5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Platform

Contact us

Products
Overview Get a demo
Data Protection
Get support
DatAdvantage +1 (877) 292-8767
Data audit & protection

Automation Engine
Data remediation

DataPrivilege
Data access governance

Data Transport Engine

Automated policy enforcement

Threat Detection & Response

DatAlert
Data-centric UBA

Edge
Perimeter detections for DatAlert

Varonis for Active Directory

Anomaly detection & hardening

Privacy & Compliance

Data Classification Engine

Sensitive data discovery

Policy Pack
GDPR & CCPA discovery policies

Federal Policy Pack

Top secret & CUI discovery policies

Data Classification Labels

Sensitive data labeling

DatAnswers
DSARs, e-Discovery, PII search

Cloud Security

DatAdvantage Cloud
SaaS & IaaS Security
Data Classification Cloud
Sensitive data discovery

Varonis for Microsoft 365

Data-centric security for M365

Varonis for Salesforce

Data-centric security for Salesforce

See all products

 
Learn more
How It Works
Integrations
Third-party Apps
Pricing
https://www.varonis.com/blog/nmap-commands#how-to-use 1/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Solutions

By Industry

Finance
Healthcare
Federal Government
Education
Manufacturing
State & Local Government
By Use Case

Cloud Data Protection

Data Classification
Data Loss Prevention
Data Privacy & DSARs
Insider Risk Management
Ransomware Prevention
Zero Trust
By Technology

Microsoft 365

Windows File Shares

Active Directory

Google Drive

Salesforce

Nasuni

UNIX/Linux

Box

Slack

Okta

GitHub

NetApp
See all integrations
Why Varonis?

Case Studies
Operational Plan

https://www.varonis.com/blog/nmap-commands#how-to-use 2/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Industry Recognition
Customer Success
IR & Forensics Team
Measurable ROI
Company

About Varonis
Careers
Investor Relations
Press
Corporate Responsibility
Trust & Security
Brand
Contact Us
Partners

Partner Program
Partner Locator
Partner Portal
Service Providers
Technology Partners
Resources

Support
Resource Library
Blog
Free Security Courses
Product Training
SecurityFWD
Webinars
Events
Contact Us

Get support
+1 (877) 292-8767

Inside Out Security English

https://www.varonis.com/blog/nmap-commands#how-to-use 3/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Inside Out Security Blog

 
/
 
Data Security

How to Use Nmap: Commands

and Tutorial Guide
Jeff Petters | 7 min read | Last updated May 20, 2020

Nmap is a network mapper that has emerged as one of the

most popular, free network discovery tools on the market.
Nmap is now one of the core tools used by network
administrators to map their networks. The program can be
used to find live hosts on a network, perform port
scanning, ping sweeps, OS detection, and version
detection.

A number of recent cyberattacks have re-focused attention

on the type of network auditing that Nmap provides.
Analysts have pointed out that the recent Capital One
hack, for instance, could have been detected sooner if
system administrators had been monitoring connected
devices. In this guide, we’ll look at what Nmap is, what it
can do, and explain how to use the most common
commands.

https://www.varonis.com/blog/nmap-commands#how-to-use 4/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Download the full Netcat

cheatsheet

First Name* Last Name*

First Name Last Name

Email*

Email

I agree to receive communications from Varonis.*

You can unsubscribe from these communications at any time. For

more information on our privacy practices, and how we're
committed to protecting your information, please review our
privacy policy.

Send me the cheat sheet

Ideally, Nmap should be used as part of an integrated Data

Security Platform. Once Nmap has been used to map a
network, a platform such as Varonis’ Datadvantage can
then be used to implement advanced access control.

How To Use Nmap

Nmap Tutorial and Examples

Nmap Commands

Nmap FAQ

What is Nmap?

https://www.varonis.com/blog/nmap-commands#how-to-use 5/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

At its core, Nmap is a network scanning tool that uses IP

packets to identify all the devices connected to a network
and to provide information on the services and operating
systems they are running.

The program is most commonly used via a command-line

interface (though GUI front-ends are also available) and is
available for many different operating systems such as
Linux, Free BSD, and Gentoo. Its popularity has also been
bolstered by an active and enthusiastic user support
community.

Nmap was developed for enterprise-scale networks and

can scan through thousands of connected devices.
However, in recent years Nmap is being increasingly used
by smaller companies. The rise of the IoT, in particular,
now means that the networks used by these companies
have become more complex and therefore harder to
secure.

This means that Nmap is now used in many website

monitoring tools to audit the traffic between web servers
and IoT devices. The recent emergence of IoT botnets, like
Mirai, has also stimulated interest in Nmap, not least
because of its ability to interrogate devices connected via
the UPnP protocol and to highlight any devices that may
be malicious.

https://www.varonis.com/blog/nmap-commands#how-to-use 6/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

What Does Nmap Do?

At a practical level, Nmap is used to provide detailed, real-

time information on your networks, and on the devices
connected to them.

The primary uses of Nmap can be broken into three core

processes. First, the program gives you detailed
information on every IP active on your networks, and each
IP can then be scanned. This allows administrators to
check whether an IP is being used by a legitimate service,
or by an external attacker.

Secondly, Nmap provides information on your network as a

whole. It can be used to provide a list of live hosts and
open ports, as well as identifying the OS of every
connected device. This makes it a valuable tool in ongoing
system monitoring, as well as a critical part of pentesting.
Nmap can be used alongside the Metasploit framework, for
instance, to probe and then repair network vulnerabilities.

Thirdly, Nmap has also become a valuable tool for users

looking to protect personal and business websites. Using
Nmap to scan your own web server, particularly if you are
hosting your website from home, is essentially simulating
the process that a hacker would use to attack your site.

https://www.varonis.com/blog/nmap-commands#how-to-use 7/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

“Attacking” your own site in this way is a powerful way of

identifying security vulnerabilities.

How To Use Nmap

Nmap is straightforward to use, and most of the tools it

provides are familiar to system admins from other
programs. The advantage of Nmap is that it brings a wide
range of these tools into one program, rather than forcing
you to skip between separate and discrete network
monitoring tools.

In order to use Nmap, you need to be familiar with

command-line interfaces. Most advanced users are able to
write scripts to automate common tasks, but this is not
necessary for basic network monitoring.

How To Install Nmap

The process for installing Nmap is easy but varies

according to your operating system. The Windows, Mac,
and Linux versions of the program can be downloaded
here.

https://www.varonis.com/blog/nmap-commands#how-to-use 8/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

For Windows, Nmap comes with a custom installer

(namp<version>setup.exe). Download and run this
installer, and it automatically configures Nmap on your
system.

On Mac, Nmap also comes with a dedicated installer.

Run the Nmap-<version>mpkg file to start this installer.
On some recent versions of macOS, you might see a
warning that Nmap is an “unidentified developer”, but
you can ignore this warning.

Linux users can either compile Nmap from source or

use their chosen package manager. To use apt, for
instance, you can run Nmap –version to check if Nmap
is installed, and sudo apt-get install Nmap to install it.

Nmap Tutorial and Examples

Once you’ve installed Nmap, the best way of learning how
to use it is to perform some basic network scans.

How To Run a Ping Scan

One of the most basic functions of Nmap is to identify

active hosts on your network. Nmap does this by using a
ping scan. This identifies all of the IP addresses that are
currently online without sending any packets to these
hosts.

To run a ping scan, run the following command:

# nmap -sp 192.100.1.1/24

This command then returns a list of hosts on your network

and the total number of assigned IP addresses. If you spot
any hosts or IP addresses on this list that you cannot
account for, you can then run further commands (see
below) to investigate them further.

https://www.varonis.com/blog/nmap-commands#how-to-use 9/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

How To Run A Host Scan

A more powerful way to scan your networks is to use Nmap

to perform a host scan. Unlike a ping scan, a host scan
actively sends ARP request packets to all the hosts
connected to your network. Each host then responds to
this packet with another ARP packet containing its status
and MAC address.

To run a host scan, use the following command:

# nmap -sp <target IP range>

This returns information on every host, their latency, their

MAC address, and also any description associated with this
address. This can be a powerful way of spotting suspicious
hosts connected to your network.

If you see anything unusual in this list, you can then run a
DNS query on a specific host, by using:

# namp -sL <IP address>

This returns a list of names associated with the scanned IP.

This description provides information on what the IP is
actually for.

How To Use Nmap in Kali Linux

Using Nmap in Kali Linux can be done in an identical way

to running the program on any other flavor of Linux.

That said, there are advantages to using Kali when running

Nmap scans. Most modern distros of Kali now come with a
fully-features Nmap suite, which includes an advanced GUI
and results viewer (Zenmap), a flexible data transfer,
redirection, and debugging tool (Ncat), a utility for
comparing scan results (Ndiff), and a packet generation
and response analysis tool (Nping).
https://www.varonis.com/blog/nmap-commands#how-to-use 10/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Nmap Commands

Most of the common functions of Nmap can be executed

using a single command, and the program also uses a
number of ‘shortcut’ commands that can be used to
automate common tasks.

Here is a quick run-down:

1. Ping Scanning

As mentioned above, a ping scan returns information on

every active IP on your network. You can execute a ping
scan using this command:

# nmap -sp 192.100.1.1/24

2. Port Scanning

https://www.varonis.com/blog/nmap-commands#how-to-use 11/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

There are several ways to execute port scanning using

Nmap. The most commonly used are these:

# sS TCP SYN scan

# sT TCP connect scan

# sU UDP scans

# sY SCTP INIT scan

# sN TCP NULL

The major differences between these types of scans are

whether they cover TCP or UDP ports and whether they
execute a TCP connection. Here are the basic differences:

The most basic of these scans is the sS TCP SYN scan,

and this gives most users all the information they
need. It scans thousands of ports per second, and
because it doesn’t complete a TCP connection it does
not arouse suspicion.

The main alternative to this type of scan is the TCP

Connect scan, which actively queries each host, and
requests a response. This type of scan takes longer
https://www.varonis.com/blog/nmap-commands#how-to-use 12/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

than a SYN scan, but can return more reliable

information.

The UDP scan works in a similar way to the TCP

connect scan but uses UDP packets to scan DNS,
SNMP, and DHCP ports. These are the ports most
frequently targeted by hackers, and so this type of
scan is a useful tool for checking for vulnerabilities.

The SCTP INIT scan covers a different set of services:

SS7 and SIGTRAN. This type of scan can also be used
to avoid suspicion when scanning an external network
because it doesn’t complete the full SCTP process.

The TOP NULL scan is also a very crafty scanning

technique. It uses a loophole in the TCP system that
can reveal the status of ports without directly querying
them, which means that you can see their status even
where they are protected by a firewall.

3. Host Scanning

Host scanning returns more detailed information on a

particular host or a range of IP addresses. As mentioned
above, you can perform a host scan using the following
command:

# nmap -sp <target IP range>

4. OS Scanning

OS scanning is one of the most powerful features of Nmap.

When using this type of scan, Nmap sends TCP and UDP
packets to a particular port, and then analyze its response.
It compares this response to a database of 2600 operating
systems, and return information on the OS (and version) of
a host.

To run an OS scan, use the following command:

https://www.varonis.com/blog/nmap-commands#how-to-use 13/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

# nmap -O <target IP>

5. Scan The Most Popular Ports

If you are running Nmap on a home server, this command

is very useful. It automatically scans a number of the most
‘popular’ ports for a host. You can run this command using:

nmap --top-ports 20 192.168.1.106

Replace the “20” with the number of ports to scan, and

Nmap quickly scans that many ports. It returns a concise
output that details the status of the most common ports,
and this lets you quickly see whether you have any
unnecessarily open ports.

6. Output to a File

If you want to output the results of your Nmap scans to a

file, you can add an extension to your commands to do
that. Simply add:

-oN output.txt

https://www.varonis.com/blog/nmap-commands#how-to-use 14/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

To your command to output the results to a text file, or:

-oX output.xml

To output to an XML.

7. Disable DNS Name Resolution

Finally, you can speed up your Nmap scans by using the -n

parameter to disable reverse DNS resolution. This can be
extremely useful if you want to scan a large network. For
example, to turn off DNS resolution for the basic ping scan
mentioned above, add -n:

# nmap -sp -n 192.100.1.1/24

Nmap FAQ
The commands above cover most of the basic
functionality of Nmap. You might still have some questions
though, so let’s run through the most common ones.

Q: What Are Some Nmap Alternatives?

There are some alternatives to Nmap, but most of them are

focused on providing specific, niche functionality that the
average system administrator does not need frequently.
MASSCAN, for instance, is much faster than Nmap but
provides less detail. Umit, by contrast, allows you to run
several scans at once.

In reality, however, Nmap provides all the functionality and

speed that the average user requires, especially when
used alongside other similarly popular tools like NetCat
(which can be used to manage and control network traffic)
and ZenMap (which provides a GUI for Nmap)

https://www.varonis.com/blog/nmap-commands#how-to-use 15/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

Q: How Does Nmap Work?

Nmap builds on previous network auditing tools to provide

quick, detailed scans of network traffic. It works by using IP
packets to identify the hosts and IPs active on a network
and then analyze these packets to provide information on
each host and IP, as well as the operating systems they are
running.

Q: Is Nmap Legal?

Yes. If used properly, Nmap helps protect your network

from hackers, because it allows you to quickly spot any
security vulnerabilities in your systems.

Whether port scanning on external servers is legal is

another issue. The legislation in this area is complex and
varies by territory. Using Nmap to scan external ports can
lead to you being banned by your ISP, so make sure you
research the legal implications of using the program
before you start using it more widely.

The Bottom Line

Taking the time to learn Nmap can dramatically increase
the security of your networks because the program offers a
quick, efficient way of auditing your systems. Even the
basic features offered by the program – such as the ability
to perform port scanning – quickly reveal any suspicious
devices that are active on your network.

Using Nmap to perform frequent network audits can help

you avoid becoming easy prey for hackers, whilst also
improving your knowledge of your own network. In
addition, Nmap provides functionality that complements
more fully-featured data security platforms such as that

https://www.varonis.com/blog/nmap-commands#how-to-use 16/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

offered by Varonis, and when used alongside these tools

can dramatically improve your cybersecurity.

Jeff Petters

Jeff has been working on

computers since his Dad brought
home an IBM PC 8086 with dual
disk drives. Researching and
writing about data security is his
dream job.

Keep reading

DATA SECURITY | MARCH 25, 2021 DATA SECURITY | MARCH 29, 2020
How to Use Netcat Commands: Zero-Day Vulnerability
Examples and Cheat Sheets Explained

By Jeff Petters By Jeff Petters

https://www.varonis.com/blog/nmap-commands#how-to-use 17/18
5/6/22, 6:25 AM How to Use Nmap: Commands and Tutorial Guide

English

Legal
|
Trust © 2022 Varonis

https://www.varonis.com/blog/nmap-commands#how-to-use 18/18