Tutorial details | |
---|---|
Difficulty | Easy (rss) |
Root privileges | Yes |
Requirements | RHEL / SL / CentOS Fedora Linux |
Time | N/A |
Installation
To install nmap on RHEL based Linux distributions, type the following yum command:
# yum install nmap
Sample outputs:
Loaded plugins: protectbase, rhnplugin, security 0 packages excluded due to repository protections Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package nmap.x86_64 2:5.51-2.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: nmap x86_64 2:5.51-2.el6 rhel-x86_64-server-6 2.8 M Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 2.8 M Installed size: 0 Is this ok [y/N]: y Downloading Packages: nmap-5.51-2.el6.x86_64.rpm | 2.8 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 2:nmap-5.51-2.el6.x86_64 1/1 Verifying : 2:nmap-5.51-2.el6.x86_64 1/1 Installed: nmap.x86_64 2:5.51-2.el6 Complete!
How do I use nmap command?
To find out nmap version, run:
# nmap --version
Sample outputs:
Nmap version 5.51 ( http://nmap.org )
To scan an IP address or a host name (FQDN), run:
# nmap 1.2.3.4
# nmap localhost
# nmap 192.168.1.1
Sample outputs:
Getting more information out of the remote system
The -v option forces verbose output and the -A optipn enables OS detection and Version detection, Script scanning and traceroute in a single command:
# nmap -v -A scanme.nmap.org
# nmap -v -A 192.168.1.1
Sample outputs:
Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-19 16:38 IST NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 16:38 Scanning 192.168.1.1 [1 port] Completed ARP Ping Scan at 16:38, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 16:38 Completed Parallel DNS resolution of 1 host. at 16:38, 0.00s elapsed Initiating SYN Stealth Scan at 16:38 Scanning 192.168.1.1 [1000 ports] Discovered open port 80/tcp on 192.168.1.1 Discovered open port 22/tcp on 192.168.1.1 Completed SYN Stealth Scan at 16:38, 0.27s elapsed (1000 total ports) Initiating Service scan at 16:38 Scanning 2 services on 192.168.1.1 Completed Service scan at 16:39, 66.11s elapsed (2 services on 1 host) Initiating OS detection (try #1) against 192.168.1.1 Retrying OS detection (try #2) against 192.168.1.1 Retrying OS detection (try #3) against 192.168.1.1 Retrying OS detection (try #4) against 192.168.1.1 Retrying OS detection (try #5) against 192.168.1.1 NSE: Script scanning 192.168.1.1. NSE: Starting runlevel 1 scan Initiating NSE at 16:40 Completed NSE at 16:40, 0.88s elapsed NSE: Script Scanning completed. Host 192.168.1.1 is up (0.00050s latency). Interesting ports on 192.168.1.1: Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.52 (protocol 2.0) | ssh-hostkey: 1024 15:b6:b5:68:dc:36:97:76:19:72:4d:74:63:d6:18:35 (DSA) |_ 1040 d2:75:67:8e:51:4d:4b:f6:25:f0:46:e3:a8:9e:8f:42 (RSA) 80/tcp open http? |_ html-title: Error | http-auth: HTTP Service requires authentication |_ Auth type: Basic, realm = tswitch 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port80-TCP:V=5.00%I=7%D=11/19%Time=50AA133E%P=x86_64-unknown-linux-gnu% SF:r(GetRequest,17E,"HTTP/1\.0\x20401\x20Unauthorized\r\nDate:\x20Mon,\x20 SF:19\x20Nov\x202012\x2011:08:46\x20GMT\r\nContent-Type:\x20text/html;\x20 SF:charset=utf-8\r\nCache-Control:\x20no-cache,\x20no-store,\x20must-reval SF:idate,\x20private\r\nExpires:\x20Thu,\x2031\x20Dec\x201970\x2000:00:00\ SF:x20GMT\r\nPragma:\x20no-cache\r\nWWW-Authenticate:\x20Basic\x20realm=\" SF:tswitch\"\r\nConnection:\x20close\r\n\r\n<html><head><title>Error</titl SF:e></head><body><h2>401\x20Unauthorized</h2>\x20Unauthorized</body></htm