Nmap: Complete guide for network scanning and security in Linux

Posted on by BlockmyIP | Category: Programas Linux

Introduction to Nmap

Nmap (Network Mapper) is an open‑source tool designed to discover hosts and services on a computer network, as well as to detect vulnerabilities and misconfigurations. Its popularity stems from the combination of power, flexibility, and an active community that keeps its signature databases up to date. In Linux environments, Nmap integrates easily with shell scripts, allows automation of security audits, and can be combined with other utilities such as tcpdump or Wireshark for deeper analysis.

Installing Nmap on the main distributions

On Debian and Ubuntu, the package is available in the official repositories and is installed with:

  • sudo apt update
  • sudo apt install nmap

On Fedora, CentOS, and RHEL you use dnf or yum:

  • sudo dnf install nmap # Fedora
  • sudo yum install nmap # CentOS/RHEL

For Arch Linux and its derivatives:

  • sudo pacman -S nmap

If the latest version is needed, it can be compiled from the source code available in the official GitHub repository, following the steps ./configure, make, and sudo make install.

Basic host and port scanning

The simplest command is:

  • nmap 192.168.1.0/24

This will perform a ping sweep to determine which IP addresses are active and, by default, will scan the 1000 most common ports. To limit the scan to a specific port range, the -p option is used:

  • nmap -p 22,80,443 192.168.1.10

If a faster scan is desired, you can apply -T4 (aggressive timing template) or even -T5 for an “insane” mode, although with a higher risk of being detected by intrusion prevention systems.

Advanced scanning techniques

Nmap offers several types of scan that adapt to different scenarios:

  • SYN scan (-sS): half‑open, does not complete the TCP handshake, less detectable.
  • TCP connect scan (-sT): completes the handshake, useful when you lack root privileges.
  • UDP scan (-sU): discovers UDP services, slower due to the connectionless nature of the protocol.
  • Version scan (-sV): attempts to determine the exact version of the service listening on each port.
  • Script scan (-sC or –script): runs the NSE (Nmap Scripting Engine) collection of scripts to detect vulnerabilities, gather additional information, or perform brute force.

A combined example could be:

  • nmap -sS -sV –script=vuln 10.0.0.5

This command performs a SYN scan, detects versions, and runs vulnerability scripts against the indicated IP.

Saving and processing the results

Nmap allows exporting the results in several formats for later analysis:

  • -oN file.txt: normal output, human‑readable.
  • -oX file.xml: XML format, ideal for processing with scripts or integration into vulnerability management tools.
  • -oG file.gnmap: grepable format, useful for quick searches with grep or awk.
  • -oA base: generates the three previous formats with the same prefix.

For example:

  • nmap -sS -sV -oA escaneo_red 192.168.1.0/24

This will produce escaneo_red