Nmap, short for “Network Mapper,” is a powerful open-source network scanning tool used to discover hosts and services on a computer network, thus creating a map of the network. One of its primary functions is to perform port scanning, which involves scanning a target host for open ports and services.
Closing unnecessary ports on your server is an important process and server hardening in general. This reduces what information cyber attackers can easily gather about your web server and services to exploit. This also applies to Small Office / Home Office (SOHO) networks.
Here are some key aspects of port scanning with Nmap:
- Types of Scans: Nmap supports various types of scans, including TCP connect scans, SYN scans, UDP scans, and more. Each scan type has its advantages and limitations, and the choice depends on the specific requirements and constraints of the scanning scenario.
- Port Specification: Nmap allows you to specify which ports you want to scan. You can scan individual ports, a range of ports, or even entire port ranges. Additionally, you can use predefined sets of common ports, such as the top 1000 ports or all 65535 ports.
- Service Version Detection: Nmap can determine the version of the service running on an open port by sending specific probes and analyzing the responses. This helps in identifying the exact service and its version, which can be crucial for security assessments and troubleshooting.
- Operating System Detection: Nmap has the capability to detect the operating system (OS) running on the target host by analyzing various network parameters and characteristics. This information can be valuable for network administrators and security professionals to understand the target environment better.
- Output Formats: Nmap provides flexible options for outputting scan results. You can choose from various formats such as plain text, XML, grepable output, and others. This facilitates integration with other tools, automation, and further analysis of the results.
- Scripting Engine: Nmap includes a powerful scripting engine called NSE (Nmap Scripting Engine), which allows users to write and execute scripts to automate a wide range of network-related tasks. NSE scripts can perform tasks such as vulnerability scanning, service discovery, and more.
- Performance and Optimization: Nmap offers options for optimizing scan performance, including parallel scanning, timing options, and host discovery techniques. These optimizations help in making scans faster and more efficient, especially when scanning large networks.
- Legal and Ethical Considerations: It’s essential to use Nmap responsibly and ethically. Unauthorized scanning of networks or hosts without proper authorization is illegal and unethical. Always ensure that you have permission to scan the target network or host before using Nmap or any other network scanning tool
The easiest way to scan for open ports on your server or network depends on your workflow and desktop operating system (OS).
- macOS users can use the pre-installed Port Scan utility
- Unix desktop users can scan a single port with the pre-installed Netcat (Nc)
- Fast VPS / Dedicated server hosting administrators can use the ConfigServer Security & Firewall (CSF) View Listening Ports function
Here below, we’ll cover the basics of port scanning with Nmap:
Verbose Port Scan
TCP port scanning
UDP port scanning
Port Scan with Nmap
The basic command format is nmap, necessary flags, then the domain / server IP / server hostname (part of your temporary URL).
nmap domain.com
Your results will show open ports and it’s dedicated service:
Starting Nmap 7.60 ( https://nmap.org ) at 2020-01-01 09:00 EDT
Nmap scan report for domain.com (xxx.xx.xxx.xx)
Host is up (0.010s latency).
rDNS record for xxx.xx.xxx.xx: server.hostname.com
Not shown: 1000 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds
Verbose Port Scan on a Domain:
Add the following flags for more information on the system and ports:
-A detects OS, software version, and scripts
-v provides verbose information
nmap -v -A domain.com
For output verbose Nmap results to a file:
nmap -v -A domain.com -oN results.txt
Scan Specific TCP Ports
In this example, ports 21 (FTP), 22 (default SSH port), and 3306 (MySQL):
nmap -p 21,22,3306 domain.com
Scan UDP ports, Timeout After 3 Minutes:
A specified timeout can be useful when dealing with slow servers.
nmap -sU domain.com --host-timeout 3m
Learn more about nmap with the manual:
man nmap