So, you have nmap installed (yum install epel-release && yum install nmap on CentOS/RHEL, apt-get install nmap on Debian and co., installing it the usual way in Windows). What next? Get to a CLI and decide what network device you’d like to scan. Start with the IP address of something insignificant within your network. Specifying that nmap target is as simple as:
Where 10.0.0.1 is the target. nmap will then carry out its default scan against that IP address. When it finishes it’ll tell you what ports are open and what services usually run on those ports. Easy, eh?
To scan all hosts in a subnet you would type:
To scan all hosts in a range you would type:
It’s all quite straightforward. You can use wildcards to expand the search even further:
Please be aware of the impact of doing wide-ranging scans and ensure your network will be able to cope before you enter the command. These are pretty basic scans and as such not to thirsty from a network resource perspective.