Hong's Tech Blog

Hong's Tech Blog

Cheatsheet & Examples: nmap

UpdatedJanuary 9, 2026

•4 min read

I am a developer from Malaysia. I work with PHP most of the time, recently I fell in love with Go. When I am not working, I will be ballroom dancing :-)

Part of seriesCommon Tasks

nmap is a powerful network scanning tool used to discover hosts and services on a computer network by sending packets and analyzing the responses. It's widely used for network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Basic Port Scan

Example Usage: nmap 192.168.1.1

What it does: Scans the specified IP address (192.168.1.1) for open TCP ports. It uses a default scan, typically a TCP connect scan.

Command-line Arguments Explained:

192.168.1.1: Specifies the target IP address to scan.

Scan a Range of IPs

Example Usage: nmap 192.168.1.1-254

What it does: Scans a range of IP addresses from 192.168.1.1 to 192.168.1.254.

Command-line Arguments Explained:

192.168.1.1-254: Specifies the IP address range to scan.

Scan a Network

Example Usage: nmap 192.168.1.0/24

What it does: Scans the entire /24 network (192.168.1.0 to 192.168.1.255).

Command-line Arguments Explained:

192.168.1.0/24: Specifies the network to scan using CIDR notation.

Scan for Specific Ports

Example Usage: nmap -p 80,443 192.168.1.1

What it does: Scans the specified IP address (192.168.1.1) for ports 80 and 443 only.

Command-line Arguments Explained:

-p: Specifies the ports to scan.
80,443: Lists the ports to be scanned, separated by commas.
192.168.1.1: Specifies the target IP address to scan.

TCP Connect Scan

Example Usage: nmap -sT 192.168.1.1

What it does: Performs a TCP connect scan, which establishes a full TCP connection to each port. This is the most reliable scan type but is often detected and logged.

Command-line Arguments Explained:

-sT: Specifies a TCP connect scan.
192.168.1.1: Specifies the target IP address to scan.

TCP SYN Scan (Stealth Scan)

Example Usage: nmap -sS 192.168.1.1

What it does: Performs a TCP SYN scan (also known as a "stealth scan"), which sends a SYN packet and waits for a SYN/ACK (port open) or RST (port closed) response, but does not complete the three-way handshake, making it less likely to be logged. Requires root privileges.

Command-line Arguments Explained:

-sS: Specifies a TCP SYN scan.
192.168.1.1: Specifies the target IP address to scan.

UDP Scan

Example Usage: nmap -sU 192.168.1.1

What it does: Performs a UDP scan, which sends UDP packets to target ports. UDP scans are slower than TCP scans.

Command-line Arguments Explained:

-sU: Specifies a UDP scan.
192.168.1.1: Specifies the target IP address to scan.

Ping Scan (Host Discovery)

Example Usage: nmap -sn 192.168.1.0/24

What it does: Performs a ping scan to discover live hosts on the network without performing a port scan. This is useful for quickly identifying active hosts.

Command-line Arguments Explained:

-sn: Specifies a ping scan (host discovery).
192.168.1.0/24: Specifies the network to scan.

Aggressive Scan

Example Usage: nmap -A 192.168.1.1

What it does: Performs an aggressive scan, which includes OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute.

Command-line Arguments Explained:

-A: Enables aggressive scanning.
192.168.1.1: Specifies the target IP address to scan.

OS Detection

Example Usage: nmap -O 192.168.1.1

What it does: Attempts to determine the operating system of the target host.

Command-line Arguments Explained:

-O: Enables OS detection.
192.168.1.1: Specifies the target IP address to scan.

Version Detection

Example Usage: nmap -sV 192.168.1.1

What it does: Attempts to determine the version of services running on open ports.

Command-line Arguments Explained:

-sV: Enables version detection.
192.168.1.1: Specifies the target IP address to scan.

Script Scan

Example Usage: nmap --script=vuln 192.168.1.1

What it does: Runs a script scan using the Nmap Scripting Engine (NSE) to detect vulnerabilities or perform other tasks. This example uses the 'vuln' script to detect known vulnerabilities.

Command-line Arguments Explained:

--script=vuln: Specifies the script or script category to use. 'vuln' is a common script category.
192.168.1.1: Specifies the target IP address to scan.

Output to File

Example Usage: nmap -oN output.txt 192.168.1.1

What it does: Saves the scan results in a normal text format to the specified file (output.txt).

Command-line Arguments Explained:

-oN: Specifies the output file and format (normal).
output.txt: The name of the file to save the output to.
192.168.1.1: Specifies the target IP address to scan.

Output in XML Format

Example Usage: nmap -oX output.xml 192.168.1.1

What it does: Saves the scan results in XML format to the specified file (output.xml).

Command-line Arguments Explained:

-oX: Specifies the output file and format (XML).
output.xml: The name of the file to save the output to.
192.168.1.1: Specifies the target IP address to scan.

Fast Scan

Example Usage: nmap -F 192.168.1.1

What it does: Performs a fast scan, which scans fewer ports than the default scan, making it quicker.

Command-line Arguments Explained:

-F: Specifies a fast scan.
192.168.1.1: Specifies the target IP address to scan.

#cheatsheet #cli #nmap

9 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Common Tasks

Part 5 of 50

Quick reference for performing common tasks in Linux/Mac OS.

Cheatsheet & Examples: scp

scp (secure copy) is a command-line utility used to securely transfer files and directories between a local host and a remote host or between two remote hosts. It uses the Secure Shell (SSH) protocol for secure data transfer, encrypting the data duri...

More from this blog

Da Ma Cai 大马彩 API

TL;DR Scarp draw result, host on GitHub, retrieve it like API at damacai.hongineer.com. Data Scraping I have previously shared a technique for scraping Da Ma Cai draw result. Now I finally have time t

Feb 26, 20261 min read17

Da Ma Cai 大马彩 API

Monitor MySQL Replication Status with a Bash Script

This is a Bash script that check if the replica (slave) health status. If there is an issue, it will exist with non-zero status. This is useful when used with monitoring tools like [Monit](https://mmo

Feb 24, 20262 min read15

Monitor MySQL Replication Status with a Bash Script

Cheatsheet & Examples: chmod

chmod is a command-line utility used to change the access permissions of file system objects such as files and directories. It allows you to control who can read, write, and execute those objects. Changing Permissions Using Octal Notation Example Usa...

Jan 23, 20263 min read9

Cheatsheet & Examples: chown

chown changes the ownership of files and directories. This involves modifying the user and/or group associated with a file, determining who has access and permissions. Changing File Ownership to a Specific User Example Usage: chown user file.txt What...

Jan 20, 20263 min read6

Cheatsheet & Examples: usermod

The usermod command modifies a user account's properties on a Linux system. It allows administrators to change various attributes associated with a user, such as the user's login name, home directory, shell, groups, and password expiry information. C...

Jan 16, 20263 min read11

Hong's Tech Blog

110 posts

The blog is older than you know. I prefer counting from the emergence of one integral anomaly to the emergence of the next, in which case this is the forth version.