Nmap is an awesome network mapper / port scanner. It is capable of far more than I use it for. Below is a brain dump of my typical usage.

Official Doco


Target definition

  • Can be a single IP, CIDR or IP iprange.
$ nmap 192.168.1.1
$ nmap 192.168.1.1/24
$ nmap 192.168.1.1-20

Treat all hosts as alive

  • Useful when ping is blocked but other services are open.
$ nmap -Pn 192.168.1.1/24

Ping scan

  • Ping only scan of target(s)
$ nmap -sn 192.168.1.1/24

Detect OS

  • Results vary depending on how well the target is locked down.
  • Tends to be useful in a Corporate network.
  • Requires root.
  • Doesn't work with -sn (disable port scan)
$ nmap -O 192.168.1.1

Scan specific ports

$ nmap -p80,443 192.168.1.1
$ nmap -p20-23 192.168.1.1

Only show open ports

$ nmap --open 192.168.1.1

UDP Scan

  • Requires root
$ nmap -sU 192.168.1.1

Trace Route

  • Requires root
nmap --traceroute 192.168.1.1

No reverse DNS

nmap -r 192.168.1.1