Sep 14, 2023 4 min read

How to Use the Nmap Command

Use the Nmap command with our step-by-step tutorial. Nmap is one of the most important tools for network administrators to map their networks.

Use the Nmap Command
Table of Contents


Before we begin talking about the usage of the Nmap command, let's briefly understand - What is Nmap?

nmap is one of the most important tools for network administrators to map their networks. It can help in finding live hosts on a network, ping sweeps, OS detection, performing port scanning, and version detection.

nmap can be used as part of an integrated Data Security Platform. It is a network scanning tool that can identify all the connected devices to a network using the IP packets.

It is used via a command-line interface and is available for many different operating systems. It was majorly developed for enterprises and can scan thousands of connected devices.

Recently it has gained popularity among many smaller companies involved in IoT as the network used by these companies is very complex and hence hard to secure.

In this tutorial, you will use the Nmap command. We will also address a few FAQs on how to use the Nmap command.

What does Nmap do?

It provides real-time, detailed information on your network and on devices connected to them.

It has three core processes:

  1. It provides detailed information about every IP active on your network which further can be scanned. Furthermore, it helps administrators decide if the IP is being used for a legitimate purpose or not.
  2. It provides information on the network as a whole. It gives a list of live hosts and open ports. Likewise, it can even identify the OS used by every connected device. It helps in system monitoring as well as pen-testing.
  3. It can also be used to protect personal and business websites. You can use it to attack your own site, which will help in identifying the vulnerabilities and fixing them on priority.

How to Install Nmap Command

  • For Debian/Ubuntu
sudo apt-get install nmap -y
  • For CentOS/RedHat
yum install nmap

Working with Nmap Commands

1) Scan a system with its hostname and IP address.

  • Use the below command to scan using hostname:
  • For scanning using IP Address:

By running the above commands, you can find all open ports, services, and MAC addresses on the system.

2) If you want to get more detailed information about the remote machines, use the below command:

nmap -v

3) You can even scan multiple hosts using nmap:


4) Use the below command to scan the complete subnet and get the details of all the hosts which are up in the network:

nmap 103.76.228.*

5) For scanning and detecting the firewall settings, use the below command. It can be helpful while doing penetration testing and vulnerability scans:

sudo nmap -sA

6) Identify hostnames using the following command. sl option to be used to find hostnames for the given host by completing a DNS query. -n command is used to skip DNS resolution and -R command is used to always resolve DNS:

sudo nmap -sL 

7) To scan a long list of addresses, you can directly import a file through a command line.

nmap -iL input.txt

8) If you want to have some help or detailed information on a single command along with the available flags, use the following command:

nmap -h

9) To quickly trace a path, you can discover your target hosting service or identify additional targets according to your needs.

sudo nmap --traceroute <Domain Name>

10) The following command will display the Operating System where the IP address or the domain is running:

sudo nmap -O <Domain Name>

FAQs to Use the Nmap Command

How can I scan a single host using Nmap? 

Use the following command: nmap <targethost>. Replace <targethost> with the IP address or hostname of the host you want to scan.

Can Nmap scan multiple hosts or an entire network range at once? 

Yes, Nmap supports scanning multiple hosts or an entire network range. For example, you can use nmap <target1> <target2> or nmap <network/CIDR>.

Are there any options to control the type and depth of Nmap scans? 

Yes, Nmap offers a wide range of scan options. You can specify the scan type (e.g., TCP, UDP, SYN), scan ports or port ranges, and choose various scan techniques.

How can I save the Nmap scan results to a file? 

To save the output to a file, use the -oN option followed by a file name. For example: nmap -oN output.txt <target>.

Does Nmap offer scripting capabilities for customized scans? 

Yes, Nmap supports NSE (Nmap Scripting Engine) scripts that enable advanced scanning techniques, service detection, vulnerability testing, and automation.

Are there graphical interfaces available for Nmap? 

Yes, Nmap has multiple graphical interfaces (e.g., Zenmap, NmapSi4) that provide a user-friendly way to interact with Nmap's features and scan capabilities.

How do I perform a basic network scan using Nmap? 

Open the command prompt or terminal, enter the Nmap command followed by the target IP address or hostname, and hit Enter to initiate the scan.


Nmap can help in increasing the security of your networks as it offers a quick and efficient way of auditing the systems. By using Nmap you can avoid becoming easy prey for hackers.

We hope this detailed guide helped you understand how to use the Nmap command.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Tutorials - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.