You can get Nmap from                           http://nmap.org/download.html

Nmap is used for network discovery, information gathering. I am using a Linux box but you can  use windows too.


cerebrum@area51:~$ nmap 11*.1*5.3.1

Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-19 16:22 IST
Interesting ports on 11*.1*5.3.1:
Not shown: 996 closed ports
21/tcp   open  ftp
23/tcp   open  telnet
80/tcp   open  http
5431/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 14.49 seconds

This is a very simple scan which scans the IP for open ports.  For OS detection you can use -O parameter as well as you can specify which port you want to check using -p parameter. Sometimes you may not be specify -PN parameter when nmap fails to scan the IP using normal parameters.

cerebrum@area51:~$ sudo nmap -p 445 -O 11*.1*5.4.24

Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-19 16:31 IST
Interesting ports on 11*.1*5.4.24:
445/tcp open  microsoft-ds
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|terminal|phone|media device|authentication server
Running (JUST GUESSING) : Microsoft Windows Vista|XP|PocketPC/CE|2003|2000 (96%), HP Windows PocketPC/CE (94%), AT&T Windows PocketPC/CE (92%), Motorola Windows PocketPC/CE (92%), Juniper Windows 2000 (92%), Swisscom embedded (92%)
Aggressive OS guesses: Microsoft Windows Vista SP1 (96%), Microsoft Windows 2000 SP4, Windows XP SP2 or SP3, or Windows Server 2003 (96%), Microsoft Windows XP SP2 (96%), Microsoft Windows XP SP2 or SP3 (96%), Microsoft Windows XP Professional SP2 (95%), HP Compaq t5520 thin client (Microsoft Windows CE 5.00) (94%), HTC TyTN II (Kaiser) mobile phone (Microsoft Windows Mobile 6) (94%), Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows Server 2003 SP1 (94%), Microsoft Windows 2000 Server SP4 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.24 seconds

Nmap guesses that the system could be running vista or xp. For more examples :


For video demonstration You can  visit:


If you have any questions or queries post it as a comment.


2 thoughts on “Nmap

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s