CentOS / RHEL: Install nmap Network Security Scanner

How do I install nmap command under CentOS / RHEL or Red Hat Enterprise Linux based system for testing security of my own network?

Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements RHEL / SL / CentOS
Fedora Linux
Est. reading time N/A
The nmap command line utility is used for port scanning and finding out all the ways a computer communicates with other computers on a network. You can find open ports on a server or computer and find what services are using those ports. It can even determine what operating system is running on the server and much more.


To install nmap on RHEL based Linux distributions, type the following yum command:
# yum install nmap
Sample outputs:

Loaded plugins: protectbase, rhnplugin, security
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nmap.x86_64 2:5.51-2.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package    Arch         Version               Repository                  Size
 nmap       x86_64       2:5.51-2.el6          rhel-x86_64-server-6       2.8 M
Transaction Summary
Install       1 Package(s)
Total download size: 2.8 M
Installed size: 0  
Is this ok [y/N]: y
Downloading Packages:
nmap-5.51-2.el6.x86_64.rpm                               | 2.8 MB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 2:nmap-5.51-2.el6.x86_64                                     1/1 
  Verifying  : 2:nmap-5.51-2.el6.x86_64                                     1/1 
  nmap.x86_64 2:5.51-2.el6                                                      

How do I use nmap command?

To find out nmap version, run:
# nmap --version
Sample outputs:

Nmap version 5.51 ( http://nmap.org )

To scan an IP address or a host name (FQDN), run:
# nmap
# nmap localhost
# nmap

Sample outputs:

Fig.01: nmap in action

Fig.01: nmap in action

Getting more information out of the remote system

The -v option forces verbose output and the -A optipn enables OS detection and Version detection, Script scanning and traceroute in a single command:
# nmap -v -A scanme.nmap.org
# nmap -v -A

Sample outputs:

Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-19 16:38 IST
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 16:38
Scanning [1 port]
Completed ARP Ping Scan at 16:38, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:38
Completed Parallel DNS resolution of 1 host. at 16:38, 0.00s elapsed
Initiating SYN Stealth Scan at 16:38
Scanning [1000 ports]
Discovered open port 80/tcp on
Discovered open port 22/tcp on
Completed SYN Stealth Scan at 16:38, 0.27s elapsed (1000 total ports)
Initiating Service scan at 16:38
Scanning 2 services on
Completed Service scan at 16:39, 66.11s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against
Retrying OS detection (try #2) against
Retrying OS detection (try #3) against
Retrying OS detection (try #4) against
Retrying OS detection (try #5) against
NSE: Script scanning
NSE: Starting runlevel 1 scan
Initiating NSE at 16:40
Completed NSE at 16:40, 0.88s elapsed
NSE: Script Scanning completed.
Host is up (0.00050s latency).
Interesting ports on
Not shown: 998 closed ports
22/tcp open  ssh     Dropbear sshd 0.52 (protocol 2.0)
|  ssh-hostkey: 1024 15:b6:b5:68:dc:36:97:76:19:72:4d:74:63:d6:18:35 (DSA)
|_ 1040 d2:75:67:8e:51:4d:4b:f6:25:f0:46:e3:a8:9e:8f:42 (RSA)
80/tcp open  http?
|_ html-title: Error
|  http-auth: HTTP Service requires authentication
|_   Auth type: Basic, realm = tswitch
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
MAC Address: BC:AE:C5:C3:16:93 (Unknown)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
Network Distance: 1 hop
Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 83.27 seconds
           Raw packets sent: 1266 (62.072KB) | Rcvd: 1036 (44.320KB)

To scan a range of IP addresses

# nmap

To scan an entire subnet

# nmap

Ping only scan

# nmap -sP

TCP SYN scan

# nmap -sS

UDP scan

# nmap -sU

IP protocol scan

# nmap -sO

Scan port 80, 25, 443, and 110

# nmap -p 80,25,443,110

Scan port ranges 1024-2048

# nmap -p 1024-2048

Operating system detection

# nmap -O --osscan-guess

See also:
  1. Howto install nmap under Debian or Ubuntu Linux.
  2. nmap man page

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • nabyl Nov 27, 2012 @ 13:40

    hi when I run the command :
    nmap -v -A local ip (same subnet as nmap server; ie no firewall)
    I get the following :
    Increasing send delay for xxxxxx from 0 to 5 due to max_successful_tryno increase to 4
    Increasing send delay for xxxxxx from 5 to 10 due to max_successful_tryno increase to 5
    Increasing send delay for xxxxxx from 10 to 20 due to max_successful_tryno increase to 6
    Increasing send delay for xxxxxx from 20 to 40 due to max_successful_tryno increase to 7
    Increasing send delay for xxxxxx from 40 to 80 due to max_successful_tryno increase to 8
    Increasing send delay for 1xxxxxx from 80 to 160 due to max_successful_tryno increase to 9

    any idea’s of what is the culprit ?

  • tic-tac Jun 15, 2015 @ 14:43

    After the scan, how can I import the discovered guests in centreon ?

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum