Introduction
In the world of system management and computer security, knowing the devices and services that are exposed to a network is essential. Nmap (Network Mapper) is an open source tool that allows fast and efficient port scanning and discovery of hosts. In this article you will learn from installation to the most advanced scans, with practical examples you can apply in your Linux environment.
What is nmap
Nmap is a port scanner that uses custom IP packages to determine which hosts are available in a network, what services these hosts offer, what operating systems are running and what type of filters or firewalls may be present. Its flexibility is due to the wide variety of scanning techniques (TCP connect, SYN stealth, UDP, etc.) and the NSE scripts engine that expands its capabilities.
Linux installation
Most distributions include nmap in their repositories. In Debian / Ubuntu you can install it with:
sudo apt updatesudo apt install nmap
In Fedora or CentOS uses:
sudo dnf install nmap
To verify installation, runnmap --versionAnd you should see the version number and the release date.
Basic Scanning of ports
The simplest command is to scan a specific host:
nmap 192.168.1.10This does a SYN stealth (-sS) scan by default if you have root privileges, or a complete (-sT) connection scan if you don't. The result shows the open ports, the state and the associated service.
You can specify a range of ports:
nmap -p 1-1000 192.168.1.10Or scan all ports:
nmap -p- 192.168.1.10Detection of services and versions
For more information on which service is behind each open port, use the option-sV:
nmap -sV 192.168.1.10Nmap will send specific probes and compare the responses to its service print database, returning the software version (e.g. Apache 2.4.41, OpenSSH 7.9).
If you also want an aggressive detection of the operating system, combine-Owith--osscan-guess:
nmap -O --osscan-guess 192.168.1.10Discovery of hosts in a network
When you need to know which devices are active in a subnetwork, nmap offers the discovery of hosts through ping ARP, ICMP or TCP. A quick network scan looks like this:
nmap -sn 192.168.1.0/24The flag-sntells nmap to only make a discovery of hosts, without scanning ports. This is useful for inventing devices before a deeper analysis.
Advanced Scanning with NSE scripts
The Nmap Scripts Engine (NSE) allows for automated tasks such as vulnerability detection, service information extraction or even light operation. Some useful scripts are:
http-title: gets the title of a website.ssl-cert: shows information from the SSL / TLS certificate.vuln: verifies known vulnerabilities according to the CVE database.
To run one or more scripts, use the flag--script:
nmap --script http-title,ssl-cert 192.168.1.10You can use comodines to load all the scripts in a category:
nmap --script vuln 192.168.1.10Best practices and precautions
Although nmap is a powerful tool, its use must be responsible and ethical:
- Always get explicit permission before scanning networks that don't belong to you.
- It prefers less intrusive scans (such as
-sS) when you work in production environments. - Record the results in an audit file:
nmap -oA resultado 192.168.1.0/24generates three formats (normal, greppable and XML). - Keep nmap updated to benefit from the latest signatures and scripts.
Conclusion
Nmap has become an essential element of the toolkit of any system manager or security professional. From a simple port scan to complex security audits with NSE scripts, its flexibility and power make it indispensable. With the examples and recommendations presented here, you will be ready to explore and protect your Linux networks in an informed and secure manner.
