Nmap Basic Syntax

Learn the fundamental command structure and syntax of Nmap for effective network scanning

Understanding Nmap's command structure and basic syntax is essential for effective network scanning. This guide covers the fundamental syntax patterns and command-line options that form the foundation of all Nmap operations.

Command Structure

Nmap commands follow a consistent structure:

nmap [Scan Type] [Options] [Target Specification]

Each component serves a specific purpose:

  • Scan Type: Determines how Nmap probes the target (e.g., -sS for SYN scan)
  • Options: Modify scan behavior, output format, timing, etc.
  • Target Specification: Defines which hosts to scan

Basic Command Examples

Default Scan

nmap example.com

Performs a basic scan showing open ports on the target.

Specific Port Scan

nmap -p 80,443 example.com

Scans only ports 80 and 443.

Port Range Scan

nmap -p 1-1000 example.com

Scans ports 1 through 1000.

Common Options

Verbosity and Debugging

  • -v: Increases verbosity level
  • -vv: Even more verbose
  • -d: Debugging mode
  • -dd: More debugging information

Output Options

  • -oN <file>: Normal output to file
  • -oX <file>: XML output to file
  • -oG <file>: Grepable output to file
  • -oA <prefix>: Output in all formats

Scan Timing

  • -T0: Paranoid (very slow, for IDS evasion)
  • -T1: Sneaky
  • -T2: Polite
  • -T3: Normal (default)
  • -T4: Aggressive
  • -T5: Insane (very fast, but potentially less accurate)

Combining Options

Nmap's power comes from combining various options to create customized scans:

nmap -sS -T4 -p 1-1000 -oN results.txt 192.168.1.0/24

This command:

  • Uses a SYN scan (-sS)
  • Sets aggressive timing (-T4)
  • Scans ports 1-1000 (-p 1-1000)
  • Saves results to results.txt (-oN results.txt)
  • Scans the entire 192.168.1.0/24 subnet

Best Practices

  1. Start Simple: Begin with basic scans and add complexity as needed
  2. Use Appropriate Timing: Match scan speed to network conditions
  3. Save Your Results: Always output to a file for later analysis
  4. Respect Privacy: Only scan networks you have permission to scan
  5. Consider Network Impact: Be aware that scanning can affect network performance

Next Steps

Now that you understand the basic syntax of Nmap, you can explore: