Nmap

References

Examples of commands

Host discovery scan (basic with ping):

1
2
nmap -sn 10.0.0.0/24
nmap -sP 10.0.0.0/24

Scan all ports, TCP SYN, default script, service/version info with fast timing and output in all format:

1
sudo nmap -p- -sSCV -T4 10.0.0.1 -oA 10.0.0.1

1000 most common ports with TCP CONNECT method:

1
$ nmap -sT 192.168.0.1

OS Fingerprinting:

1
# sudo nmap -O 192.168.0.1

Aggressive scan (This enables OS detection (-O), version scanning (-sV), script scanning (-sC) and traceroute (--traceroute)):

1
$ nmap -A 192.168.0.1

Deep scan (all ports, -v to show open port directly when found)

1
$ nmap -v -p- -sT 192.168.0.1

Top 1000 ports for an UDP scan:

1
$ sudo nmap -sU --top-ports 1000 -T4 10.0.0.1 -oA 10.0.0.1_UDP -v