The tool is available in both Linux and Windows versions. The Linux version is somehow said to perform better and faster. NMAP comes together with Kali Linux - the Linux distribution often used by pen-testers.
NMAP is also available in GUI version and is called Zenmap.
NMAP Commands
We will test the commands on a local machine i.e. server1.jayitsecurity.com with IP address 192.168.43.84.
The commands are run with "root" access.
A. Scan a single host
Scan a host using its hostname
nmap server1.jayitsecurity.com
Scan a host using its IP address
nmap 192.168.43.84
Scan a host in verbose mode
nmap -v server1.jayitsecurity.com
Fast scan a host
nmap -F server1.jayitsecurity.com
Show own host interfaces and routes
nmap --iflist
Scan a specific port
nmap -p 80 server1.jayitsecurity.com
Scan a TCP port
nmap -p T:8080 server1.jayitsecurity.com
Scan a UDP port
nmap -sU 53 server1.jayitsecurity.com
Scan multiple ports
nmap -p 21,80,8080 server1.jayitsecurity.com
Scan ports using range
nmap -p 21-80 server1.jayitsecurity.com
List services and versions on a host
nmap -sV server1.jayitsecurity.com
B. Scan multiple hosts
Scan multiple hosts
nmap server1.jayitsecurity.com 192.168.43.1 192.168.43.2
Scan a subnet
nmap 192.168.43.*
Use last octet of multiple IP addresses
nmap 192.168.43.1,2,84
Use an IP address range
nmap 192.168.43.1-100
Use list of hosts from a file
nmap -iL host_IP_address_list.txt
Exclude host(s)
nmap 192.168.43.1-100 --exclude 192.168.43.84
List live hosts in a network
nmap -sP 192.168.43.*
C. Scan to detect Operating System
Scan OS information and Traceroute
nmap -A 192.168.43.1
OS Detection
nmap -O 192.168.43.84
or
nmap -osscan-guess 192.168.43.84
D. Scan to detect Firewall
Detect firewall on host (packet filters)
nmap -sA 192.168.43.84
Detect whether a host is protected by firewall
nmap -PN 192.168.43.84
Perform TCP null scan to avoid firewall
nmap -sN 192.168.43.84
E. TCP three-way handshake
Note: If ICMP packets (eg. ping requests) are blocked, TCP ACK and TCP SYN can be used to find the live hosts/ports.Scan using TCP ACK (PA)
nmap -PA 192.168.43.84
Scan usingTCP Syn (PS)
nmap -PS 192.168.43.84
Scan specific ports using TCP ACK
nmap -PA -p 21,22,80 192.168.43.84
Scan specific ports using TCP SYN
nmap -PS -p 21,22,80 192.168.43.84
Scan for common ports with TCP SYN
nmap -sT 192.168.43.84
F. Perform a stealthy scan
nmap -sS -p 21,22,80 192.168.43.84