In this article, we are going to explain what are Nmap commands and how to install Nmap. We will also be providing some Nmap command examples. 

People nowadays, especially those who work with programming, networking, developing, and even security like IT managers, network administrators, and security professionals, are having a tough time. They are always spending a lot of time checking what is running behind their applications and networks and the vulnerabilities hiding behind them.

In addressing and performing this, there is a large pool of monitoring and scanning utilities being offered to monitor the network proficiently, perform actions like security auditing and network mapping, avoid the possible vulnerabilities or, if ever, solve the problems caused by these vulnerabilities.

Suppose you were new in network administration and security monitoring and ask the people who do this works. In that case, they might suggest and bring you the Nmap as your best starter pack monitoring and scanning tool for its all-around and convenient usability.

Suppose this is new to you and don't have any idea, no worries! In this article, we will guide you. We will help you know what is Nmap and, most importantly, how you will use it as your monitoring tool.


The Nmap or Network Mapping is a free monitoring tool or open-source network scanner that can detect services, open ports, and even security risks. It can also detect and scan the operating system (OS) by just scanning the networks. It will show and report the IP addresses or packets of all the units or computers in a said network, and custom scanning is one of the choices that provide more information and detailed results.

Nmap was created by Gordon Lyon or known by his pseudonym Fyodor Vaskovrich. It was first time introduced in September 1997, which was written in C++ with source code in the Phrack Magazine for further years, Nmap has been extended with Python, Perl, and C.

Network Administrators use Nmap as one of the core tools for mapping their networks. Nmap is used to classify or identify the devices running on their network or system, paving the way to let them know the available hosts and their services. These services are finding open ports, ping sweeps, OS scanning, and the lurking vulnerabilities or security risks.

The program commonly uses a Command-Line Interface (CLI) than Graphics User's Interface (GUI) that is available nowadays in different operating systems like Linux, Gentoo, and Free BSD.

For many years, Nmap has evolved to explain why Nmap has been versatile and convenient, leading as one of the best free network discovery tools in the market and still quite popular due to the warm users' support from the community.

Installing Nmap

The Nmap installation is relatively easy, but it depends on the operating system you have. 


There's a Nmap custom installer; nmap<version>setup.exe, download this and activate the said installer. It would automatically configure the Nmap on the system.


Users with Linux OS could get Nmap in their source or use a preferred package manager. Using the apt, you could activate Nmap–version to see if you have installed Nmap.


In macOS, Nmap has a dedicated installer. To start the installer, run the Nmap-<version>mpkg file. There are some cases or possibilities that you will encounter a warning regarding Nmap as an unidentified developer. However, you can skip the said warning.

Nmap commands in Linux

After installing and using the Nmap, it is essential to be familiar with the Command-Line Interface to write scripts or use the Nmap commands correctly to perform the common automated tasks, sometimes in basic network monitoring if necessary.  

Nmap functions can be done within a single command or "shortcut" commands. Here are some performances being done on Nmap (Nmap tutorial).

1.   Executing Ping Scan [nmap ping scan]

It is one of the basic functions. It allows the users to identify or classify the active hosts in the network and returns the data or host lists and the total number of significant IP packets or addresses. Ping scan can be executed by typing # as a command or # nmap –sp

you can check our previous article on how to disable ping in Linux VPS.

2.   Executing Host Scan

Distinct from the ping scan, the host scan could be executed by sending active request packets of ARP to the hosts within the network. When the host receives this, it will respond through an ARP but contain its information and address. Host scan will run under the command # nmap –sp <target IP range>. If there's any unusual or suspicious host in the list, the command # nmap –sl <IP address> can be used to execute a DNS query to a specific host. 

3.   Executing Port Scan 

Port scanning in Nmap comes in various ways based on the port they cover. Here are some Nmap commands used in port scanning:

  • # sS TCP SYN scan

This is the primary port scanning command in Nmap. It allows the users to gather their needed information by scanning more than a thousand ports each second and doesn't start suspicions because it is not a complete TCP connection.

  • # sT TCP connect scan

It actively asks search hosts and requests their responses. This port scanning command takes a longer time than an SYN scan to change more convenient and reliable data.

  • # sU UDP scans

It is quite similar to the second port command in this list; however, it was used in scanning DNS by using UDP packets and is one of the useful tools to check vulnerabilities.

  • # sY SCTP INIT scan

It covers SIGTRAN and SS7. It was also meant to avoid vulnerabilities or suspicions while scanning the external network due to the incomplete total SCTP process.

  • # sN TCP Null 

This command uses a 'crenel' in the TCP system wherein it could reveal or show the ports' status even if it's firewall protected.

4.   Executing OS Scan

It is counted as one of the most essential and potent features that Nmap possessed. Performing this, it sends UDP and TCP packets to a specific port and analyzes its response which will be compared to over 2600 OS. To run the OS scanning, execute the command Nmap –O <target IP>.

5.   Most Popular Ports Scanning

This command is very useful if you're under server in ha come in running Nmap. It scans automatically the user's given the number of popular ports available and reports the list of available ports with their status in said number. Use the command Nmap –top-ports <number of wanted searched ports>

6.   File Output

Adding extensions to your commands helps get a copy of the outcomes of your Nmap scanning outputs is possible by the command –oN output.txt. The result in XML format is –oX output.xml.

7.   Disabling Name Resolution of DNS

This is used to expedite the Nmap scanning, and you can use the –n to incapacitate the DNS resolution that is reversed. It is very convenient and useful if you're going to a broad pool of network scanning. For example, if your want to disable the DNS resolution of ping scanning, add –n after the –sp; # nmap –sp –n

Last Words

We hope that the above-mentioned Nmap command list will help you through the network monitoring journey. Networks have been one of the most important parts of continuing virtual essentials as well as innovation. However, there are still people with dark intentions who attacks and hacks these networks for their self-interest and purposes. Good security practice would be to flush the DNS periodically. 

Knowing how Network mapping or Nmap works is one of the enormous points for you against these people to accumulate security and avoid the lurking troubles; you can also watch out for your network. 

Watching these aftermath scenarios of hacking makes us learn that security scanning and monitoring are crucial. This will lead us to the next step after watching and learning, watching for our network status and security, and looking after the possible threats that happened and will happen.

People also read: