Nmap – Network Discovery and Security Auditing Tool
What is Nmap?
Nmap (Network Mapper) is a free and open-source utility for network discovery and security auditing. Created by Gordon Lyon (Fyodor) in 1997, Nmap has evolved into one of the most trusted and widely used security tools, employed by network administrators and security professionals worldwide.
📑 Table of Contents
- What is Nmap?
- Key Features
- Legal Considerations
- System Requirements
- Installation Guide
- Ubuntu/Debian
- CentOS/RHEL/Fedora
- Arch Linux
- macOS (Homebrew)
- From Source
- Basic Scan Types
- Host Discovery
- Port Scanning
- Service and Version Detection
- Nmap Scripting Engine (NSE)
- Output Options
- Common Use Cases
- Timing and Performance
- Zenmap – GUI for Nmap
- Download
Originally designed for rapidly scanning large networks, Nmap uses raw IP packets to determine available hosts, services, operating systems, firewall configurations, and numerous other characteristics that make it indispensable for security assessments.
Key Features
- Host discovery: Identify live hosts on a network using various probing techniques
- Port scanning: Enumerate open ports on target hosts with multiple scan types
- Service detection: Determine application names and versions running on open ports
- OS detection: Identify operating systems and hardware characteristics
- Scriptable interaction: Nmap Scripting Engine (NSE) for advanced tasks
- Output formats: Normal, XML, grepable, and script kiddie output
- IPv6 support: Full support for IPv6 network scanning
- Cross-platform: Runs on Linux, Windows, macOS, and BSD
Legal Considerations
Important: Only scan networks and systems you own or have explicit written permission to test. Unauthorized scanning may violate computer crime laws in many jurisdictions.
System Requirements
- Any modern operating system (Linux, Windows, macOS, BSD)
- Root/administrator privileges for some scan types
- libpcap (Linux/macOS) or Npcap (Windows)
- Minimal RAM and CPU requirements
Installation Guide
debian">Ubuntu/Debian
sudo apt update
sudo apt install nmaprhel-fedora">CentOS/RHEL/Fedora
sudo dnf install nmapArch Linux
sudo pacman -S nmapmacOS (Homebrew)
brew install nmapFrom Source
wget https://nmap.org/dist/nmap-7.94.tar.bz2
tar xvf nmap-7.94.tar.bz2
cd nmap-7.94
./configure
make
sudo make installBasic Scan Types
Host Discovery
# Ping scan - discover live hosts
nmap -sn 192.168.1.0/24
# ARP scan for local network
nmap -PR 192.168.1.0/24
# Skip host discovery, scan all targets
nmap -Pn 192.168.1.1Port Scanning
# TCP SYN scan (default, requires root)
sudo nmap -sS 192.168.1.1
# TCP connect scan
nmap -sT 192.168.1.1
# UDP scan
sudo nmap -sU 192.168.1.1
# Scan specific ports
nmap -p 22,80,443 192.168.1.1
# Scan all 65535 ports
nmap -p- 192.168.1.1
# Scan top 1000 ports (default)
nmap --top-ports 1000 192.168.1.1Service and Version Detection
# Detect service versions
nmap -sV 192.168.1.1
# Aggressive version detection
nmap -sV --version-intensity 5 192.168.1.1
# OS detection
sudo nmap -O 192.168.1.1
# Comprehensive scan
sudo nmap -A 192.168.1.1Nmap Scripting Engine (NSE)
# Run default scripts
nmap -sC 192.168.1.1
# Run specific script category
nmap --script vuln 192.168.1.1
# Run specific script
nmap --script http-title 192.168.1.1
# List available scripts
ls /usr/share/nmap/scripts/
# Script categories available:
# auth, broadcast, brute, default, discovery,
# dos, exploit, external, fuzzer, intrusive,
# malware, safe, version, vulnOutput Options
# Save in all formats
nmap -oA scan_results 192.168.1.1
# Normal output
nmap -oN output.txt 192.168.1.1
# XML output
nmap -oX output.xml 192.168.1.1
# Grepable output
nmap -oG output.gnmap 192.168.1.1Common Use Cases
- Network inventory: Discover all devices on your network
- Security auditing: Find open ports and potential vulnerabilities
- Firewall testing: Verify firewall rules are working correctly
- Compliance checking: Ensure systems meet security requirements
- Troubleshooting: Diagnose network connectivity issues
Timing and Performance
# Timing templates (T0-T5)
nmap -T4 192.168.1.1 # Aggressive timing
# T0: Paranoid (very slow)
# T1: Sneaky
# T2: Polite
# T3: Normal (default)
# T4: Aggressive
# T5: Insane (may miss results)Zenmap – GUI for Nmap
Zenmap is the official graphical user interface for Nmap, providing an easier way to run scans and visualize results with network topology maps.
Download
Nmap is released under a custom open-source license. Download the latest version:
Latest Version: 7.94
License: Nmap Public Source License
Developer: Gordon Lyon (Fyodor)
Was this article helpful?
About Ramesh Sundararamaiah
Red Hat Certified Architect
Expert in Linux system administration, DevOps automation, and cloud infrastructure. Specializing in Red Hat Enterprise Linux, CentOS, Ubuntu, Docker, Ansible, and enterprise IT solutions.