≡ Menu

CentOS / RHEL: Install nmap Network Security Scanner

How do I install nmap command under CentOS / RHEL or Red Hat Enterprise Linux based system for testing security of my own network?

The nmap command line utility is used for port scanning and finding out all the ways a computer communicates with other computers on a network. You can find open ports on a server or computer and find what services are using those ports. It can even determine what operating system is running on the server and much more.


To install nmap on RHEL based Linux distributions, type the following yum command:
# yum install nmap
Sample outputs:

Loaded plugins: protectbase, rhnplugin, security
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nmap.x86_64 2:5.51-2.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package    Arch         Version               Repository                  Size
 nmap       x86_64       2:5.51-2.el6          rhel-x86_64-server-6       2.8 M
Transaction Summary
Install       1 Package(s)
Total download size: 2.8 M
Installed size: 0  
Is this ok [y/N]: y
Downloading Packages:
nmap-5.51-2.el6.x86_64.rpm                               | 2.8 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 2:nmap-5.51-2.el6.x86_64                                     1/1 
  Verifying  : 2:nmap-5.51-2.el6.x86_64                                     1/1 
  nmap.x86_64 2:5.51-2.el6                                                      

How do I use nmap command?

To find out nmap version, run:
# nmap --version
Sample outputs:

Nmap version 5.51 ( http://nmap.org )

To scan an IP address or a host name (FQDN), run:
# nmap
# nmap localhost
# nmap

Sample outputs:

Fig.01: nmap in action

Fig.01: nmap in action

Getting more information out of the remote system

The -v option forces verbose output and the -A optipn enables OS detection and Version detection, Script scanning and traceroute in a single command:
# nmap -v -A scanme.nmap.org
# nmap -v -A

Sample outputs:

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-19 16:38 IST
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 16:38
Scanning [1 port]
Completed ARP Ping Scan at 16:38, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:38
Completed Parallel DNS resolution of 1 host. at 16:38, 0.00s elapsed
Initiating SYN Stealth Scan at 16:38
Scanning [1000 ports]
Discovered open port 80/tcp on
Discovered open port 22/tcp on
Completed SYN Stealth Scan at 16:38, 0.27s elapsed (1000 total ports)
Initiating Service scan at 16:38
Scanning 2 services on
Completed Service scan at 16:39, 66.11s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against
Retrying OS detection (try #2) against
Retrying OS detection (try #3) against
Retrying OS detection (try #4) against
Retrying OS detection (try #5) against
NSE: Script scanning
NSE: Starting runlevel 1 scan
Initiating NSE at 16:40
Completed NSE at 16:40, 0.88s elapsed
NSE: Script Scanning completed.
Host is up (0.00050s latency).
Interesting ports on
Not shown: 998 closed ports
22/tcp open  ssh     Dropbear sshd 0.52 (protocol 2.0)
|  ssh-hostkey: 1024 15:b6:b5:68:dc:36:97:76:19:72:4d:74:63:d6:18:35 (DSA)
|_ 1040 d2:75:67:8e:51:4d:4b:f6:25:f0:46:e3:a8:9e:8f:42 (RSA)
80/tcp open  http?
|_ html-title: Error
|  http-auth: HTTP Service requires authentication
|_   Auth type: Basic, realm = tswitch
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
MAC Address: BC:AE:C5:C3:16:93 (Unknown)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
Network Distance: 1 hop
Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 83.27 seconds
           Raw packets sent: 1266 (62.072KB) | Rcvd: 1036 (44.320KB)

To scan a range of IP addresses

# nmap

To scan an entire subnet

# nmap

Ping only scan

# nmap -sP

TCP SYN scan

# nmap -sS

UDP scan

# nmap -sU

IP protocol scan

# nmap -sO

Scan port 80, 25, 443, and 110

# nmap -p 80,25,443,110

Scan port ranges 1024-2048

# nmap -p 1024-2048

Operating system detection

# nmap -O --osscan-guess

See also:
  1. Howto install nmap under Debian or Ubuntu Linux.
  2. nmap man page
Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 2 comments… add one }
  • nabyl November 27, 2012, 1:40 pm

    hi when I run the command :
    nmap -v -A local ip (same subnet as nmap server; ie no firewall)
    I get the following :
    Increasing send delay for xxxxxx from 0 to 5 due to max_successful_tryno increase to 4
    Increasing send delay for xxxxxx from 5 to 10 due to max_successful_tryno increase to 5
    Increasing send delay for xxxxxx from 10 to 20 due to max_successful_tryno increase to 6
    Increasing send delay for xxxxxx from 20 to 40 due to max_successful_tryno increase to 7
    Increasing send delay for xxxxxx from 40 to 80 due to max_successful_tryno increase to 8
    Increasing send delay for 1xxxxxx from 80 to 160 due to max_successful_tryno increase to 9

    any idea’s of what is the culprit ?

  • tic-tac June 15, 2015, 2:43 pm

    After the scan, how can I import the discovered guests in centreon ?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , ,