Nmap “Network Mapper” is a free and open source utility for network exploration and security auditing. Nmap has two basic scan types, TCP connect scanning (-sT) and TCP SYN stealth scan (-sS). TCP connect scan performs scanning by beginning a connection to the targeted host. The disadvantages of connect scan is it is very easy to detect on the system being scanned. Therefore TCP SYN was developed. TCP SYN tries to initiate a connection too, but it assumes the port is open after receiving back the SYN packet. Kepp in mind you may not detect the open ports by SYN TCP if the targeted system performs filtering on their ports.





To show a list of options type

nmap --help

If you want to do a simple scan of a machine simply type the ip address of the machine


Output will look like this

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-29 00:37 CDT
Interesting ports on
Not shown: 1693 filtered ports
20/tcp closed ftp-data
21/tcp closed ftp
23/tcp closed telnet
80/tcp open   http

Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds

If you want scan an entire network domain you would do a command like this


Displaying output on your screen is ok for quick scans but what if you want to save the output to a file. This example shows how to save output in both XML and normal output formats

XML Output

nmap -oX newscan.xml

Normal Output

nmap -oN newscan.nmap