Vous êtes sur la page 1sur 6

• Home

• Free help
• Tips
• Dictionary
• Forums
• Links
• Contact

Linux / Unix nmap command


Quick links
About nmap
Syntax
Examples
Related commands
Linux / Unix main page
About nmap
Short for network mapper, nmap is a network exploration tool and security /
port scanner.
Syntax
nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
-iL Input from list of hosts/networks
-iR Choose random targets
--exclude <host1[,host2] Exclude hosts/networks
[,host3],...>
--excludefile Exclude list from file
<exclude_file>
HOST DISCOVERY:
-sL List Scan - list targets to scan
-sP Ping Scan - go no further than determining if host is online
-P0 Treat all hosts as online -- skip host discovery
-PS/PA/PU [portlist] TCP SYN/ACK or UDP discovery to given ports
-PE/PP/PM ICMP echo, timestamp, and netmask request discovery probes
-n/-R Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers Specify custom DNS servers
<serv1[,serv2],...>
--system-dns Use OS's DNS resolver
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM TCP SYN/Connect()/ACK/Window/Maimon scans
-sN/sF/sX TCP Null, FIN, and Xmas scans
--scanflags <flags> Customize TCP scan flags
-sI <zombie Idlescan
host[:probeport]>
-sO IP protocol scan
-b <ftp relay host> FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges> Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-F Fast - Scan only the ports listed in the nmap-services file)
-r Scan ports consecutively - don't randomize
SERVICE/VERSION DETECTION:
-sV Probe open ports to determine service/version info
--version-intensity Set from 0 (light) to 9 (try all probes)
<level>
--version-light Limit to most likely probes (intensity 2)
--version-all Try every single probe (intensity 9)
--version-trace Show detailed version scan activity (for debugging)
OS DETECTION:
-O Enable OS detection
--osscan-limit Limit OS detection to promising targets
--osscan-guess Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in milliseconds, unless you append 's' (seconds), 'm'
(minutes), or 'h' (hours) to the value (e.g. 30m).
-T[0-5] Set timing template (higher is faster)
--min- Parallel host scan group sizes
hostgroup/max-
hostgroup <size>
--min- Probe parallelization
parallelism/max-
parallelism <time>
--min-rtt- Specifies probe round trip time.
timeout/max-rtt-
timeout/initial-rtt-
timeout <time>
--max-retries Caps number of port scan probe retransmissions.
<tries>
--host-timeout Give up on target after this long
<time>
--scan-delay/--max- Adjust delay between probes
scan-delay <time>
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val> fragment packets (optionally w/given MTU)
-D Cloak a scan with decoys
<decoy1,decoy2[,ME],...
>
-S <IP_Address> Spoof source address
-e <iface> Use specified interface
-g/--source-port Use given port number
<portnum>
--data-length <num> Append random data to sent packets
--ttl <val> Set IP time-to-live field
--spoof-mac <mac Spoof your MAC address
address/prefix/vendor
name>
--badsum Send packets with a bogus TCP/UDP checksum
OUTPUT:
-oN/-oX/-oS/-oG Output scan in normal, XML, s|<rIpt kIddi3, and Grepable
<file> format, respectively, to the given filename.
-oA <basename> Output in the three major formats at once
-v Increase verbosity level (use twice for more effect)
-d[level] Set or increase debugging level (Up to 9 is meaningful)
--packet-trace Show all packets sent and received
--iflist Print host interfaces and routes (for debugging)
--log-errors Log errors/warnings to the normal-format output file
--append-output Append to rather than clobber specified output files
--resume Resume an aborted scan
<filename>
--stylesheet XSL stylesheet to transform XML output to HTML
<path/URL>
--webxml Reference stylesheet from Insecure.Org for more portable XML
--no-stylesheet Prevent associating of XSL stylesheet w/XML output
MISC:
-6 Enable IPv6 scanning
-A Enables OS detection and Version detection
--datadir <dirname> Specify custom Nmap data file location
--send-eth/--send- Send using raw ethernet frames or IP packets
ip
--privileged Assume that the user is fully privileged
-V Print version number
Examples
nmap -P0 204.228.150.3
Running the above port scan on the Computer Hope IP address would give
information similar to the below example. Keep in mind that with the above
command it's -P<zero> not the letter O.
Interesting ports on www.computerhope.com (204.228.150.3):
Not shown: 1019 filtered ports, 657 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
113/tcp open auth
443/tcp open https
Related commands
nice
Top of Form

00341166830761 FORID:11;NB:1 Search

Bottom of Form

• Useful links

• Home
• Site map
• Computer help
• News
• Q&A
• What's new

• Tools

• Print page
• E-mail page
• Edit page
• Share page
• Category
• Linux / Unix

• Companies
• Click here

• Solved?
• Were you able to locate the answer to your question?
• Yes
• No
Top of Form

00341166830761 FORID:11;NB:1 Search

Bottom of Form

• Recently added
○ Computer questions 1,300 - 1,400
○ My CD-KEY or unique identification doesn't work
○ How do I edit a PDF file?
○ How do I clear a laptop CMOS password?
○ AdSense
○ AdWords
○ CamelCase
○ Apple Touch Icon
○ Computer Hope 2010 quizzes
○ Facebook keyboard shortcuts

• Useful links
○ About Us
○ Contact
○ Site Map
○ Computer help
○ Link to Computer Hope
○ Top 10 pages
○ Forums

© 2011 Computer Hope


Legal Disclaimer - Privacy Statement