Some Nmap Commands

Home / CLI / Some Nmap Commands

Turn on OS and version detection scanning script (IPv4)

nmap -A
nmap -v -A
nmap -A -iL /tmp/scanlist.txt

Find out if a host/network is protected by a firewall

nmap -sA

Scan a host when protected by the firewall

nmap -PN

Scan a network and find out which servers and devices are up and running
This is known as host discovery or ping scan:

nmap -sP

Sample outputs:

Host is up (0.00035s latency).
MAC Address: BC:AE:C5:C3:16:93 (Unknown)
Host is up (0.0038s latency).
MAC Address: 74:44:01:40:57:FB (Unknown)
Host is up.
Host nas03 ( is up (0.0091s latency).
MAC Address: 00:11:32:11:15:FC (Synology Incorporated)
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.80 second

Only show open (or possibly open) ports

nmap --open

Show all packets sent and received

nmap --packet-trace

Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
If firewall is blocking standard ICMP pings, try the following host discovery methods:

nmap -PS
nmap -PS 80,21,443
nmap -PA
nmap -PA 80,21,200-512

How do I detect remote operating system?
You can identify a remote host apps and OS using the -O option:

nmap -O
nmap -O --osscan-guess
nmap -v -O --osscan-guess

Leave a Reply

Your email address will not be published.