SF:l>")%r(FourOhFourRequest,17E,"HTTP/1\.0\x20401\x20Unauthorized\r\nDate: SF:\x20Mon,\x2019\x20Nov\x202012\x2011:08:51\x20GMT\r\nContent-Type:\x20te SF:xt/html;\x20charset=utf-8\r\nCache-Control:\x20no-cache,\x20no-store,\x SF:20must-revalidate,\x20private\r\nExpires:\x20Thu,\x2031\x20Dec\x201970\ SF:x2000:00:00\x20GMT\r\nPragma:\x20no-cache\r\nWWW-Authenticate:\x20Basic SF:\x20realm=\"tswitch\"\r\nConnection:\x20close\r\n\r\n<html><head><title SF:>Error</title></head><body><h2>401\x20Unauthorized</h2>\x20Unauthorized SF:</body></html>")%r(Help,15E,"HTTP/1\.0\x20400\x20Invalid\x20Request\r\n SF:Date:\x20Mon,\x2019\x20Nov\x202012\x2011:09:06\x20GMT\r\nContent-Type:\ SF:x20text/html;\x20charset=utf-8\r\nCache-Control:\x20no-cache,\x20no-sto SF:re,\x20must-revalidate,\x20private\r\nExpires:\x20Thu,\x2031\x20Dec\x20 SF:1970\x2000:00:00\x20GMT\r\nPragma:\x20no-cache\r\nConnection:\x20close\ SF:r\n\r\n<html><head><title>Error</title></head><body><h2>400\x20Invalid\ SF:x20Request</h2>\x20Invalid\x20Request</body></html>")%r(LPDString,15E," SF:HTTP/1\.0\x20400\x20Invalid\x20Request\r\nDate:\x20Mon,\x2019\x20Nov\x2 SF:02012\x2011:09:11\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf- SF:8\r\nCache-Control:\x20no-cache,\x20no-store,\x20must-revalidate,\x20pr SF:ivate\r\nExpires:\x20Thu,\x2031\x20Dec\x201970\x2000:00:00\x20GMT\r\nPr SF:agma:\x20no-cache\r\nConnection:\x20close\r\n\r\n<html><head><title>Err SF:or</title></head><body><h2>400\x20Invalid\x20Request</h2>\x20Invalid\x2 SF:0Request</body></html>"); MAC Address: BC:AE:C5:C3:16:93 (Unknown) No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=5.00%D=11/19%OT=22%CT=1%CU=35558%PV=Y%DS=1%G=Y%M=BCAEC5%TM=50AA13 OS:8B%P=x86_64-unknown-linux-gnu)SEQ(CI=Z%II=I)ECN(R=Y%DF=Y%T=40%W=4600%O=M OS:2300NNSNW2%CC=N%Q=)T1(R=N)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R OS:%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T= OS:40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL= OS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Network Distance: 1 hop Read data files from: /usr/share/nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 83.27 seconds Raw packets sent: 1266 (62.072KB) | Rcvd: 1036 (44.320KB)
To scan a range of IP addresses
# nmap 192.168.1.1-50
To scan an entire subnet
# nmap 192.168.1.0/24
Ping only scan
# nmap -sP 192.168.1.1
TCP SYN scan
# nmap -sS 192.168.1.1
UDP scan
# nmap -sU 192.168.1.1
IP protocol scan
# nmap -sO 192.168.1.1
Scan port 80, 25, 443, and 110
# nmap -p 80,25,443,110 192.168.1.1
Scan port ranges 1024-2048
# nmap -p 1024-2048 192.168.1.1
Operating system detection
# nmap -O --osscan-guess 192.168.1.1
See also:
- Howto install nmap under Debian or Ubuntu Linux.
- nmap man page
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 2 comments... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
hi when I run the command :
nmap -v -A local ip (same subnet as nmap server; ie no firewall)
I get the following :
Increasing send delay for xxxxxx from 0 to 5 due to max_successful_tryno increase to 4
Increasing send delay for xxxxxx from 5 to 10 due to max_successful_tryno increase to 5
Increasing send delay for xxxxxx from 10 to 20 due to max_successful_tryno increase to 6
Increasing send delay for xxxxxx from 20 to 40 due to max_successful_tryno increase to 7
Increasing send delay for xxxxxx from 40 to 80 due to max_successful_tryno increase to 8
Increasing send delay for 1xxxxxx from 80 to 160 due to max_successful_tryno increase to 9
etc…
any idea’s of what is the culprit ?
After the scan, how can I import the discovered guests in centreon ?