[ code. keyboards. terminals. cyber. ]


nmap basics

Nmap (Network Mapper) is a free port scanner for scanning and evaluating hosts on a network. The tool, released under the GNU Public License, was developed by a resourceful hacker known as Fydor. Of course, I advise you to only scan networks that you own or administer - anything else could be illegal and punishable. Nmap runs under:



brew install nmap

Linux (Ubuntu / Debian):

sudo apt-get install nmap

Windows (.exe):



$ nmap -h

What can you use nmap for?

Nmap is primarily a port scanner, i.e. nmap checks the availability of the running protocols of a domain given to nmap. Ports, as mentioned earlier, are protocols and parts of a network address that handles the mapping of TCP and UDP connections and data packets between server and client. To each connection always two same ports belong one on the side of the server and one on the side of the client. Ports thus serve as a feature to distinguish multiple connections between the same pair of endpoints, and ports can identify network protocols and services. A list of all standardized ports can be found here:

If you want to play around yourself you can use

nmap -h

Display the list of all options and parameters.


Simple Port Scan

. The simplest scan variant of nmap is:


and that brings the following output:


Host is up (0.00026s latency)

Means that the scanned host responds and took 0.00026 sec. to do so.

Not shown: 999 closed Ports

999 ports are not displayed because they are not open

631/TCP open ipp

Port 631 is open and is used by the IPP service. IPP is a printing service provided over the network.


Definition of targets

Line of a scan with nmap can be present as IP addresses (for example, as hostnames (, networkranges ( and so on. If there are several target systems to be scanned, there are also different parameters that can be given to nmap:

-iL (processes a file with a list of targets)

-iR (searches for a random number of targets)

--exclude host1[,host2]... (Ignores the defined goals)

--excludefile filename (ignores the targets in the passed file)


Definition of ports

Similar to the targets, the ports to be scanned can also be defined.

-p (scans only predefined ports (z.B. -p22 / -p1-65535 etc.)

--exclude-ports (exclude ports)

-F (Fast-Mode / scans only the first 100 ports)

-r (scans ports one after another)



After we have defined our targets and the port, the scanning can start.

nmap -sn

Ping the target only and see if it responds and is online

nmap -p1-65535

Scans the target for all 65535 existing ports and their state.

nmap -PO [Protokollliste]

Scans only IP protocol services running on the target.

nmap -O

This parameter activates the OS (Operating System) check, so that at the end of the scan the used OS is dropped out.

These are only a few scan options nmap offers but a start and basic understanding should be done. If you want the full list of current parameters and options, you can find them here:

and the nmap page is available here: