How to Use Nmap Command in Linux

Nmap is a command-line tool in Linux for security auditing and network exploration. It is mostly used by network and security experts and hackers. You can use the Nmap command in Linux for various purposes, including port scanning and real-time information.

How to Use Nmap Command in Linux

Nmap is widely used to get real-time information about the network. It also lists down detailed information of all the IPs and several ports that are open in the current network. Furthermore, the Nmap command will also provide information on live hosts. With the Nmap tool, you can quickly find out security issues and reveal hosts and services. 

In this article, you will look at the installation and use of the Nmap command in Linux. You will also learn various common uses of Nmap, ranging from scanning IP Address to open ports.

Install the Nmap Tool

Before starting with the command, it is crucial to install it. You can easily install it on Linux using the command-line interface. You can also install it using its GUI if you prefer that. 

The official setup is available on its download page. To install it using CLI, type the command given below and press the “Enter” key. 

sudo apt-get install nmap

Using the Nmap Command in Linux

Since Nmap is used for various purposes, we will explore its various uses, starting with open ports scan.

1. Use Nmap for Open Ports

To scan for open ports in Linux using Nmap, you will type the Nmap command with hostname as shown in the syntax given below. In place of hostname, you can type IP Address or website address. 

nmap hostname

For example: 

nmap in Linux to scan open port

Additionally, you can also use the -F flag with the Nmap command for a fast scan. It will list all the ports on the nmap-services files. 

Furthermore, you can also scan multiple hosts with the Nmap command. You will type all the hosts that you want to scan separated by space.  

For example:


To scan the whole subnet of your network, simply type IP Address with an asterisk at the last bit place. 

nmap 192.168.0.*
Use the Nmap command for Linux

Additionally, you can also exclude the host from your search and select the entire group. For this, you will use the -exclude keyword followed by the host’s IP Address. 

For instance:

nmap 192.168.0.* --exclude

2. Scan for a Particular Port

Additionally, port scanning is one of the basic utilities that Nmap offers. There are several ways to scan a particular port of a domain using the Nmap command. 

Firstly, you can use the -p flag with the Nmap command to scan for information regarding a specific port on a host.

nmap -p 22
Nmap for particular port scan

In addition, you can also scan for multiple ports with the -p flag as shown below: 

nmap -p 80, 20

3. Use Nmap to Detect Firewall Settings

Thirdly, the most common use of the Nmap command is to scan the network to detect firewall settings. For this, you will use the -sA flag followed by the IP Address with the Nmap command. 

nmap -sA

Here, the flag -A indicates “aggressive” mode. It will list down all the extra information like OS, version, scripts, and traceroute. You can also discover target hosting services. 

4. Use Nmap to Scan OS

In addition to detecting open ports, you can also use the Nmap command to detect operating systems. To detect the OS of the target, use the Nmap command with the flag -O as shown below:

nmap -O
Nmap to scan OS

5. Use Nmap to Trace the Domain

Using the “trace out” keyword with the Nmap command will tell you where the domain or IP Address is running. However, it will not display the exact OS. It will only guess the OS of the domain. To trace it, execute the command given below: 

nmap --trace out

6. Find Information About Service Versions

Sometimes, you might have to detect services and their versions running on the open ports. It is useful when you have to troubleshoot or assess vulnerabilities. To perform this step, type the Nmap command with a -sV flag, followed by the domain’s name. 

nmap -sV
Nmap to find about service versions

You can also use the version-intensity flag to set the intensity from the search. In addition, you can also use version-trace with the Nmap command to get more detailed information. 

7. Identify Hostnames Using the Nmap Command

You can also use the Nmap command to find the hostnames for the given host. It will complete the DNA query for the hostname. For the identification of hostnames, we use the -sL flag.

For example:

nmap -sL

8. Scan from a File Using the Nmap Command

If you want to scan a long list of IP Addresses, you can import the file containing all the IP Addresses. For this, you will use the iL flag with the file.

For example:

nmap -iL /example.txt

9. Scan for Active Servers

One of the most important abilities of the Nmap command is to ping active machines. The -sP flag locates active machines or identifies unexpected machines across a network.

For example: 

nmap -sP

scan for active servers

10. Create Decoys Using the Nmap command

Decoys are created to debug the firewalls. While they can be annoying, it is crucial to debug the firewalls to ensure the security of the network. To create decoys, you will use the -D flag. 

nmap -D,

11. Nmap Output

Nmap produces all the output on the standard output i.e. Command-line Terminal. If you wish to store the information for later usage, you can save it in a file. For this, you can use the -oN flag, followed by the file name. After that, press Enter key to generate a file.

For instance,

nmap -oN output.txt

From the image given below, you can see that there is a file named output.txt in the directory.

nmap output

To save the output as an XML file, use the -oX flag as shown below: 

nmap 1024 -oX output.xml

Nmap is a network diagnostic tool that is used primarily by system administrators to discover hosts and scan ports. With the accurate Nmap commands and flags, you can easily find out information about any network in Linux.

If this guide helped you, please share it.

Leave a Reply
Related Posts