How Finding Open Ports on Linux with nmap

Nmap (“Network Mapper”) is a free and open-source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Nmap has many features for probing networks, including host discovery, service detection, and OS sensing. To install Nmap, we use the following commands.

1. Nmap command usage #

# nmap [Scan Type(s)] [Options] {target specification}

2. Install nmap on linux machine: #

Install On Centos , RedHat:
# yum install nmap -y

Install Ubuntu:
# apt install nmap

[[email protected] ~]# nmap localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2021-01-27 22:59 +0330
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000022s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 986 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
199/tcp open smux
443/tcp open https
465/tcp open smtps
587/tcp open submission
783/tcp open spamassassin
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

Another nmap command to use is as follows.

[email protected]:~# nmap -sT -O localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-27 20:46 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000096s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.77 seconds

3. Scan using “-v” option #

You can see that the below command with “-v” option is giving more detailed information about the remote machine.

# nmap -v 192.168.0.101

Starting Nmap 5.51 ( http://nmap.org ) at 2021-01-27 23:50 +0330
Initiating SYN Stealth Scan at 23:50
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 993/tcp on 127.0.0.1
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 143/tcp on 127.0.0.1
Discovered open port 587/tcp on 127.0.0.1
Discovered open port 199/tcp on 127.0.0.1
Discovered open port 443/tcp on 127.0.0.1
Discovered open port 110/tcp on 127.0.0.1
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 995/tcp on 127.0.0.1
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 783/tcp on 127.0.0.1
Discovered open port 465/tcp on 127.0.0.1
Completed SYN Stealth Scan at 23:50, 0.09s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000037s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 986 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
199/tcp open smux
443/tcp open https
465/tcp open smtps
587/tcp open submission
783/tcp open spamassassin
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
Raw packets sent: 1000 (44.000KB) | Rcvd: 2053 (87.672KB)

 

4. Scan Multiple Hosts #

You can scan multiple hosts by simply writing their IP addresses or hostnames with Nmap.

#nmap 192.168.0.101 192.168.0.102 192.168.0.103

 

5.  Scan a whole Subnet #

You can scan a whole subnet or IP range with Nmap by providing * wildcard with it.

[[email protected] ~]# nmap 192.168.0.*

On above output you can see that nmap scanned a whole subnet and gave the information about those hosts which are Up in the Network.

 

6. Scan list of Hosts from a File #

The -iL option allows you to read the list of target systems using a text file. This is useful to scan a large number of hosts/networks. Create a text file as follows:

cat > nmaphostlist.txt

and then define all the IP addresses or hostname of the server that you want to do a scan.


 

The syntax is as follows:

nmap -iL nmaphostlist.txt

 

7. Scan an IP Address Range #

You can specify the IP selection range with nmap.

nmap 192.168.0.101-110

8. Scan Network Excluding Remote Hosts #

You can exclude some hosts while performing a full network scan or when you are scanning with wildcards with “–exclude” option.

# nmap 192.168.0.* –exclude 192.168.0.100

 

 

 

 

Powered by BetterDocs

Leave a Comment