ManagedCloud Servers

High performance handled and monitored by us 24/7/365. A complete solution to provide you with our in house expertise 24/7 tailored to your specific needs. We'll setup a bespoke server for your site using the latest tehnologies so you can get the most out of your hardware and get your website loading quickly and reliably. Find out more..

cPanelCloud Servers

Recommended - High performance cloud servers with no technical knowledge required. If you're hosting multiple websites already and you're looking to consolidate, or if you're looking to isolate yourself from the shared hosting environment but you don't have the time or knoweldge to manage a server, then the Managed cPanel Servers are for you. Find out more..

UnmanagedCloud Servers

Our unmanaged range gives you complete control at rock bottom prices and our cloud platform boasts super fast multipath 40Gb/s network, the latest Intel Xeon V3 CPUs and enterprise grade redundant SSDs. If you're a sysadmin look no further, we offer some of the best specification to price ratio servers available. Find out more..

Need Web Hosting? Try ours, it's fast, reliable and feature loaded with support you can depend on. From £1.60 / month.

View Plans

Nmap Command Line Tips and Tricks

Nmap is an open source security scanner and one of the most widely used tools for network exploration, security auditing and scanning. Nmap provides lots of options that can make the utility more powerful. Nmap is used for network audit, security scans and finding open ports on a remote machine. Nmap is also used to scan a remote server or network and find out the possible vulnerable points.

Nmap is available for both command line interface and graphical user interface.

Features:

  • Supports both Unix and Windows based operating system.
  • Discover the live host on the network and detect open port on the host.
  • Ability to find the service and its version.
  • Detect the software version, hardware address and the operating system.
  • Used to find out vulnerability and security holes on remote system.

In this tutorial, we will explain some useful Nmap command line tips and tricks.

Requirements

  • Ubuntu-14.04 server or desktop running on your system.

Install Nmap

By default, nmap is included in the Ubuntu package management repository. You can simply install it by running the following command:

sudo apt-get install nmap

Scan a System using a Hostname and IP Address

Nmap provides various options to scan a system. Here we can find all open ports, services and MAC address on the remote system using hostname (enjayworld.com).

Run the following command to scan enjayworld.com:

sudo nmap enjayworld.com

You should see the open ports in the following output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:05 IST
    Nmap scan report for enjayworld.com (109.199.126.129)
    Host is up (0.24s latency).
    rDNS record for 109.199.126.129: ip-109-199-126-129.siteground.com
    Not shown: 982 filtered ports
    PORT      STATE  SERVICE
    21/tcp    open   ftp
    25/tcp    open   smtp
    53/tcp    open   domain
    80/tcp    open   http
    81/tcp    open   hosts2-ns
    110/tcp   open   pop3
    111/tcp   closed rpcbind
    143/tcp   open   imap
    443/tcp   open   https
    465/tcp   open   smtps
    587/tcp   open   submission
    993/tcp   open   imaps
    995/tcp   open   pop3s
    2525/tcp  open   ms-v-worlds
    5432/tcp  closed postgresql
    34571/tcp closed unknown
    34572/tcp closed unknown
    34573/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 25.46 seconds

You can also discover the remote system using IP Address:

sudo nmap 109.199.126.129

You should see the following output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:08 IST
    Stats: 0:00:32 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
    SYN Stealth Scan Timing: About 54.70% done; ETC: 17:09 (0:00:26 remaining)
    Nmap scan report for ip-109-199-126-129.siteground.com (109.199.126.129)
    Host is up (0.29s latency).
    Not shown: 982 filtered ports
    PORT      STATE  SERVICE
    21/tcp    open   ftp
    25/tcp    open   smtp
    53/tcp    open   domain
    80/tcp    open   http
    81/tcp    open   hosts2-ns
    110/tcp   open   pop3
    111/tcp   closed rpcbind
    143/tcp   open   imap
    443/tcp   open   https
    465/tcp   open   smtps
    587/tcp   open   submission
    993/tcp   open   imaps
    995/tcp   open   pop3s
    2525/tcp  open   ms-v-worlds
    5432/tcp  closed postgresql
    34571/tcp closed unknown
    34572/tcp closed unknown
    34573/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 41.61 seconds

Scan Multiple IP Address and Subnet

You can scan multiple host by just specifying their IP address as shown below:

sudo nmap 192.168.43.4 192.168.43.206

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:23 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.00010s latency).
    Not shown: 995 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    80/tcp   open  http
    139/tcp  open  netbios-ssn
    445/tcp  open  microsoft-ds
    3000/tcp open  ppp

Nmap scan report for Node1 (192.168.43.206) Host is up (0.0043s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)

Nmap done: 2 IP addresses (2 hosts up) scanned in 5.09 seconds

You can also scan a whole subnet by running the following command:

sudo nmap 192.168.43.*

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:25 IST
    Nmap scan report for 192.168.43.1
    Host is up (0.0026s latency).
    Not shown: 999 closed ports
    PORT   STATE SERVICE
    53/tcp open  domain
    MAC Address: 24:DA:9B:80:51:7D (Unknown)

Nmap scan report for Node1 (192.168.43.206) Host is up (0.00065s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)

Nmap scan report for Vyom-PC (192.168.43.4) Host is up (0.000093s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3000/tcp open ppp

Nmap done: 256 IP addresses (3 hosts up) scanned in 108.53 seconds

Get Info About Remote Host Ports and OS

To gether the detailed information about remote system such as open port with OS version, run the following command:

sudo nmap -sS -P0 -sV -O 109.199.126.129

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:13 IST
    Nmap scan report for ip-109-199-126-129.siteground.com (109.199.126.129)
    Host is up (0.23s latency).
    Not shown: 982 filtered ports
    PORT      STATE  SERVICE    VERSION
    21/tcp    open   ftp        Pure-FTPd
    25/tcp    open   smtp
    53/tcp    open   domain     ISC BIND donuts
    80/tcp    open   http       nginx
    81/tcp    open   http       Apache httpd
    110/tcp   open   pop3       Dovecot pop3d
    111/tcp   closed rpcbind
    143/tcp   open   imap       Dovecot imapd
    443/tcp   open   http       nginx
    465/tcp   open   ssl/smtp
    587/tcp   open   smtp
    993/tcp   open   ssl/imap   Dovecot imapd
    995/tcp   open   ssl/pop3   Dovecot pop3d
    2525/tcp  open   smtp
    5432/tcp  closed postgresql
    34571/tcp closed unknown
    34572/tcp closed unknown
    34573/tcp closed unknown
    4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

Aggressive OS guesses: FreeBSD 6.2-RELEASE (90%), OpenBSD 4.0 (90%), OpenBSD 4.3 (89%), Apple AirPort Extreme WAP (88%), FreeBSD 6.3-RELEASE (87%), AVtech Room Alert 26W environmental monitor (86%), Check Point ZoneAlarm Z100G firewall (85%), Linux 2.6.36 (85%), IPFire firewall 2.11 (Linux 2.6.32) (85%), Check Point UTM-1 Edge X firewall (85%) No exact OS matches for host (test conditions non-ideal).

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 98.19 seconds

Scan a Range of IP Addresses

You can scan range of IP address (27.109.19.11 to 27.109.19.15) by simply running the following command:

sudo nmap 27.109.19.11-15

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:31 IST
    Nmap scan report for actuniv.wwhnetwork.net (27.109.19.11)
    Host is up (0.39s latency).
    Not shown: 965 closed ports, 26 filtered ports
    PORT     STATE SERVICE
    21/tcp   open  ftp
    25/tcp   open  smtp
    49/tcp   open  tacacs
    53/tcp   open  domain
    80/tcp   open  http
    110/tcp  open  pop3
    143/tcp  open  imap
    5666/tcp open  nrpe
    9001/tcp open  tor-orport

Nmap scan report for 27.109.19.13 Host is up (0.30s latency). Not shown: 965 closed ports, 28 filtered ports PORT STATE SERVICE 21/tcp open ftp 53/tcp open domain 80/tcp open http 1433/tcp open ms-sql-s 9001/tcp open tor-orport 9002/tcp open dynamid 9003/tcp open unknown

Nmap scan report for 27.109.19.14 Host is up (0.38s latency). Not shown: 985 closed ports PORT STATE SERVICE 139/tcp filtered netbios-ssn 443/tcp open https 445/tcp filtered microsoft-ds 4443/tcp open pharos 5061/tcp open sip-tls 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49156/tcp open unknown 49157/tcp open unknown 49161/tcp open unknown 50001/tcp open unknown 50002/tcp open iiimsf 50003/tcp open unknown

Nmap done: 5 IP addresses (3 hosts up) scanned in 242.89 seconds

Find Live hosts on a Network

You can easily discover live hosts in network by just using -sP option with nmap:

sudo nmap -sP 192.168.43.*

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:38 IST
    Nmap scan report for 192.168.43.1
    Host is up (0.0025s latency).
    MAC Address: 24:DA:9B:80:51:7D (Unknown)
    Nmap scan report for Node1 (192.168.43.206)
    Host is up (-0.098s latency).
    MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up.
    Nmap done: 256 IP addresses (3 hosts up) scanned in 15.77 seconds

Scan a List of Hosts and Networks From a File

You can scan large number of hosts and networks by specifying only input file with nmap. First create file with name list.txt.

sudo nano list.txt

Add the following:

    192.168.43.0/24
    wordsworthelt.com
    localhost
    118.67.248.239

Save and close the file. Now scan using input file by running the following command:

sudo nmap -iL list.txt

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:46 IST
    Nmap scan report for 192.168.43.1
    Host is up (0.00090s latency).
    Not shown: 999 closed ports
    PORT   STATE SERVICE
    53/tcp open  domain
    MAC Address: 24:DA:9B:80:51:7D (Unknown)

Nmap scan report for Node1 (192.168.43.206) Host is up (0.00090s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)

Nmap scan report for Vyom-PC (192.168.43.4) Host is up (0.000069s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3000/tcp open ppp

Stats: 0:04:46 elapsed; 256 hosts completed (5 up), 2 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 70.87% done; ETC: 17:52 (0:01:10 remaining) Stats: 0:07:41 elapsed; 256 hosts completed (5 up), 2 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 90.75% done; ETC: 17:54 (0:00:35 remaining) Stats: 0:08:46 elapsed; 256 hosts completed (5 up), 2 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 98.34% done; ETC: 17:55 (0:00:07 remaining) Nmap scan report for wordsworthelt.com (27.109.19.11) Host is up (0.49s latency). rDNS record for 27.109.19.11: actuniv.wwhnetwork.net Not shown: 965 closed ports, 26 filtered ports PORT STATE SERVICE 21/tcp open ftp 25/tcp open smtp 49/tcp open tacacs 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 5666/tcp open nrpe 9001/tcp open tor-orport

Nmap scan report for 118.67.248.239 Host is up (0.25s latency). Not shown: 986 filtered ports PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp open ftp 30/tcp open unknown 53/tcp closed domain 80/tcp open http 113/tcp closed ident 443/tcp closed https 50000/tcp closed ibm-db2 50001/tcp closed unknown 50002/tcp closed iiimsf 50003/tcp closed unknown 50006/tcp closed unknown 50300/tcp closed unknown 50389/tcp closed unknown

Nmap scan report for localhost (127.0.0.1) Host is up (0.000040s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 3000/tcp open ppp

Nmap done: 259 IP addresses (6 hosts up) scanned in 558.32 seconds

Scan Firewall Detection

You can easily find out if a host is protected by any packet filters or firewall by running the following command:

sudo nmap -sA 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:58 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.000063s latency).
    All 1000 scanned ports on Vyom-PC (192.168.43.4) are unfiltered

Nmap done: 1 IP address (1 host up) scanned in 2.91 seconds

Scan a Firewall For Security Vulnerabilities

You can scan remote system to find out any security vulnerabilities, run the following command:

sudo nmap -sN 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:59 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.00015s latency).
    Not shown: 995 closed ports
    PORT     STATE         SERVICE
    22/tcp   open|filtered ssh
    80/tcp   open|filtered http
    139/tcp  open|filtered netbios-ssn
    445/tcp  open|filtered microsoft-ds
    3000/tcp open|filtered ppp

Nmap done: 1 IP address (1 host up) scanned in 99.31 seconds

Scan a Port

By default nmap scans only tcp ports, you can specify the port using -p option.

To scan a tcp port 80 on remote machine run the following command:

sudo nmap -p 80 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:07 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.00036s latency).
    PORT   STATE SERVICE
    80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds

To scan a udp port 68, run the following command:

sudo nmap -sU 68 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:09 IST
    setup_target: failed to determine route to 68 (0.0.0.68)
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.000071s latency).
    Not shown: 995 closed ports
    PORT     STATE         SERVICE
    68/udp   open|filtered dhcpc
    137/udp  open          netbios-ns
    138/udp  open|filtered netbios-dgm
    631/udp  open|filtered ipp
    5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 4.59 seconds

To scan multiple ports such as 80 and 443 by running the following command:

sudo nmap -p 80,443 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:11 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.00020s latency).
    PORT    STATE  SERVICE
    80/tcp  open   http
    443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds

You can also scan remote hosts by port range by running the following command:

sudo nmap -p 80-140 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:11 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.00020s latency).
    PORT    STATE  SERVICE
    80/tcp  open   http
    443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds

