8 important nmap commands in Kali Linux with Example

MODULE 5:- Scanning Network and Vulnerability

  1. Introduction of port Scanning – Penetration testing
  2. TCP IP header flags list
  3. Examples of Network Scanning for Live Host by Kali Linux
  4. important nmap commands in Kali Linux with Example
  5. Techniques of Nmap port scanner – Scanning
  6. Nmap Timing Templates – You should know
  7. Nmap options for Firewall IDS evasion in Kali Linux
  8. commands to save Nmap output to file
  9. Nmap Scripts in Kali Linux
  10. 10 best open port checker Or Scanner
  11. 10 hping3 examples for scanning network in Kali Linux
  12. How to Install Nessus on Kali Linux 2.0 step by step
  13. Nessus scan policies and report Tutorial for beginner
  14. Nessus Vulnerability Scanner Tutorial For beginner

8 important nmap commands in Kali Linux with Example

Today I am going to talk about 8 important Nmap commands in Kali Linux with Example after reading this article, you will be able to understand how to use namp commands and how to scan the network!. you can check another post related nmap 4 Examples of Network Scanning for Live Host by Kali Linux

Use Switches like nmap -sO,nmap -sS,nmap -p,nmap -T4,nmap -sF

Oh yes!  you are seeking what is switches? 

It has lots of sub tools. that is excuted by using switch. Like if we are going to scan particular IP address and we run command nmap 192.168.56.102 (Target IP Address) It scan network through default options. When we specify any switch like nmap -v  the process will be verbose.

One more question how will you see available options?

It is very simple to run following command to see available options and how can you use them!

nmap -h OR namp –help

Nmap command 1: nmap -T4 for timing

In scanning process, nmap sends packets to the target machine within the particular time period (interval). If you want to decrease or increase this time period then you can use nmap -T switch. but -T option required an attribute, means you should use 1,2,3,4 as per requirement T4 has fast speed then T1, T2 and T4.

nmap -T4 192.168.56.102 

Timing scan nmap -T4 -v

Nmap command 2: nmap –sS for TCP SYN scan

It is required privilege access and identifies TCP ports. The TCP SYN Scan implements common method to identify open ports without completing Three way handshake process. When the open port is detected, the TCP handshake reset before completing. So this scanning also known as Half Open scanning.

nmap -sS 192.168.56.102

TCP SYN Scan nmap –sS

Nmap command 3: nmap -sF for FIN Scan

FIN scan sends packet with FIN flag to the target machine, so these frames are unusual because the they sent to destination before completing Three way handshaking process. If the tcp session is not active,  it means that port is formally closed. If the particular port is closed on the target machine it reverse RST packet in the response of FIN Scan.

nmap -sF 192.168.56.102 

FIN Scan nmap -sF

IP Protocol Scan nmap –sO

IP Protocol scan has miner difference for other nmap scans. It is searching for additional IP protocols used by Target machine for example ICMP, TCP and UDP. If you scans Router, may be detected additional IP protocols like EGP or IGP.

nmap -sO 192.168.56.102

 

Nmap command 4: nmap –v for Verbose Mode

Nmap’s verbose mode provides the feature of obtaining additional detail in the scan output. The verbose mode doesn’t change what occurs during the scan, it only changes the amount of information that nmap displays on its output.

nmap -v -sF

Nmap command 5: nmap -p for Port Scan

Nmap mostly used for scanning ports, by default it scans all ports but you can scan single, multiple or within range protocols.

Single port scan: namp -p21 192.168.56.102

Multiple scan ports: namp -p21, 80, 443 192.168.56.102

scan Ports Range: nmap -p20-1000

Ports Scan nmap -p

Nmap command 6: Nmap –PE for ICMP Echo Request Ping

The ICMP echo request ping sends an ICMP echo request to the target machine’s IP address. In the normal type of ICMP echo request is sent combination TCP and ACK ping.With the option –PE , the ICMP echo request can be specified as the nmap ping method without pairing TCP ACK ping.

nmap -PE 192.168.56.102

ICMP Echo Request Ping Nmap –PE

Nmap command 7: nmap –PA for TCP ACP Ping 

Instead of using the default option of both an ICMP echo request and a TCP ACK, the –PA option sends a TCP ACK and forgoes any ICMP echo requests. This is a good alternative when the use of ICMP is not applicable because of packet filtering or firewalls.

nmap -PA 192.168.56.102

TCP ACP Ping nmap –PA

SOURCE

 

Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

Latest posts by Vijay Kumar (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *