Technology has changed so much from the early days, today we have more and more connected devices. This means more of our lives are dependent on this technology, meaning the security of those devices has become that much more important. In this blog post, we are going to take a look at the Nmap command. It’s a security tool for scanning networks for hosts and services.
What Is A Port?
A port in networking helps the operating system to determine what application traffic should be sent to.
What Are Common Ports?
Many ports are officially or unofficially associated with specific services. However, that doesn’t mean you have to stick to them. To look up the post association for a port this website is rather handy, the website /etc/services will also contain associations for many services.
What Is Port Scanning?
Port scanning is the process of trying to connect to many ports to collect information about ports that are open and what services are behind those ports.
⚠️ Although it isn’t illegal in the US, scanning someone’s network without permission isn’t recommended. To avoid issues it’s recommended to get permission before scanning things that aren’t yours. ⚠️
Introduction To Nmap
Nmap stands for Network Mapper, it’s a command line tool used to scan for hosts and services. Nmap was designed to scan large networks. Since Nmap was released it has gone through many changes and even become popular enough to be mentioned in Hollywood movies.
The Nmap command outputs information about the scanned targets, this information is based on the options provided to the Nmap command. Nmap has many options, though in this post we are focusing on port scanning.
How To Install Nmap
The Nmap package should be available through your operating systems package manager, so it should be a rather easy installation. Search for the package name Nmap and install that package.
For example Ubuntu and Debian
sudo apt install nmap
For RPM systems with DNF
sudo dnf install nmap
Scanning With Nmap
Below are many port scanning examples from the default to scanning all ports.
Default Scan
nmap [IP/Domain]
This is the default port scan for Nmap.
Fast Scan
nmap -F
Scans fewer ports than the default scan.
Scan A Range Of IP Addresses
nmap 192.0.2.1-245
Scans from 192.0.2.1 to 192.0.2.245.
Scanning A Specific Port
nmap -p [port] [IP/Domain]
This command scans a specific port.
Scan Multiple Ports
nmap -p [port 1],[port 2],[port 3] [IP/Domain]
To build on the last command more than one port can be scanned by a comma.
Scanning A Range Of Ports
nmap -p [start port]-[end port] [IP/Domain]
This command scans a port range.
Scan Only TCP
nmap -sT [IP/Domain]
This only scans TCP ports.
Scan Only UDP
nmap -sU [IP/Domain]
This only scans UDP ports.
Scan only the top ports
nmap --top-ports [number of ports] [IP/Domain]
This scans the specified number of the top ports aka the most common ports.
Scan All Ports
nmap -p- [IP/Domain]
Scans from ports 1 to 65535.
Understanding Each State
Open: The port is open and there is a service listing on the port.
Closed: The port is open, but there is no service listening on the port.
Filtered: The port is not responding to the scan.
Unfiltered: Nmap cannot determine if the port is open or closed.
Open|Filtered: Nmap cannot determine if the port is open or filtered.
Closed|Filtered: Nmap cannot determine if the port is closed or filtered.
Conclusion
Nmap, like most security tools, needs to be handled with caution, because of this it’s recommended to not run scans against devices that aren’t yours without permission. In this blog post, we started by introducing background information, and moved into introducing Nmap, and how to install it on Linux. From there moved on to many example commands and what each state means. If you are looking for additional information regarding Nmap, why not check out the official Nmap guide?
Embracing a lifelong passion for technology since childhood, CJ delved into the intricate workings of systems, captivated by the desire to understand the unknown. This innate curiosity led to his discovery of Linux, a revelation that resonated deeply. With more than 7 years of on the job experience, he’s honed his technical skills as a Geek and Senior Linux Systems Administrator.
Leave a Reply