Scanning a Remote Host
Now that you have a basic understanding of Nmap, let's dive into how to use it to scan a remote host.
Basic Host Scan
The most basic Nmap scan is a host discovery scan, which can be performed using the -sn
(ping scan) option. This will attempt to determine which hosts are up and running on the network. Here's an example:
nmap -sn 192.168.1.1
This will scan the host at IP address 192.168.1.1 and report whether it is online or not.
Port Scanning
To get more detailed information about a target host, you can perform a port scan. This will identify which ports are open on the target system. Here's an example:
nmap -sV -p- 192.168.1.100
This will perform a TCP connect scan on all 65,535 ports (the -p-
option) and attempt to determine the service/version information running on each open port (the -sV
option).
Stealth Scanning
Nmap also supports various "stealth" scanning techniques that can help bypass firewalls and intrusion detection systems. One example is the SYN scan, which can be performed using the -sS
option:
nmap -sS 192.168.1.100
This type of scan is more stealthy than a standard TCP connect scan, as it doesn't complete the full TCP handshake.
Output and Reporting
Nmap provides several options for saving and organizing your scan results. For example, you can use the -oA
option to save the output in all major formats (normal, greppable, and XML):
nmap -sV -p- -oA myscan 192.168.1.100
This will create three files: myscan.nmap
, myscan.gnmap
, and myscan.xml
, each containing the scan results in a different format.