Nmap is an awesome network mapper / port scanner. It is capable of far more than I use it for. Below is a brain dump of my typical usage.

Official Doco

Target definition

  • Can be a single IP, CIDR or IP iprange.
$ nmap
$ nmap
$ nmap

Treat all hosts as alive

  • Useful when ping is blocked but other services are open.
$ nmap -Pn

Ping scan

  • Ping only scan of target(s)
$ nmap -sn

Detect OS

  • Results vary depending on how well the target is locked down.
  • Tends to be useful in a Corporate network.
  • Requires root.
  • Doesn't work with -sn (disable port scan)
$ nmap -O

Scan specific ports

$ nmap -p80,443
$ nmap -p20-23

Only show open ports

$ nmap --open

UDP Scan

  • Requires root
$ nmap -sU

Trace Route

  • Requires root
nmap --traceroute

No reverse DNS

nmap -r