> For the complete documentation index, see [llms.txt](https://knowledge.tracelog.in/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://knowledge.tracelog.in/linux-and-core/core-services/nmap-commands.md). # Nmap commands NOTE: Add `-F` if you want to **scan faster** because it's fast mode that will **scan fewer ports** than the default scan ### Enable scripts, service detection, OS fingerprinting and traceroute ```bash sudo nmap -A -Pn 45.79.85.159 Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-08 20:52 +07 Nmap scan report for li1184-159.members.linode.com (45.79.85.159) Host is up (0.19s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 c1:bd:c3:9e:75:74:27:76:f7:a3:21:25:c5:bf:41:ea (RSA) | 256 64:e6:37:97:dc:f7:f0:69:e0:51:f2:73:2d:11:17:fe (ECDSA) |_ 256 d1:0d:f4:74:d9:41:d9:85:32:d2:74:e1:8d:ef:14:8d (EdDSA) 25/tcp open smtp Postfix smtpd |_smtp-commands: usnode.members.linode.com, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, | ssl-cert: Subject: commonName=usnode | Not valid before: 2017-10-17T14:41:31 |_Not valid after: 2027-10-15T14:41:31 |_ssl-date: TLS randomness does not represent time 80/tcp open http nginx 1.10.3 (Ubuntu) |_http-server-header: nginx/1.10.3 (Ubuntu) |_http-title: Welcome to nginx! 9000/tcp open cslistener? | fingerprint-strings: | FourOhFourRequest: | HTTP/1.0 400 Bad Request | Accept-Ranges: bytes | Content-Type: application/xml | Server: Minio/DEVELOPMENT.2017-10-29T10-14-45Z (linux; amd64) | Vary: Origin | X-Amz-Request-Id: 14F520AC5557517F | Date: Wed, 08 Nov 2017 13:52:54 GMT | | InvalidBucketNameThe specified bucket is not valid./nice ports,/Trinity.txt.bak3L1373L137 | GetRequest: | HTTP/1.0 403 Forbidden | Accept-Ranges: bytes | Content-Type: application/xml | Server: Minio/DEVELOPMENT.2017-10-29T10-14-45Z (linux; amd64) | Vary: Origin | X-Amz-Request-Id: 14F520A98FF1826F | Date: Wed, 08 Nov 2017 13:52:42 GMT | | AccessDeniedAccess Denied./3L1373L137 | HTTPOptions: | HTTP/1.0 200 OK | Vary: Origin | Vary: Access-Control-Request-Method | Vary: Access-Control-Request-Headers | Date: Wed, 08 Nov 2017 13:52:43 GMT | Content-Length: 0 | Content-Type: text/plain; charset=utf-8 | RTSPRequest, SIPOptions: | HTTP/1.1 400 Bad Request | Content-Type: text/plain; charset=utf-8 | Connection: close |_ Request 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port9000-TCP:V=7.60%I=7%D=11/8%Time=5A030C2A%P=x86_64-apple-darwin16.7. SF:0%r(GetRequest,1C1,"HTTP/1\.0\x20403\x20Forbidden\r\nAccept-Ranges:\x20 SF:bytes\r\nContent-Type:\x20application/xml\r\nServer:\x20Minio/DEVELOPME SF:NT\.2017-10-29T10-14-45Z\x20\(linux;\x20amd64\)\r\nVary:\x20Origin\r\nX SF:-Amz-Request-Id:\x2014F520A98FF1826F\r\nDate:\x20Wed,\x2008\x20Nov\x202 SF:017\x2013:52:42\x20GMT\r\n\r\n<\?xml\x20version=\"1\.0\"\x20encoding=\" SF:UTF-8\"\?>\nAccessDeniedAccess\x20Denied\. SF:/3L1373L137")%r(HTTPOptions SF:,CD,"HTTP/1\.0\x20200\x20OK\r\nVary:\x20Origin\r\nVary:\x20Access-Contr SF:ol-Request-Method\r\nVary:\x20Access-Control-Request-Headers\r\nDate:\x SF:20Wed,\x2008\x20Nov\x202017\x2013:52:43\x20GMT\r\nContent-Length:\x200\ SF:r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\n\r\n")%r(RTSPReques SF:t,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain SF:;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request SF:")%r(FourOhFourRequest,1F7,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nAccep SF:t-Ranges:\x20bytes\r\nContent-Type:\x20application/xml\r\nServer:\x20Mi SF:nio/DEVELOPMENT\.2017-10-29T10-14-45Z\x20\(linux;\x20amd64\)\r\nVary:\x SF:20Origin\r\nX-Amz-Request-Id:\x2014F520AC5557517F\r\nDate:\x20Wed,\x200 SF:8\x20Nov\x202017\x2013:52:54\x20GMT\r\n\r\n<\?xml\x20version=\"1\.0\"\x SF:20encoding=\"UTF-8\"\?>\nInvalidBucketName SF:The\x20specified\x20bucket\x20is\x20not\x20valid\. SF:/nice\x20ports,/Trinity\.txt\.bak3L1373L137")%r( SF:SIPOptions,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t SF:ext/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x SF:20Request"); Device type: general purpose|WAP|storage-misc|broadband router Running (JUST GUESSING): Linux 3.X|4.X|2.6.X|2.4.X (95%), Asus embedded (92%), HP embedded (91%) OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.4 Aggressive OS guesses: Linux 3.10 - 4.8 (95%), Linux 3.13 (95%), Linux 3.13 or 4.2 (95%), Linux 4.4 (95%), Linux 3.16 (94%), Linux 3.16 - 4.6 (94%), Linux 3.12 (93%), Linux 3.2 - 4.8 (93%), Linux 3.8 - 3.11 (93%), Asus RT-AC66U WAP (92%) No exact OS matches for host (test conditions non-ideal). Network Distance: 12 hops Service Info: Host: usnode.members.linode.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE (using port 53/tcp) HOP RTT ADDRESS 1 4.28 ms 172.16.0.1 2 6.12 ms static.vnpt.vn (14.169.128.1) 3 ... 4 6.07 ms static.vnpt.vn (113.171.14.37) 5 5.49 ms static.vnpt.vn (113.171.7.209) 6 ... 7 392.21 ms unknown.telstraglobal.net (202.127.78.129) 8 ... 9 78.34 ms 100ge8-2.core1.tyo1.he.net (184.105.64.130) 10 201.74 ms 100ge8-1.core1.sea1.he.net (184.105.213.117) 11 180.47 ms 173.230.159.3 12 182.92 ms li1184-159.members.linode.com (45.79.85.159) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 77.96 seconds ``` ### Perform TCP and UDP scanning ```bash sudo nmap -sSU 45.79.85.159 Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-08 20:57 +07 sendto in send_ip_packet_sd: sendto(4, packet, 28, 0, 45.79.85.159, 16) => Network is down Offending packet: UDP 172.16.6.163:33418 > 45.79.85.159:49176 ttl=44 id=39224 iplen=7168 Stats: 0:02:28 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan UDP Scan Timing: About 16.00% done; ETC: 21:12 (0:12:26 remaining) Stats: 0:02:29 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan . . UDP Scan Timing: About 63.58% done; ETC: 21:14 (0:06:03 remaining) Nmap scan report for li1184-159.members.linode.com (45.79.85.159) Host is up (0.19s latency). Not shown: 1995 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 9000/tcp open cslistener 53/udp open|filtered domain Nmap done: 1 IP address (1 host up) scanned in 1045.86 seconds. ``` ![](/files/-LXOxRdAq-tTS4iMoM-B) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://knowledge.tracelog.in/linux-and-core/core-services/nmap-commands.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.