Wednesday, 24 September 2014

Network Discovery using NMAP

Network Discovery using NMAP

Nmap is a network scanning and host detection tool that is very useful during several steps of penetration testing. It can be used for following purposes:

1. Detect the live host on the network.

2. Detect the open ports on the host.

3. Detect the software and the version to the respective port.

4. Detect the operating system, MAC address, software version etc.

Below are some commands to demonstrate the use of the NMAP.

# nmap ip/hostname

# nmap

The above command will show the information about the given host.

We can also specify the whole subnet for this purpose.

# nmap


# nmap

We can also specify the range of IP address,

# nmap

We can also refer the hosts from a list of IPs.

# nmap –iL hosts.txt


#nmap –sL hosts.txt

We can also use - - exclude option,

# nmap –sL – exclude

We can specify the port number to scan them manually.

# nmap –p80,443,22

# nmap –sT

The above command can be used to check the open ports, the command will connect to every open port on the target machine and lists the open ports.

# nmap –sS

The above command is used to check open ports again, however the difference is that the T option will establish a real connection but S option will not make a full TCP connection to target machine. This type of scanning is logged to very less extent.

# nmap –sP

This is a simple ping scan to the complete network.

# nmap –PT80

This is an example for TCP ping scan.


  1. Thanks Sahil....We can easily fine the network details using nmap in linux server.
    But we can also use a command to find IP and MAC address of live hosts in our network.
    #arp -a

  2. ARP stands for address resolution protocol, So it only deals with IP and MAC address resolution. We have better options to do with NMAP, I think. :-)