How to Scan a Network with NMAP

By Mark D. Albin, MS

Network scanning is a crucial step for network security assessment. NMAP is a powerful network scanning tool that can be used to discover hosts and services on a computer network. Here's a simple guide to perform a network scan using NMAP:

  1. Discover Live Hosts: Begin by identifying all the live hosts on the network. Use the command: nmap -sn 192.168.4.0/24 -oN live_hosts.txt This command performs a ping scan over the specified subnet and saves the list of live hosts to a file named live_hosts.txt.
  2. Extract IP Addresses: Next, extract the IP addresses of the live hosts using grep and awk with the command: grep "Nmap scan report for" live_hosts.txt | awk '{print $5}' > ip-addresses.txt This will parse the scan report and save the IP addresses into ip-addresses.txt.
  3. Operating System Detection: To detect the operating system of each live host, run the following command with root privileges: sudo nmap -iL ip-addresses.txt -O -oN os-detection.txt This command will use the list of IP addresses and attempt to determine the operating system of each host, saving the results to os-detection.txt.
  4. Service Version Detection: Identifying the version of services running on open ports can be done with: nmap -iL ip-addresses.txt -sV -oN common_services.txt This will perform a service scan and save the information about common services to common_services.txt.
  5. Vulnerability Scanning: For a more in-depth security assessment, conduct a vulnerability scan using: nmap -iL ip-addresses.txt --script vuln -oN vulnerabilities.txt This uses NMAP's scripting engine to check for vulnerabilities on the hosts and records the findings in vulnerabilities.txt.

By following these steps, you can obtain a comprehensive view of the network's topology, the services running, and potential vulnerabilities. Always ensure you have permission to scan the network, as unauthorized scanning can be illegal.

How to Scan a Network with NMAP | IT Master Services