Nmap Network Scanning Cheatsheet

by Daniel Cornett | March 12, 2022 | Uncategorized

What is Nmap?

Nmap is a console based, free port scanning and network mapping tool originally released in 1997 by Gordon Lyon. Nmap allows a user to scan remote or local networks for open ports, connected hosts, and detect what services and versions are running on open ports. This enables ethical hackers and security professionals to conduct security audits on a network and for users to discover active devices connected to their network, including phones, computers, smart TVs, and other IoT devices.

Host Scanning

Nmap’s core functions are simple, yet powerful. Nmap’s host scan feature identifies all connected hosts and their local IP addresses on a given network. It also discovers MAC addresses (physical addresses) and makes educated guesses at device manufacturers.

To do a Nmap host scan, use the following command:

nmap -sn your_local_ip/host_bits

Example scan: nmap -sn

Nmap host scan

This is a powerful feature that enables ethical hackers to map devices on a network and it allows security professionals to spot unauthorized devices. Host scanning is also a quick way to inventory internet connected devices on a remote subnet.

Port Scanning

Another core feature provided by Nmap is the ability to do port scans and ping sweeps. An Nmap port scan identifies all open ports exposed by active hosts and attempts to discover which services are running. Port scans are enriched with version detection to identify specific service versions. Combined, these capabilities identify hosts running out of date or vulnerable services. Port scanning may also be used to identify hosts running unnecessary services consuming resources on a network.

To launch an Nmap port scan with version detection enabled, run this command:

nmap -sV -T4 ip_to_scan

Example scan: nmap -sV -T4

Nmap port scan

The -sV indicates that it will be doing a service version scan and -T4 indicates the speed to run at.

Installing and Using Nmap

To install Nmap

1: Navigate to to the Nmap download page.

2: Download the stable version specific to your computer’s operating system.

3: Run the installer file.

Now, you should have Nmap installed. For Windows users, Nmap comes bundled with the GUI version named Zenmap.

To use Nmap

1: Open a terminal or command prompt window.

2: Type nmap into the console window, this displays the syntax help for Nmap.

Nmap help page

Some useful arguments to use for Nmap are:

  • -sn This argument is used in order to specify that you are conducting a host-only scan.
  • -T[0-5] This is used to indicate the speed at which to run the scan.
  • -sV This will instruct Nmap to conduct a service version scan alongside the normal scan.
  • -p [port range] This allows a user to specify a range of ports for Nmap to scan.
  • -oA <filename> This will store the Nmap scan output in normal, XML, and grepable formats.
  • -iL <filename> This feature is for inputting a target list of hosts or network ranges.
  • -A Enables OS detection, service version detection, script scanning, and traceroute.
  • –open This feature will shows only open or possibly open ports.
  • -Pn This will skip the host discovery function and treat all hosts as online.
  • -sU This enables UDP scan.

This page is primarily for quick reference and educational purposes by the Abricto Security consultants. Abricto Security assumes no responsibility for damages caused by Nmap.