Nmap (short for Network Mapper) is a free and open-source network scanning and security testing tool. Network administrators and security professionals use it to discover and assess the security of networks and devices. The following tutorial will teach you how to install and use Nmap on Fedora Linux with a desktop workstation or headless server using the command line terminal to install and use commands with the network scanner.
Table of Contents
Step 1 – Update Fedora
First, update your system to ensure all existing packages are up to date.
sudo dnf upgrade --refresh
Step 2 – Install Nmap
By default, NMAP is available on Fedora’s repository. Given Fedora is a 6-month release and focuses on the latest upstream releases, this version is the most up-to-date, making the installation easy and without having to import any third-party repositories.
Begin with the installation and execute the following command.
sudo dnf install nmap -y
Next, verify the installation by checking the version and build.
nmap --version
Example output:
[joshua@fedora-linux ~]$ nmap --version
Nmap version 7.93 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu
Compiled with: nmap-liblua-5.3.6 openssl-3.0.5 libssh2-1.10.0 libz-1.2.12 libpcre-8.45 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
Step 3 – How to Use the Nmap Scanner
An introduction to the Nmap scanner will review some of the most commonly used actions in how Nmap works.
Nmap Port States Definitions
First, before you begin, you should know what the port terminal states when using the Nmap port scanner.
- Closed – The port is closed and not accepting connections, which means there is no service listening on the port, or the service is not configured to accept incoming connections.
- Open – The port is open and accepting connections; the service runs on the port and can accept incoming connections.
- Filtered – The port is being filtered, and Nmap cannot determine whether it is open or closed. This can happen when a firewall or other network device blocks Nmap’s probes.
- Unfiltered – The port is not being filtered, and Nmap can determine whether it is open or closed. The port is reachable, but it cannot be determined if open or closed by Nmap.
- Closed | Filtered – Nmap reaches the target, and Nmap cannot determine if the port is open or closed.
- Open | Filtered – Nmap cannot determine whether the port is closed or filtered.
How to start a Scan Host or IP Address with Nmap
Here are two examples of how you can use Nmap to scan a host or IP address from the command line in a Linux terminal:
Example 1: Scan a single host
To scan a single host, use the following command:
nmap <hostname or IP address>
For example, to scan the host with the IP address 192.168.1.1, use the following command:
nmap 192.168.1.1
Example 2: Scan a range of IP addresses
To scan a range of IP addresses, use the following command:
nmap <start IP address>-<end IP address>
For example, to scan the IP addresses from 192.168.1.1 to 192.168.1.254, use the following command:
nmap 192.168.1.1-192.168.1.254
How to start a Scan for Operating System with Nmap
Nmap can scan a host to determine the operating system (OS) in use. Here are two examples of how you can use Nmap to scan for the operating system from the command line in a Linux terminal:
Example 1: Scan a single host
To scan a single host, use the following command:
nmap -O <hostname or IP address>
For example, to scan the host with the IP address 192.168.1.1, use the following command:
nmap -O 192.168.1.1
Example 2: Scan a range of IP addresses
To scan a range of IP addresses, use the following command:
nmap -O <start IP address>-<end IP address>
For example, to scan the IP addresses from 192.168.1.1 to 192.168.1.254, use the following command:
nmap -O 192.168.1.1-192.168.1.254
How to start a Port Specification and Scan Order with Nmap
Nmap allows you to specify the ports to be scanned and the order in which the scans are performed. Here are two examples of how you can use Nmap to specify the ports to be scanned and the scan order from the command line in a Linux terminal:
Example 1: Scan specific ports on a single host
To scan specific ports on a single host, use the following command:
nmap -p <port1,port2,port3,...> <hostname or IP address>
For example, to scan ports 80, 443, and 8080 on the host with the IP address 192.168.1.1, use the following command:
nmap -p 80,443,8080 192.168.1.1
Example 2: Scan ports in a specific order on a range of IP addresses
To scan ports in a specific order on a range of IP addresses, use the following command:
nmap -p <port1,port2,port3,...> --top-ports <number> <start IP address>-<end IP address>
For example, to scan the top 10 most common ports in the order of most to least common on the IP addresses from 192.168.1.1 to 192.168.1.254, use the following command:
nmap -p- --top-ports 10 192.168.1.1-192.168.1.254
How to start a Services Scan with Nmap
A service scan is a network scan that can determine the services running on a host. Here are two examples of how you can use Nmap to perform a service scan from the command line in a Linux terminal:
Example 1: Scan a single host
To scan a single host, use the following command:
nmap -sV <hostname or IP address>
For example, to scan the host with the IP address 192.168.1.1, use the following command:
nmap -sV 192.168.1.1
Example 2: Scan a range of IP addresses
To scan a range of IP addresses, use the following command:
nmap -sV <start IP address>-<end IP address>
For example, to scan the IP addresses from 192.168.1.1 to 192.168.1.254, use the following command:
nmap -sV 192.168.1.1-192.168.1.254
How to start TCP SYN Scan with Nmap
A TCP SYN scan is a network scan that can be used to determine the open ports on a host. Here are two examples of how you can use Nmap to perform a TCP SYN scan from the command line in a Linux terminal:
Example 1: Scan a single host
To scan a single host, use the following command:
nmap -sS <hostname or IP address>
For example, to scan the host with the IP address 192.168.1.1, use the following command:
nmap -sS 192.168.1.1
Example 2: Scan a range of IP addresses
To scan a range of IP addresses, use the following command:
nmap -sS <start IP address>-<end IP address>
For example, to scan the IP addresses from 192.168.1.1 to 192.168.1.254, use the following command:
nmap -sS 192.168.1.1-192.168.1.254
Step 4 – Additional Commands & Tips
How to Update Nmap
Given that you installed Nmap using Fedora’s DNF package manager, you would initiate update checks and upgrades as you would with your system packages using the following command.
sudo dnf upgrade --refresh
How to Remove (Uninstall) Nmap
To remove Nmap from your Fedora system, use the following command to remove the application.
sudo dnf remove nmap
Note that this will remove the unused dependencies that were also installed during the initial installation of Nmap.
Conclusion
Nmap is an essential tool for any security professional, and its easy-to-use interface should be a go-to for anyone starting in the field. Understanding how to use Nmap correctly can significantly improve your security posture and protect your systems from malicious actors.