Linux Administrator

Install Nmap Network Security Scanner On CentOS/RHEL

What is Nmap? is short of “network mapper” is used to scan network. It is used for security scans, in simple word it identify what service a host is running. Namp utility is used to scanning port and finding out the all way a computer communication with other computer in network. You you also use nmap to find the open ports on the system or server and find what services are using on those ports.

In this tutorial I will cover how to install Namp on the CentOS/RHEL

Nmap Installation

Type the below command to install nmap on RHEL based Linux system:

# yum install nmap

Sample outputs:

Loaded plugins: fastestmirror
Setting up Install Process                                                                                                             |  951 B     00:00
Resolving Dependencies
--> Running transaction check
---> Package nmap.x86_64 2:5.51-6.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================
 Package                          Arch                               Version                                  Repository                        Size
=====================================================================================================================================================
Installing:
 nmap                             x86_64                             2:5.51-6.el6                             base                             2.8 M

Transaction Summary
=====================================================================================================================================================
Install       1 Package(s)

Total download size: 2.8 M
Installed size: 9.7 M
Is this ok [y/N]: y
Downloading Packages:
nmap-5.51-6.el6.x86_64.rpm                                                                                                    | 2.8 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : 2:nmap-5.51-6.el6.x86_64                                                                                                          1/1
  Verifying  : 2:nmap-5.51-6.el6.x86_64                                                                                                          1/1

Installed:
  nmap.x86_64 2:5.51-6.el6

Complete!

Nmap command usage

To check the nmap version, type below command:

# nmap --version
Nmap version 5.51 ( http://nmap.org )

Scan an IP address or hostname, type below command:

# nmap 127.0.0.1
# nmap example.com
# nmap 192.168.0.5

Sample outputs:

Starting Nmap 5.51 ( http://nmap.org ) at 2017-09-08 06:08 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Other addresses for localhost (not scanned): 127.0.0.1
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 997 closed ports
PORT     STATE SERVICE
25/tcp   open  smtp
2022/tcp open  down
3306/tcp open  mysql
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

Get More Information Of The Remote System

You can get more information of the remote system using –v and –A option, -A option enable OS detection and version and -v option uses to see verbose output:

# nmap -v -A localhost 

Starting Nmap 5.51 ( http://nmap.org ) at 2017-09-08 07:00 EDT
NSE: Loaded 57 scripts for scanning.
Initiating SYN Stealth Scan at 07:00
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 2022/tcp on 127.0.0.1
Completed SYN Stealth Scan at 07:00, 0.03s elapsed (1000 total ports)
Initiating Service scan at 07:00
Scanning 3 services on localhost (127.0.0.1)
Completed Service scan at 07:00, 0.15s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against localhost (127.0.0.1)
Retrying OS detection (try #2) against localhost (127.0.0.1)
Retrying OS detection (try #3) against localhost (127.0.0.1)
Retrying OS detection (try #4) against localhost (127.0.0.1)
Retrying OS detection (try #5) against localhost (127.0.0.1)
NSE: Script scanning 127.0.0.1.
Initiating NSE at 07:01
Completed NSE at 07:01, 0.14s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000024s latency).
Other addresses for localhost (not scanned): 127.0.0.1
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 997 closed ports
PORT     STATE SERVICE VERSION
25/tcp   open  smtp    Sendmail 8.14.4/8.14.4
| smtp-commands: vsrv.looklinux.com Hello localhost.localdomain [127.0.0.1], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, 8BITMIME, SIZE, DSN, ETRN, DELIVERBY, HELP
|_ 2.0.0 This is sendmail 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP ". 2.0.0 To report bugs in the implementation see 2.0.0 http://www.sendmail.org/email-addresses.html 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info
2022/tcp open  ssh     OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey: 1024 6a:3d:93:3d:4f:d2:c9:8f:ef:34:a9:64:aa:41:cc:4b (DSA)
|_2048 91:20:91:c7:95:fd:78:d9:0c:00:a4:ac:7e:22:ee:95 (RSA)
3306/tcp open  mysql   MySQL 5.1.73-log
| mysql-info: Protocol: 10
| Version: 5.1.73-log
| Thread ID: 410384
| Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection
| Status: Autocommit
|_Salt: [,f@K9z~*SD<=]<SnO"X
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.51%D=9/8%OT=25%CT=1%CU=32909%PV=N%DS=0%DC=L%G=Y%TM=59B27874%P=x
OS:86_64-redhat-linux-gnu)SEQ(SP=108%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=U)OPS(
OS:O1=M400CNNSNW9%O2=M400CNNSNW9%O3=M400CNW9%O4=M400CNNSNW9%O5=M400CNNSNW9%
OS:O6=M400CNNS)WIN(W1=8018%W2=8018%W3=8018%W4=8018%W5=8018%W6=8018)ECN(R=Y%
OS:DF=Y%T=40%W=8018%O=M400CNNSNW9%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD
OS:=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%D
OS:F=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O
OS:=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40
OS:%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: vsrv.looklinux.com; OS: Unix

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.63 seconds
           Raw packets sent: 1110 (52.890KB) | Rcvd: 2238 (101.291KB)

Scan IP Address Range

Type the below command to scan a range of IP address:

# nmap 192.168.0.1-50

Scan An Entire Subnet

Type the below command to scan entire subnet:

# nmap 192.168.0.0/24

Ping Only Scan

Type the below command to ping only scan:

# nmap -sP 192.168.0.1
</pre.
Scan TCP SYN 

Type the below command to scan tcp syn
# nmap -sS 192.168.0.1

Scan IP Protocol

Type the below command to scan the IP protocol:

# nmap -sO 192.168.0.1

Scan Multiple Port

Type the below command to scan the multiple port:

# nmap -p 110,80,443,53,25 192.168.0.1

Scan Port Range 1024-2048

Type the below command to scan the port range:

# nmap -O --osscan-guess 192.168.0.1

If you know another command related to Nmap please share with us.

Thanks:)

Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment