Nmap, short for “Network Mapper”, is an open-sourced tool for network discovery and auditing. It is now one of the most widely used tools for network mapping by system administrators. Nmap searches for hosts and services on a network.

There are a variety of free network monitoring tools and vulnerability scanners that are available to security professionals, however, Nmap stands out. Nmap is not only free, but it is also incredibly flexible, portable, well-documented, and simple to use.

Nmap has the advantage of combining a variety of capabilities into a single package, rather than forcing you to switch between other network monitoring programs. To use it, you should be familiar with command line interfaces.

This tutorial will demonstrate how to perform a ping scan, a host scan and an OS and services scan with Nmap.

Scanning with Nmap

Ping Scan

The most basic function of Nmap is to identify hosts on your network. To identify the IP addresses that are currently on the network, Nmap uses a ping scan. This scan returns a list of hosts on your network as well as the total number of IP addresses. These scans are done without sending packets to the hosts. You can run more commands on the found hosts to examine them more thoroughly.

Run the following command to execute a ping scan:

# nmap -sp

Host Scan

Using Nmap to run a host scan is a more powerful technique to scan your networks. A host scan, unlike a ping scan, sends ARP request packets to all the hosts on your network. Each host then responds with another ARP packet including its status and MAC address in response to this packet.

Run the following command to execute a host scan:

# nmap -sp <target IP range>

OS and Services Scan

Nmap is one of the most widely used tools for enumerating a target host. Nmap can run scans to detect the operating system, version, and services on a single or numerous devices. When conducting network penetration testing, detection scans are important to the enumeration process. It's critical to know where susceptible devices are on the network so that they can be repaired or replaced before being attacked. 

Run the following command to detect OS and Services

# nmap -A <target IP>


In this article, we introduced you to Nmap and demonstrated how it can be used to perform various scans to obtain information that can be used for network discovery and auditing. Stay tuned for an upcoming LinuxSecurity feature article exploring how Nmap can be used  for firewall penetration testing to evaluate and improve the security of your network.