nmap target specification

So, you have nmap installed (yum install epel-release && yum install nmap on CentOS/RHEL, apt-get install nmap on Debian and co., installing it the usual way in Windows). What next? Get to a CLI and decide what network device you’d like to scan. Start with the IP address of something insignificant within your network. Specifying that nmap targetĀ is as simple as:

nmap 10.0.0.1

Where 10.0.0.1 is the target. nmap will then carry out its default scan against that IP address. When it finishes it’ll tell you what ports are open and what services usually run on those ports. Easy, eh?

To scan all hosts in a subnet you would type:

nmap 10.0.0.0/24

To scan all hosts in a range you would type:

nmap 10.0.0.1-40

It’s all quite straightforward. You can use wildcards to expand the search even further:

nmap 10.0.*.*

Please be aware of the impact of doing wide-ranging scans and ensure your network will be able to cope before you enter the command. These are pretty basic scans and as such not to thirsty from a network resource perspective.