From LQWiki
Jump to: navigation, search

Nmap ("Network Mapper") is a well-known utility for network exploration or security auditing. It is distributed under the GPL. It can rapidly scan a large network using raw IP packets "in novel ways" to give feedback about which hosts are active, which OS they are running, which ports/services are open and awaiting connections, etc..


Some options require root-privileges.

  • Here's a pretty thorough scan recipe:
nmap -T Aggressive -P0 -sT -p 1-65535 <insert host IP here>
  • Sometimes a host appears down, so the scanning is not done. This can be a problem. To avoid it, use the option -P0. For more information, see the man page.
  • There is also nmapfe, which is a GUI frontend for nmap


  • This command will scan your system for open ports
nmap localhost
  • This command will see if the default svn port (6963) is open on your system:
nmap localhost -p 6963
  • This command will print a list of common options
nmap -h


  • Why don't I see a port for ping even though the computer answers on ping requests?
The protocols shown by nmap are protocols based on TCP or UDP, while ping's icmp protocol is based on IP.

See also