Nmap Commands Explained: Essential Scans for Beginners

Leave a Comment / Tech Innovations
Nmap command line showing network scan results for IP range

Introduction

Nmap (Network Mapper) is one of the most powerful open-source tools for network discovery and security auditing. Whether you’re a beginner or an experienced ethical hacker, learning how to use Nmap effectively can help you identify open ports, detect services, and discover vulnerabilities on a network.

In this guide, we’ll go over the most common Nmap commands and explain what each one does — with clear examples you can try yourself.

What Is Nmap and Why Is It Useful?

Nmap is a free and open-source utility used for network scanning, host discovery, and security assessment. It helps administrators and penetration testers:

  • Detect live hosts in a network

  • Identify open ports and services

  • Discover operating systems and software versions

  • Map the structure of a network

You can view all available options using:

nmap --help

Or read the manual with:

man nmap

1. Run a Basic Nmap Scan

The simplest Nmap scan checks for active hosts and open ports on a target system.

Command:

nmap IP_address

Example:

nmap 192.168.0.2

This scan provides basic information about which ports are open on the target machine.

🧭 Tip: You can replace the IP with a domain name to scan websites as well.

2. Scan an Entire IP Range

To scan multiple hosts at once, use the CIDR notation (/24) to specify a network range.

Command:

nmap IP_address/24

Example:

nmap 192.168.0.2/24

This checks all devices on the local subnet.

3. Perform a TCP SYN Scan

A TCP SYN scan (also called a “half-open” scan) is one of the fastest and most common methods for identifying open ports.

Command:

nmap -sS IP_address

Example:

nmap -sS 192.168.0.2

This scan is stealthy and effective — often used in penetration testing to avoid detection by firewalls.

4. Detect the Target’s Operating System

Nmap can also guess the target system’s OS based on network responses.

Command:

nmap -O IP_address

Example:

nmap -O 192.168.0.2

Use this to learn whether a host is running Windows, Linux, or another operating system.

5. Scan All Known Ports

To check every port (1–65535) on a target machine, use the -p- option.

Command:

nmap -p- IP_address

Example:

nmap -p- 192.168.0.2

⚠️ Note: This is a comprehensive scan and can take more time to complete.

6. Scan a Specific Port

If you’re only interested in one service (like HTTP on port 80), you can scan a single port.

Command:

nmap -p port IP_address

Example:

nmap -p 80 192.168.0.2

7. Detect Service Versions

The -sV option tells Nmap to detect the software versions running on each open port.

Command:

nmap -sV IP_address

Example:

nmap -sV 192.168.0.2

This helps identify potential vulnerabilities tied to outdated services.

Conclusion

Nmap is a must-know tool for anyone interested in network security or ethical hacking. From quick scans to detailed OS and version detection, it offers unmatched versatility.

For detailed documentation, visit the official Nmap reference guide — a trusted resource for network professionals

Leave a Comment

Your email address will not be published. Required fields are marked *