the above case, fw.txt). If you see "filtered" in the output, the firewall is up and running. If you see "ignored state(s)," that means the firewall is disabled.
5. Discover 'live' hosts
You might also want to identify which hosts on your LAN are currently online and responsive (instead of hibernating and/or offline). To run this scan would look like this:
nmap -sP 192.168.1.0/24
If you see "Host is up," then you know that the machine is live.
Those are the five nmap commands I regularly run. Given how much nmap can do, I highly recommend you read through the nmap man page (man nmap) to find out everything else the command has to offer.
Get the morning's top stories in your inbox each day with our Tech Today newsletter.
English (US) ·