Find Host Services with Version Numbers

You can find out all services running on remote hosts with version numbers by running the following command:

sudo nmap -sV 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:32 IST
    Nmap scan report for Vyom-PC (192.168.43.4)
    Host is up (0.00010s latency).
    Not shown: 995 closed ports
    PORT     STATE SERVICE     VERSION
    22/tcp   open  ssh         (protocol 2.0)
    80/tcp   open  http        nginx 1.4.6 (Ubuntu)
    139/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: VYOM-PC)
    445/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: VYOM-PC)
    3000/tcp open  ntop-http   Ntop web interface 5.0.1
    1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
    SF-Port22-TCP:V=6.40%I=7%D=9/20%Time=57E14F74%P=x86_64-pc-linux-gnu%r(NULL
    SF:,2B,"SSH-2.0-OpenSSH_6.6.1p1x20Ubuntu-2ubuntu2.3rn");
    Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.83 seconds

Display all Packets Sent and Received

You can list out all sent and received packets by running the following command:

sudo nmap --packet-trace 192.168.43.4

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:34 IST
    NSOCK INFO [0.0770s] nsi_new2(): nsi_new (IOD #1)
    NSOCK INFO [0.0770s] nsock_connect_udp(): UDP connection requested to 127.0.1.1:53 (IOD #1) EID 8
    NSOCK INFO [0.0770s] nsock_read(): Read request from IOD #1 [127.0.1.1:53] (timeout: -1ms) EID 18
    NSOCK INFO [0.0770s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [127.0.1.1:53]
    NSOCK INFO [0.0770s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [127.0.1.1:53]
    NSOCK INFO [0.3550s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [127.0.1.1:53] (64 bytes): 7............4.43.168.192.in-addr.arpa..................Vyom-PC.
    NSOCK INFO [0.3550s] nsock_read(): Read request from IOD #1 [127.0.1.1:53] (timeout: -1ms) EID 34
    NSOCK INFO [0.3550s] nsi_delete(): nsi_delete (IOD #1)
    NSOCK INFO [0.3550s] msevent_cancel(): msevent_cancel on event #34 (type READ)
    SENT (0.3787s) TCP 192.168.43.4:50742 > 192.168.43.4:3306 S ttl=48 id=49797 iplen=44  seq=2821161000 win=1024 
    SENT (0.3789s) TCP 192.168.43.4:50742 > 192.168.43.4:443 S ttl=54 id=38804 iplen=44  seq=2821161000 win=1024 
    SENT (0.3790s) TCP 192.168.43.4:50742 > 192.168.43.4:1723 S ttl=44 id=39561 iplen=44  seq=2821161000 win=1024 
    SENT (0.3792s) TCP 192.168.43.4:50742 > 192.168.43.4:80 S ttl=52 id=48505 iplen=44  seq=2821161000 win=1024 
    SENT (0.3793s) TCP 192.168.43.4:50742 > 192.168.43.4:23 S ttl=48 id=48741 iplen=44  seq=2821161000 win=1024 
    SENT (0.3794s) TCP 192.168.43.4:50742 > 192.168.43.4:995 S ttl=56 id=10028 iplen=44  seq=2821161000 win=1024 
    SENT (0.3796s) TCP 192.168.43.4:50742 > 192.168.43.4:587 S ttl=49 id=55790 iplen=44  seq=2821161000 win=1024 
    SENT (0.3797s) TCP 192.168.43.4:50742 > 192.168.43.4:143 S ttl=48 id=65087 iplen=44  seq=2821161000 win=1024 
    SENT (0.3799s) TCP 192.168.43.4:50742 > 192.168.43.4:3389 S ttl=39 id=1846 iplen=44  seq=2821161000 win=1024 
    SENT (0.3800s) TCP 192.168.43.4:50742 > 192.168.43.4:1025 S ttl=51 id=34599 iplen=44  seq=2821161000 win=1024 
    RCVD (0.3786s) TCP 192.168.43.4:50742 > 192.168.43.4:3306 S ttl=48 id=49797 iplen=44  seq=2821161000 win=1024 
    RCVD (0.3786s) TCP 192.168.43.4:3306 > 192.168.43.4:50742 RA ttl=64 id=12183 iplen=40  seq=0 win=0 
    RCVD (0.3788s) TCP 192.168.43.4:50742 > 192.168.43.4:443 S ttl=54 id=38804 iplen=44  seq=2821161000 win=1024 
    RCVD (0.3788s) TCP 192.168.43.4:443 > 192.168.43.4:50742 RA ttl=64 id=12184 iplen=40  seq=0 win=0 
    RCVD (0.3789s) TCP 192.168.43.4:50742 > 192.168.43.4:1723 S ttl=44 id=39561 iplen=44  seq=2821161000 win=1024 
    RCVD (0.3790s) TCP 192.168.43.4:1723 > 192.168.43.4:50742 RA ttl=64 id=12185 iplen=40  seq=0 win=0 
    RCVD (0.3791s) TCP 192.168.43.4:50742 > 192.168.43.4:80 S ttl=52 id=48505 iplen=44  seq=2821161000 win=1024 
    RCVD (0.3791s) TCP 192.168.43.4:80 > 192.168.43.4:50742 SA ttl=64 id=0 iplen=44  seq=3532002765 win=43690 
    RCVD (0.3792s) TCP 192.168.43.4:50742 > 192.168.43.4:80 R ttl=64 id=12186 iplen=40  seq=2821161001 win=0 
    RCVD (0.3793s) TCP 192.168.43.4:50742 > 192.168.43.4:23 S ttl=48 id=48741 iplen=44  seq=2821161000 win=1024 
    RCVD (0.3793s) TCP 192.168.43.4:23 > 192.168.43.4:50742 RA ttl=64 id=12187 iplen=40  seq=0 win=0 

