Beginner’s reference guide to NMAP command

Network Mapper or NMAP command open source security tool & is said to be the best port scanner. It is mainly used for auditing the network security & for penetration testing. Nmap command displays the exposed ports/services on the target system & also provide some other information like OS version etc.

One other function on Nmap is Network Discovery, hence the name “Network Mapper”. There are a number of options that can be used with Nmap command. In this tutorial, we will discuss some important Nmap commands that will help us identify the vulnerable services in the network , which can than be addressed.

(Recommended Read: NETSTAT Command: Learn to use netstat with examples)


NMAP command


Usually Nmap command is installed by default on all Linux machines but if that’s not the case than we can install it the default package manager. For example,


$ yum install nmap


$ apt-get install nmap


$ dnf install nmap


Scanning an IP/Multiple IPs

To scan a single system on our network, open terminal & execute the following command,

$ nmap

For multiple IPs, we can either mention all the IPs,

$ nmap

Or we can also mention a range,

$ nmap

For scanning a full subnet,

$ nmap

Or we can also mention a file with list of the IP addresses with options ‘iL’,

$ nmap –iL ips.txt

where ‘ips.txt’ is the file containing all the IP addresses. Similarly, we can also scan a system with it’s host name,

$ nmap


Port scanning

For scanning a single port of a machine, we can mention the port number along with option ‘p’,

$ nmap –p 22

Or for scanning a range of ports, use

$ nmap –p 100-1000

For scanning all the ports i.e. 65535 ports, run the following command,

$ nmap –p-

For scanning 100 most common ports, used option ‘F’ with nmap command,

$ nmap –F

This scan is also known as fast scan.


Ping a device (Host discovery)

To ping a device to check whether it’s up or not, we will use options ‘sP’,

$ nmap –sP

This is also known as host discovery.


TCP port scan

To perform a scan of all TCP ports, use the options ‘sT’ with nmap command,

$ nmap –sT


UDP port scan

To run the port scanning for all UDP ports, use the options ‘sU’ with nmap command,

$ nmap –sU


OS & service scan

To find out only the operating system of a system, we can use ‘O’ option,

$ nmap –O

To check the Operating system & all the services running on the system, use option ‘A’ with nmap command,

$ nmap –A


Show all host interfaces & routes

To get all the interfaces on host system & all the routes of the system, use the option ‘iflist’,

$ nmap –iflist


Scan a firewall protected system

To scan a system that has been protected by firewall, we can use the options ‘PN’ with nmap command,

$ nmap –PN


Redirecting output to a file

To redirect the output collected to a text file, use the option ‘oN’ along with the filename,

$ nmap –oN output.txt

To redirect output to an XML file, we will use options ‘-X’,

$ nmap –oX output.xml

We can also use the redirect symbols to redirect output to a file,

$ nmap > output.txt

These are only some of the functionalities that we can use with nmap & we have only touched upon the surface. Nmap command is fairly extensible & a big topic to cover in single tutorial. We will add another tutorial with advanced nmap command usage.

If you have not found the nmap command functionality that you require, you can refer to help for nmap command.

$ nmap –help

With this we end our tutorial, please feel free to send in any questions or queries using the comment box below.


If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of you hard earned money:

Linux TechLab is thankful for your continued support.


Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

1 Response

Leave a Reply

Your email address will not be published. Required fields are marked *