Nmap is an open source security scanner and one of the most widely used tools for network exploration, security auditing and scanning. Nmap provides lots of options that can make the utility more powerful. Nmap is used for network audit, security scans and finding open ports on a remote machine. Nmap is also used to scan a remote server or network and find out the possible vulnerable points.
Nmap is available for both command line interface and graphical user interface.
Features:
- Supports both Unix and Windows based operating system.
- Discover the live host on the network and detect open port on the host.
- Ability to find the service and its version.
- Detect the software version, hardware address and the operating system.
- Used to find out vulnerability and security holes on remote system.
In this tutorial, we will explain some useful Nmap command line tips and tricks.
Requirements
- Ubuntu-14.04 server or desktop running on your system.
Install Nmap
By default, nmap is included in the Ubuntu package management repository. You can simply install it by running the following command:
sudo apt-get install nmap
Scan a System using a Hostname and IP Address
Nmap provides various options to scan a system. Here we can find all open ports, services and MAC address on the remote system using hostname (enjayworld.com).
Run the following command to scan enjayworld.com:
sudo nmap enjayworld.com
You should see the open ports in the following output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:05 IST
Nmap scan report for enjayworld.com (109.199.126.129)
Host is up (0.24s latency).
rDNS record for 109.199.126.129: ip-109-199-126-129.siteground.com
Not shown: 982 filtered ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp closed rpcbind
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2525/tcp open ms-v-worlds
5432/tcp closed postgresql
34571/tcp closed unknown
34572/tcp closed unknown
34573/tcp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 25.46 seconds
You can also discover the remote system using IP Address:
sudo nmap 109.199.126.129
You should see the following output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:08 IST
Stats: 0:00:32 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 54.70% done; ETC: 17:09 (0:00:26 remaining)
Nmap scan report for ip-109-199-126-129.siteground.com (109.199.126.129)
Host is up (0.29s latency).
Not shown: 982 filtered ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp closed rpcbind
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
2525/tcp open ms-v-worlds
5432/tcp closed postgresql
34571/tcp closed unknown
34572/tcp closed unknown
34573/tcp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 41.61 seconds
Scan Multiple IP Address and Subnet
You can scan multiple host by just specifying their IP address as shown below:
sudo nmap 192.168.43.4 192.168.43.206
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:23 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.00010s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3000/tcp open ppp
Nmap scan report for Node1 (192.168.43.206)
Host is up (0.0043s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)
Nmap done: 2 IP addresses (2 hosts up) scanned in 5.09 seconds
You can also scan a whole subnet by running the following command:
sudo nmap 192.168.43.*
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:25 IST
Nmap scan report for 192.168.43.1
Host is up (0.0026s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
53/tcp open domain
MAC Address: 24:DA:9B:80:51:7D (Unknown)
Nmap scan report for Node1 (192.168.43.206)
Host is up (0.00065s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.000093s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3000/tcp open ppp
Nmap done: 256 IP addresses (3 hosts up) scanned in 108.53 seconds
Get Info About Remote Host Ports and OS
To gether the detailed information about remote system such as open port with OS version, run the following command:
sudo nmap -sS -P0 -sV -O 109.199.126.129
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:13 IST
Nmap scan report for ip-109-199-126-129.siteground.com (109.199.126.129)
Host is up (0.23s latency).
Not shown: 982 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
25/tcp open smtp
53/tcp open domain ISC BIND donuts
80/tcp open http nginx
81/tcp open http Apache httpd
110/tcp open pop3 Dovecot pop3d
111/tcp closed rpcbind
143/tcp open imap Dovecot imapd
443/tcp open http nginx
465/tcp open ssl/smtp
587/tcp open smtp
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
2525/tcp open smtp
5432/tcp closed postgresql
34571/tcp closed unknown
34572/tcp closed unknown
34573/tcp closed unknown
4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
Aggressive OS guesses: FreeBSD 6.2-RELEASE (90%), OpenBSD 4.0 (90%), OpenBSD 4.3 (89%), Apple AirPort Extreme WAP (88%), FreeBSD 6.3-RELEASE (87%), AVtech Room Alert 26W environmental monitor (86%), Check Point ZoneAlarm Z100G firewall (85%), Linux 2.6.36 (85%), IPFire firewall 2.11 (Linux 2.6.32) (85%), Check Point UTM-1 Edge X firewall (85%)
No exact OS matches for host (test conditions non-ideal).