Display Host Interfaces with Routes

You can list out host interfaces and routes by running the following command:

sudo nmap --iflist

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:36 IST
    ************************INTERFACES************************
    DEV             (SHORT)           IP/MASK                      TYPE     UP MTU   MAC
    br-7b9ff245c3a0 (br-7b9ff245c3a0) 172.18.0.1/16                ethernet up 1500  02:42:4C:A8:FF:D8
    lo              (lo)              127.0.0.1/8                  loopback up 65536
    lo              (lo)              ::1/128                      loopback up 65536
    lxcbr0          (lxcbr0)          10.0.3.1/24                  ethernet up 1500  FE:DE:FD:5A:09:9C
    lxcbr0          (lxcbr0)          fe80::2c80:1dff:fef3:9b3a/64 ethernet up 1500  FE:DE:FD:5A:09:9C
    vethA0BWV3      (vethA0BWV3)      (null)/0                     ethernet up 1500  FE:DE:FD:5A:09:9C
    vethA0BWV3      (vethA0BWV3)      fe80::fcde:fdff:fe5a:99c/64  ethernet up 1500  FE:DE:FD:5A:09:9C
    wlan0           (wlan0)           192.168.43.4/24              ethernet up 1500  4C:BB:58:9C:F5:55
    wlan0           (wlan0)           fe80::4ebb:58ff:fe9c:f555/64 ethernet up 1500  4C:BB:58:9C:F5:55
    docker0         (docker0)         172.17.0.2/16                ethernet up 1500  02:42:A9:84:04:7F

**************************ROUTES************************** DST/MASK DEV METRIC GATEWAY 10.0.3.0/24 lxcbr0 0 192.168.43.0/24 wlan0 9 172.17.0.0/16 docker0 0 172.18.0.0/16 br-7b9ff245c3a0 0 0.0.0.0/0 wlan0 0 192.168.43.1 ::1/128 lo 0 fe80::2c80:1dff:fef3:9b3a/128 lo 0 fe80::4ebb:58ff:fe9c:f555/128 lo 0 fe80::fcde:fdff:fe5a:99c/128 lo 0 fe80::/64 lxcbr0 256 fe80::/64 vethA0BWV3 256 fe80::/64 wlan0 256 ff00::/8 lxcbr0 256 ff00::/8 vethA0BWV3 256 ff00::/8 wlan0 256

Exclude Specific IPs from Nmap Scan

You can exclude number of hosts while scanning whole network by running the following command:

sudo nmap 192.168.43.* --exclude 192.168.43.100

Output:

    Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:55 IST
    Nmap scan report for 192.168.43.1
    Host is up (0.0075s latency).
    Not shown: 999 closed ports
    PORT   STATE SERVICE
    53/tcp open  domain
    MAC Address: 24:DA:9B:80:51:7D (Unknown)

Nmap scan report for Vyom-PC (192.168.43.4) Host is up (0.000062s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3000/tcp open ppp

Nmap done: 255 IP addresses (2 hosts up) scanned in 23.64 seconds

Find Nmap Version

You can easily discover nmap version by running the following command:

sudo nmap -V

Output:

    Nmap version 6.40 ( http://nmap.org )
    Platform: x86_64-pc-linux-gnu
    Compiled with: liblua-5.2.3 openssl-1.0.1f libpcre-8.31 libpcap-1.5.3 nmap-libdnet-1.12 ipv6
    Compiled without:
    Available nsock engines: epoll poll select

Conclusion

Testing your servers firewall and finding out vulnerabilities is a very difficult task for evey system administrator. Nmap is one of the most useful and powerful tools to improve the system security.

Need Web Hosting? Try ours, it's fast, reliable and feature loaded with support you can depend on. From £1.60 / month.

View Plans