Quick take: The nmap command scans hosts and networks to discover live systems, open ports, and running services. nmap host does a basic scan; -sV detects service versions and -p targets specific ports. Only scan systems you own or are authorised to test.
Introduction
The nmap command (network mapper) is the standard tool for discovering hosts and the services they run. Administrators use it to audit their own networks — confirming which ports are open, what is listening, and whether anything unexpected is exposed. Always scan only systems you own or have explicit permission to test.
Syntax
The basic syntax of the nmap command is:
nmap [SCAN TYPE] [OPTIONS] TARGETCommon Options and Parameters
The most useful options and parameters for the nmap command:
| Option | Description |
|---|---|
| -sV | Detect service and version on open ports. |
| -p PORTS | Scan specific ports (e.g. -p 22,80,443 or -p-). |
| -sn | Ping scan — discover hosts without scanning ports. |
| -O | Attempt operating-system detection. |
| -A | Aggressive: version, OS, scripts, traceroute. |
| -T4 | Faster timing template. |
| -Pn | Skip host discovery (treat host as up). |
| --open | Show only open ports. |
Practical Examples
Real nmap commands you can run today:
# Basic scan of a host
nmap 192.168.1.10
# Discover live hosts on a subnet
nmap -sn 192.168.1.0/24
# Detect service versions
nmap -sV 192.168.1.10
# Scan specific ports
nmap -p 22,80,443 example.com
# Scan all ports, show only open
nmap -p- --open 192.168.1.10
# Audit your own server thoroughly
sudo nmap -A 192.168.1.10Tips and Best Practices
- Only scan hosts and networks you own or are explicitly authorised to test — unsolicited scanning can violate policies and laws.
nmap -sn 192.168.1.0/24is a quick way to inventory the live devices on your local network.- Use
-sVto confirm that the service on a port is what you expect — handy for spotting forgotten or misconfigured services.
Final Thoughts
nmap is the go-to tool for auditing your own networks — discovering hosts, mapping open ports, and identifying services so you can close what should not be exposed. Learn -sn for host discovery, -p for port selection, and -sV for service detection, and always confine scanning to systems you are authorised to test. It pairs naturally with ss for local checks.
FAQ: nmap Command in Linux
What is nmap used for?+
nmap discovers hosts on a network and scans them for open ports and running services. Administrators use it to audit their own systems — verifying what is exposed and spotting unexpected services.
How do I scan for open ports with nmap?+
Run nmap host for common ports, nmap -p- host for all 65535 ports, or nmap -p 22,80,443 host for specific ones. Add --open to show only open ports.
How do I find all devices on my network?+
Use a ping scan: nmap -sn 192.168.1.0/24 lists the live hosts on that subnet without scanning their ports.
How do I detect service versions?+
Use -sV: nmap -sV host probes open ports to identify the service and version running, which helps spot outdated or misconfigured software.
Is it legal to use nmap?+
nmap is legal to use on systems you own or are explicitly authorised to test. Scanning networks without permission can breach acceptable-use policies and laws, so confine scanning to your own infrastructure.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support