Basic Scanning Overview
This section covers the basics of network scanning with Nmap. Before we begin it is
important to understand the following concepts:
Firewalls, routers, proxy servers, and other security devices can skew the
results of an Nmap scan. Scanning remote hosts that are not on your local
network may provide misleading information because of this.
Some scanning options require elevated privileges. On Unix and Linux
systems you may be required to login as the root user or to execute Nmap using
the sudo command.
There are also several warnings to take into consideration:
Scanning networks that you do not have permission to scan can get you in
trouble with your internet service provider, the police, and possibly even the
government. Don’t go off scanning the FBI or Secret Service websites unless you
want to get in trouble.
Aggressively scanning some systems may cause them to crash which can
lead to undesirable results like system downtime and data loss. Always scan
mission critical systems with caution.
Now let’s start scanning!
Scan a Single Target
Executing Nmap with no command line options will perform a basic scan on the
specified target. A target can be specified as an IP address or host name (which
Nmap will try to resolve).
Usage syntax: nmap [target]
The resulting scan shows the status of ports detected on the specified target. The
table below describes the output fields displayed by the scan.
1>PORT 2>STATE 3>SERVICE
1>Port number/protocol 3>Status of the port 3>Type of service for the port
A default Nmap scan will check for the 1000 most commonly used TCP/IP ports.
Ports that respond to a probe are classified into one of six port states: open, closed,
filtered, unfiltered, open|filtered, closed|filtered. See Appendix B for more
information about port states.
This section covers the basics of network scanning with Nmap. Before we begin it is
important to understand the following concepts:
Firewalls, routers, proxy servers, and other security devices can skew the
results of an Nmap scan. Scanning remote hosts that are not on your local
network may provide misleading information because of this.
Some scanning options require elevated privileges. On Unix and Linux
systems you may be required to login as the root user or to execute Nmap using
the sudo command.
There are also several warnings to take into consideration:
Scanning networks that you do not have permission to scan can get you in
trouble with your internet service provider, the police, and possibly even the
government. Don’t go off scanning the FBI or Secret Service websites unless you
want to get in trouble.
Aggressively scanning some systems may cause them to crash which can
lead to undesirable results like system downtime and data loss. Always scan
mission critical systems with caution.
Now let’s start scanning!
Scan a Single Target
Executing Nmap with no command line options will perform a basic scan on the
specified target. A target can be specified as an IP address or host name (which
Nmap will try to resolve).
Usage syntax: nmap [target]
$ nmap 192.168.10.1Single target scan
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-07 19:38 CDT
Interesting ports on 192.168.10.1:
Not shown: 997 filtered ports
PORT
STATE
SERVICE
20/tcp closed ftp-data
21/tcp closed ftp
80/tcp open http
The resulting scan shows the status of ports detected on the specified target. The
table below describes the output fields displayed by the scan.
1>PORT 2>STATE 3>SERVICE
1>Port number/protocol 3>Status of the port 3>Type of service for the port
A default Nmap scan will check for the 1000 most commonly used TCP/IP ports.
Ports that respond to a probe are classified into one of six port states: open, closed,
filtered, unfiltered, open|filtered, closed|filtered. See Appendix B for more
information about port states.