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 98.19 seconds
Scan a Range of IP Addresses
You can scan range of IP address (27.109.19.11 to 27.109.19.15) by simply running the following command:
sudo nmap 27.109.19.11-15
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:31 IST
Nmap scan report for actuniv.wwhnetwork.net (27.109.19.11)
Host is up (0.39s latency).
Not shown: 965 closed ports, 26 filtered ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
49/tcp open tacacs
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
5666/tcp open nrpe
9001/tcp open tor-orport
Nmap scan report for 27.109.19.13
Host is up (0.30s latency).
Not shown: 965 closed ports, 28 filtered ports
PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
1433/tcp open ms-sql-s
9001/tcp open tor-orport
9002/tcp open dynamid
9003/tcp open unknown
Nmap scan report for 27.109.19.14
Host is up (0.38s latency).
Not shown: 985 closed ports
PORT STATE SERVICE
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
4443/tcp open pharos
5061/tcp open sip-tls
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
49161/tcp open unknown
50001/tcp open unknown
50002/tcp open iiimsf
50003/tcp open unknown
Nmap done: 5 IP addresses (3 hosts up) scanned in 242.89 seconds
Find Live hosts on a Network
You can easily discover live hosts in network by just using -sP option with nmap:
sudo nmap -sP 192.168.43.*
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:38 IST
Nmap scan report for 192.168.43.1
Host is up (0.0025s latency).
MAC Address: 24:DA:9B:80:51:7D (Unknown)
Nmap scan report for Node1 (192.168.43.206)
Host is up (-0.098s latency).
MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 15.77 seconds
Scan a List of Hosts and Networks From a File
You can scan large number of hosts and networks by specifying only input file with nmap.
First create file with name list.txt.
sudo nano list.txt
Add the following:
192.168.43.0/24
wordsworthelt.com
localhost
118.67.248.239
Save and close the file. Now scan using input file by running the following command:
sudo nmap -iL list.txt
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:46 IST
Nmap scan report for 192.168.43.1
Host is up (0.00090s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
53/tcp open domain
MAC Address: 24:DA:9B:80:51:7D (Unknown)
Nmap scan report for Node1 (192.168.43.206)
Host is up (0.00090s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
MAC Address: 08:00:27:6C:2D:A6 (Cadmus Computer Systems)
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.000069s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3000/tcp open ppp
Stats: 0:04:46 elapsed; 256 hosts completed (5 up), 2 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 70.87% done; ETC: 17:52 (0:01:10 remaining)
Stats: 0:07:41 elapsed; 256 hosts completed (5 up), 2 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 90.75% done; ETC: 17:54 (0:00:35 remaining)
Stats: 0:08:46 elapsed; 256 hosts completed (5 up), 2 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 98.34% done; ETC: 17:55 (0:00:07 remaining)
Nmap scan report for wordsworthelt.com (27.109.19.11)
Host is up (0.49s latency).
rDNS record for 27.109.19.11: actuniv.wwhnetwork.net
Not shown: 965 closed ports, 26 filtered ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
49/tcp open tacacs
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
5666/tcp open nrpe
9001/tcp open tor-orport
Nmap scan report for 118.67.248.239
Host is up (0.25s latency).
Not shown: 986 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
30/tcp open unknown
53/tcp closed domain
80/tcp open http
113/tcp closed ident
443/tcp closed https
50000/tcp closed ibm-db2
50001/tcp closed unknown
50002/tcp closed iiimsf
50003/tcp closed unknown
50006/tcp closed unknown
50300/tcp closed unknown
50389/tcp closed unknown
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000040s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
3000/tcp open ppp
Nmap done: 259 IP addresses (6 hosts up) scanned in 558.32 seconds
Scan Firewall Detection
You can easily find out if a host is protected by any packet filters or firewall by running the following command:
sudo nmap -sA 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:58 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.000063s latency).
All 1000 scanned ports on Vyom-PC (192.168.43.4) are unfiltered
Nmap done: 1 IP address (1 host up) scanned in 2.91 seconds
Scan a Firewall For Security Vulnerabilities
You can scan remote system to find out any security vulnerabilities, run the following command:
sudo nmap -sN 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 17:59 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.00015s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open|filtered ssh
80/tcp open|filtered http
139/tcp open|filtered netbios-ssn
445/tcp open|filtered microsoft-ds
3000/tcp open|filtered ppp
Nmap done: 1 IP address (1 host up) scanned in 99.31 seconds
Scan a Port
By default nmap scans only tcp ports, you can specify the port using -p option.
To scan a tcp port 80 on remote machine run the following command:
sudo nmap -p 80 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:07 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.00036s latency).
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds
To scan a udp port 68, run the following command:
sudo nmap -sU 68 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:09 IST
setup_target: failed to determine route to 68 (0.0.0.68)
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.000071s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
68/udp open|filtered dhcpc
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
631/udp open|filtered ipp
5353/udp open|filtered zeroconf
Nmap done: 1 IP address (1 host up) scanned in 4.59 seconds
To scan multiple ports such as 80 and 443 by running the following command:
sudo nmap -p 80,443 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:11 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.00020s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds
You can also scan remote hosts by port range by running the following command:
sudo nmap -p 80-140 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 18:11 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.00020s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds
Find Host Services with Version Numbers
You can find out all services running on remote hosts with version numbers by running the following command:
sudo nmap -sV 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:32 IST
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.00010s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
80/tcp open http nginx 1.4.6 (Ubuntu)
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: VYOM-PC)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: VYOM-PC)
3000/tcp open ntop-http Ntop web interface 5.0.1
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port22-TCP:V=6.40%I=7%D=9/20%Time=57E14F74%P=x86_64-pc-linux-gnu%r(NULL
SF:,2B,"SSH-2.0-OpenSSH_6.6.1p1x20Ubuntu-2ubuntu2.3rn");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.83 seconds
Display all Packets Sent and Received
You can list out all sent and received packets by running the following command:
sudo nmap --packet-trace 192.168.43.4
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:34 IST
NSOCK INFO [0.0770s] nsi_new2(): nsi_new (IOD #1)
NSOCK INFO [0.0770s] nsock_connect_udp(): UDP connection requested to 127.0.1.1:53 (IOD #1) EID 8
NSOCK INFO [0.0770s] nsock_read(): Read request from IOD #1 [127.0.1.1:53] (timeout: -1ms) EID 18
NSOCK INFO [0.0770s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [127.0.1.1:53]
NSOCK INFO [0.0770s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [127.0.1.1:53]
NSOCK INFO [0.3550s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [127.0.1.1:53] (64 bytes): 7............4.43.168.192.in-addr.arpa..................Vyom-PC.
NSOCK INFO [0.3550s] nsock_read(): Read request from IOD #1 [127.0.1.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.3550s] nsi_delete(): nsi_delete (IOD #1)
NSOCK INFO [0.3550s] msevent_cancel(): msevent_cancel on event #34 (type READ)
SENT (0.3787s) TCP 192.168.43.4:50742 > 192.168.43.4:3306 S ttl=48 id=49797 iplen=44 seq=2821161000 win=1024
SENT (0.3789s) TCP 192.168.43.4:50742 > 192.168.43.4:443 S ttl=54 id=38804 iplen=44 seq=2821161000 win=1024
SENT (0.3790s) TCP 192.168.43.4:50742 > 192.168.43.4:1723 S ttl=44 id=39561 iplen=44 seq=2821161000 win=1024
SENT (0.3792s) TCP 192.168.43.4:50742 > 192.168.43.4:80 S ttl=52 id=48505 iplen=44 seq=2821161000 win=1024
SENT (0.3793s) TCP 192.168.43.4:50742 > 192.168.43.4:23 S ttl=48 id=48741 iplen=44 seq=2821161000 win=1024
SENT (0.3794s) TCP 192.168.43.4:50742 > 192.168.43.4:995 S ttl=56 id=10028 iplen=44 seq=2821161000 win=1024
SENT (0.3796s) TCP 192.168.43.4:50742 > 192.168.43.4:587 S ttl=49 id=55790 iplen=44 seq=2821161000 win=1024
SENT (0.3797s) TCP 192.168.43.4:50742 > 192.168.43.4:143 S ttl=48 id=65087 iplen=44 seq=2821161000 win=1024
