Basic Nmap Scanning
Now that we have Nmap installed and a local service running, let's perform some basic scans to understand how Nmap works.
First, let's perform a simple TCP connect scan on our local HTTP server:
nmap -sT -p 8000 localhost
In this command:
-sT
specifies a TCP connect scan
-p 8000
tells Nmap to scan only port 8000
localhost
is the target of our scan
You should see output similar to this:
Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-13 15:27 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
8000/tcp open http-alt
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
This output shows that port 8000 is open and running an HTTP service.
Now, let's perform a more detailed scan that attempts to determine the version of the service running:
nmap -sV -p 8000 localhost
The -sV
option tells Nmap to probe open ports to determine service/version info.
You should see output similar to this:
Starting Nmap 7.80 ( https://nmap.org ) at 2024-09-13 15:27 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE VERSION
8000/tcp open http SimpleHTTPServer 0.6 (Python 3.10.12)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.48 seconds
This output provides more detailed information about the service running on port 8000, including the fact that it's a Python SimpleHTTPServer.
You can view the Nmap requests in the logs of the terminal where you started the Python HTTP server.