Nmap (Network Mapper) is a tool for scanning and analysing hosts in a network.
Nmap is a powerful portscanner, one of the most important tools for a network administrator. It is able to find open ports on hosts and can identify an operating system, including the version of the OS and some components.
You can install nmap with Pakfire or on the shell with the command:
pakfire install -y nmap
Nmap can only be used on the shell, so I want to show you some commands and examples.
The “standard-scan” will scan every port from 1 to 1024 (e.g. on host 192.168.0.1):
The output is similar to this:
[root@ipfire ~]# nmap 192.168.0.1 Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-04 14:51 Nmap scan report for pi.localdomain (192.168.0.1) Host is up (0.00073s latency). Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp closed https 8080/tcp open http-proxy MAC Address: B8:27:EB:xx:xx:x (Raspberry Pi Foundation) Nmap done: 1 IP address (1 host up) scanned in 18.66 seconds
If you want to lookup for port 80, because maybe there is a webservice offered:
nmap -p 80 192.168.0.1
To scan a handfull of ports use:
nmap -p 20,21,80 192.168.0.1
To scan a port range use:
nmap -p 80-90 192.168.0.1
You also can scan more than one host:
nmap -p 80 192.168.0.1,2,3,4 resp. # nmap -p 80 192.168.0.1-4
Settings for ports are the same as above.
As I allready told nmap can be used for OS-gingerprinting, to use this feature you have to add -O to your scan command:
nmap -O 192.168.0.1
As example, the output of a scan from IPfire:
Starting Nmap 4.60 ( http://nmap.org ) at 2008-11-04 17:46 CET Interesting ports on 192.168.0.1: Not shown: 1711 closed ports PORT STATE SERVICE 53/tcp open domain 81/tcp open hosts2-ns 222/tcp open rsh-spx 444/tcp open snpp MAC Address: 00:XX:XX:XX:XX:XX (Allied Telesyn Internaional) Device type: testfire Running: IPCop Linux 2.4.X OS details: IPCop firewall 1.4.10 - 1.4.15 (Linux 2.4.31 - 2.4.34) Network Distance: 1 hop