SENT (0.3799s) TCP 192.168.43.4:50742 > 192.168.43.4:3389 S ttl=39 id=1846 iplen=44 seq=2821161000 win=1024
SENT (0.3800s) TCP 192.168.43.4:50742 > 192.168.43.4:1025 S ttl=51 id=34599 iplen=44 seq=2821161000 win=1024
RCVD (0.3786s) TCP 192.168.43.4:50742 > 192.168.43.4:3306 S ttl=48 id=49797 iplen=44 seq=2821161000 win=1024
RCVD (0.3786s) TCP 192.168.43.4:3306 > 192.168.43.4:50742 RA ttl=64 id=12183 iplen=40 seq=0 win=0
RCVD (0.3788s) TCP 192.168.43.4:50742 > 192.168.43.4:443 S ttl=54 id=38804 iplen=44 seq=2821161000 win=1024
RCVD (0.3788s) TCP 192.168.43.4:443 > 192.168.43.4:50742 RA ttl=64 id=12184 iplen=40 seq=0 win=0
RCVD (0.3789s) TCP 192.168.43.4:50742 > 192.168.43.4:1723 S ttl=44 id=39561 iplen=44 seq=2821161000 win=1024
RCVD (0.3790s) TCP 192.168.43.4:1723 > 192.168.43.4:50742 RA ttl=64 id=12185 iplen=40 seq=0 win=0
RCVD (0.3791s) TCP 192.168.43.4:50742 > 192.168.43.4:80 S ttl=52 id=48505 iplen=44 seq=2821161000 win=1024
RCVD (0.3791s) TCP 192.168.43.4:80 > 192.168.43.4:50742 SA ttl=64 id=0 iplen=44 seq=3532002765 win=43690
RCVD (0.3792s) TCP 192.168.43.4:50742 > 192.168.43.4:80 R ttl=64 id=12186 iplen=40 seq=2821161001 win=0
RCVD (0.3793s) TCP 192.168.43.4:50742 > 192.168.43.4:23 S ttl=48 id=48741 iplen=44 seq=2821161000 win=1024
RCVD (0.3793s) TCP 192.168.43.4:23 > 192.168.43.4:50742 RA ttl=64 id=12187 iplen=40 seq=0 win=0
Display Host Interfaces with Routes
You can list out host interfaces and routes by running the following command:
sudo nmap --iflist
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:36 IST
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
br-7b9ff245c3a0 (br-7b9ff245c3a0) 172.18.0.1/16 ethernet up 1500 02:42:4C:A8:FF:D8
lo (lo) 127.0.0.1/8 loopback up 65536
lo (lo) ::1/128 loopback up 65536
lxcbr0 (lxcbr0) 10.0.3.1/24 ethernet up 1500 FE:DE:FD:5A:09:9C
lxcbr0 (lxcbr0) fe80::2c80:1dff:fef3:9b3a/64 ethernet up 1500 FE:DE:FD:5A:09:9C
vethA0BWV3 (vethA0BWV3) (null)/0 ethernet up 1500 FE:DE:FD:5A:09:9C
vethA0BWV3 (vethA0BWV3) fe80::fcde:fdff:fe5a:99c/64 ethernet up 1500 FE:DE:FD:5A:09:9C
wlan0 (wlan0) 192.168.43.4/24 ethernet up 1500 4C:BB:58:9C:F5:55
wlan0 (wlan0) fe80::4ebb:58ff:fe9c:f555/64 ethernet up 1500 4C:BB:58:9C:F5:55
docker0 (docker0) 172.17.0.2/16 ethernet up 1500 02:42:A9:84:04:7F
**************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
10.0.3.0/24 lxcbr0 0
192.168.43.0/24 wlan0 9
172.17.0.0/16 docker0 0
172.18.0.0/16 br-7b9ff245c3a0 0
0.0.0.0/0 wlan0 0 192.168.43.1
::1/128 lo 0
fe80::2c80:1dff:fef3:9b3a/128 lo 0
fe80::4ebb:58ff:fe9c:f555/128 lo 0
fe80::fcde:fdff:fe5a:99c/128 lo 0
fe80::/64 lxcbr0 256
fe80::/64 vethA0BWV3 256
fe80::/64 wlan0 256
ff00::/8 lxcbr0 256
ff00::/8 vethA0BWV3 256
ff00::/8 wlan0 256
Exclude Specific IPs from Nmap Scan
You can exclude number of hosts while scanning whole network by running the following command:
sudo nmap 192.168.43.* --exclude 192.168.43.100
Output:
Starting Nmap 6.40 ( http://nmap.org ) at 2016-09-20 20:55 IST
Nmap scan report for 192.168.43.1
Host is up (0.0075s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
53/tcp open domain
MAC Address: 24:DA:9B:80:51:7D (Unknown)
Nmap scan report for Vyom-PC (192.168.43.4)
Host is up (0.000062s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3000/tcp open ppp
Nmap done: 255 IP addresses (2 hosts up) scanned in 23.64 seconds
Find Nmap Version
You can easily discover nmap version by running the following command:
sudo nmap -V
Output:
Nmap version 6.40 ( http://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.2.3 openssl-1.0.1f libpcre-8.31 libpcap-1.5.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
Conclusion
Testing your servers firewall and finding out vulnerabilities is a very difficult task for evey system administrator. Nmap is one of the most useful and powerful tools to improve the system security.
Share this Article!
