Nmap is a very useful tool for network administration and security. It is the most used tool in these areas. But a lot of people use it with very basic means. Here we will look more sophisticated usage of Nmap step by step in this ant further posts.

Target Hosts

Create a text file and add hosts/networks to it and then use this file with Nmap. You can use network blocks like 192.168.122.0/24 or ranges 192.168.122.10-20.

Start Scan

We will start the scan with the -iL option by providing the target host file.

$ cat ismailbaydan.txt
192.168.122.0/24
192.168.43.0/24
8.8.8.8
192.168.122.10-20

$ sudo nmap -iL ismailbaydan.txt

Starting Nmap 6.45 ( http://nmap.org ) at 2014-08-01 10:19 EEST
Nmap scan report for openstack (192.168.122.146)
Host is up (0.000074s latency).
Not shown: 996 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp
49/tcp open  tacacs
80/tcp open  http
MAC Address: 52:54:00:0D:B8:D7 (QEMU Virtual NIC)

...

Specify Exclude Hosts

Exclude some hosts with the same syntax used above. You can read them from file or specify by option. -v option is used for verbose output. We will use --exclude command by providing the IP address 192.168.122.254`

$ cat ismailbaydan-exclude.txt
192.168.122.0-128

$ sudo nmap -iL ismailbaydan.txt --excludefile ismailbaydan-exclude.txt -v --exclude 192.168.122.254

Starting Nmap 6.45 ( http://nmap.org ) at 2014-08-01 10:23 EEST
Initiating ARP Ping Scan at 10:23
Scanning 127 hosts [1 port/host]
Completed ARP Ping Scan at 10:23, 1.42s elapsed (127 total hosts)
Nmap scan report for 192.168.122.129 [host down]
Nmap scan report for 192.168.122.130 [host down]
Nmap scan report for 192.168.122.131 [host down]
Nmap scan report for 192.168.122.132 [host down]

We can also use hostname but name resolving must be available.

$ sudo nmap ismailbaydan.com