Nmap is a command-line tool in Linux for security auditing and network exploration. It is mostly used by network and security experts and hackers. You can use the Nmap command in Linux for various purposes, including port scanning and real-time information.

Nmap is widely used to get real-time information about the network. It also lists down detailed information of all the IPs and several ports that are open in the current network. Furthermore, the Nmap command will also provide information on live hosts. With the Nmap tool, you can quickly find out security issues and reveal hosts and services.
In this article, you will look at the installation and use of the Nmap command in Linux. You will also learn various common uses of Nmap, ranging from scanning IP Address to open ports.
Install the Nmap Tool
Before starting with the command, it is crucial to install it. You can easily install it on Linux using the command-line interface. You can also install it using its GUI if you prefer that.
The official setup is available on its download page. To install it using CLI, type the command given below and press the “Enter” key.
sudo apt-get install nmap
Using the Nmap Command in Linux
Since Nmap is used for various purposes, we will explore its various uses, starting with open ports scan.
1. Use Nmap for Open Ports
To scan for open ports in Linux using Nmap, you will type the Nmap command with hostname as shown in the syntax given below. In place of hostname, you can type IP Address or website address.
nmap hostname
For example:
nmap 192.168.0.1

Additionally, you can also use the -F
flag with the Nmap command for a fast scan. It will list all the ports on the nmap-services files.
Furthermore, you can also scan multiple hosts with the Nmap command. You will type all the hosts that you want to scan separated by space.
For example:
nmap 192.168.0.1 192.168.0.2 192.168.0.3
To scan the whole subnet of your network, simply type IP Address with an asterisk at the last bit place.
nmap 192.168.0.*

Additionally, you can also exclude the host from your search and select the entire group. For this, you will use the -exclude
keyword followed by the host’s IP Address.
For instance:
nmap 192.168.0.* --exclude 192.168.0.2
2. Scan for a Particular Port
Additionally, port scanning is one of the basic utilities that Nmap offers. There are several ways to scan a particular port of a domain using the Nmap command.
Firstly, you can use the -p
flag with the Nmap command to scan for information regarding a specific port on a host.
nmap -p 22 192.168.0.1

In addition, you can also scan for multiple ports with the -p
flag as shown below:
nmap -p 80, 20 192.168.0.1
3. Use Nmap to Detect Firewall Settings
Thirdly, the most common use of the Nmap command is to scan the network to detect firewall settings. For this, you will use the -sA
flag followed by the IP Address with the Nmap command.
nmap -sA 192.168.0.1
Here, the flag -A
indicates “aggressive” mode. It will list down all the extra information like OS, version, scripts, and traceroute. You can also discover target hosting services.
4. Use Nmap to Scan OS
In addition to detecting open ports, you can also use the Nmap command to detect operating systems. To detect the OS of the target, use the Nmap command with the flag -O
as shown below:
nmap -O 192.168.1.0

5. Use Nmap to Trace the Domain
Using the “trace out” keyword with the Nmap command will tell you where the domain or IP Address is running. However, it will not display the exact OS. It will only guess the OS of the domain. To trace it, execute the command given below:
nmap --trace out 192.168.0.1
6. Find Information About Service Versions
Sometimes, you might have to detect services and their versions running on the open ports. It is useful when you have to troubleshoot or assess vulnerabilities. To perform this step, type the Nmap command with a -sV
flag, followed by the domain’s name.
nmap -sV 192.168.0.1

You can also use the version-intensity
flag to set the intensity from the search. In addition, you can also use version-trace
with the Nmap command to get more detailed information.
7. Identify Hostnames Using the Nmap Command
You can also use the Nmap command to find the hostnames for the given host. It will complete the DNA query for the hostname. For the identification of hostnames, we use the -sL
flag.
For example:
nmap -sL 192.168.0.1
8. Scan from a File Using the Nmap Command
If you want to scan a long list of IP Addresses, you can import the file containing all the IP Addresses. For this, you will use the iL
flag with the file.
For example:
nmap -iL /example.txt
9. Scan for Active Servers
One of the most important abilities of the Nmap command is to ping active machines. The -sP
flag locates active machines or identifies unexpected machines across a network.
For example:
nmap -sP 192.168.0.0/24

10. Create Decoys Using the Nmap command
Decoys are created to debug the firewalls. While they can be annoying, it is crucial to debug the firewalls to ensure the security of the network. To create decoys, you will use the -D
flag.
nmap -D 192.168.0.1,192.168.0.2
11. Nmap Output
Nmap produces all the output on the standard output i.e. Command-line Terminal. If you wish to store the information for later usage, you can save it in a file. For this, you can use the -oN
flag, followed by the file name. After that, press Enter key to generate a file.
For instance,
nmap 192.168.0.1 -oN output.txt
From the image given below, you can see that there is a file named output.txt
in the directory.

To save the output as an XML file, use the -oX
flag as shown below:
nmap 1024 192.168.0.1 -oX output.xml
Nmap is a network diagnostic tool that is used primarily by system administrators to discover hosts and scan ports. With the accurate Nmap commands and flags, you can easily find out information about any network in Linux.
If this guide helped you, please share it.