Nmap Security Scanner
*Ref Guide
Security Lists
Security Tools
Site News
Advertising
About/Contact
Credits
Sponsors





Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Conventions
Prev Preface Next

Conventions

Nmap output is used throughout this book to demonstrate principles and features. The output is often edited to cut out lines which are irrelevant to the point being made. The dates/times and version numbers printed by Nmap are generally removed as well, since some readers find them distracting. Sensitive information such as hostnames, IP addresses, and MAC addresses may be changed or removed. Other information may be cut or lines wrapped so that they fit on a printed page. Similar editing is done for the output of other applications. Example 1, “A typical Nmap scan” gives a glimpse at Nmap's capabilities while also demonstrating output formatting.

Example 1. A typical Nmap scan

# nmap -A -T4 scanme.nmap.org

Starting Nmap ( http://insecure.org )
Interesting ports on scanme.nmap.org (205.217.153.62):
Not shown: 1700 filtered ports
PORT    STATE  SERVICE VERSION
22/tcp  open   ssh     OpenSSH 4.3 (protocol 2.0)
53/tcp  open   domain
70/tcp  closed gopher
80/tcp  open   http    Apache httpd 2.2.2 ((Fedora))
|_ HTML title: Authentication required!
|  HTTP Auth: HTTP Service requires authentication
|_   Auth type: Basic, realm = Nmap-Writers Content
113/tcp closed auth
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.7 - 2.6.11, Linux 2.6.0 - 2.6.11
Uptime: 17.163 days

TRACEROUTE (using port 22/tcp)
HOP RTT   ADDRESS
1   1.19  wap.yuma.net (192.168.0.6)
2   9.79  bras12-l0.pltnca.sbcglobal.net (151.164.184.68)
3   9.08  dist1-vlan50.pltn13.pbi.net (64.164.97.66)
4   8.98  bb1-g3-0.pltnca.sbcglobal.net (151.164.43.54)
5   9.58  ex2-p12-0.eqsjca.sbcglobal.net (151.164.94.47)
6   9.58  asn6461-abovenet.eqsjca.sbcglobal.net (151.164.251.42)
7   12.07 so-1-0-0.mpr1.sjc2.us.above.net (64.125.30.174)
8   12.88 so-4-2-0.mpr3.pao1.us.above.net (64.125.28.142)
9   12.64 metro0.sv.svcolo.com (208.185.168.173)
10  11.29 scanme.nmap.org (205.217.153.62)

Nmap finished: 1 IP address (1 host up) scanned in 83.626 seconds


Special formatting is provided for certain tokens, such as filenames and application commands. Table 1, “Formatting style conventions” demonstrates the most common formatting conventions.

Table 1. Formatting style conventions

Token typeExample
literal stringI get much more excited by ports in the open state than those reported as closed or filtered.
Command-line optionsOne of the coolest, yet least understood Nmap options is --packet-trace.
FilenamesFollow the -iL option with the input filename such as C:\net\dhcp-leases.txt or /home/h4x/hosts-to-pwn.lst.
EmphasisUsing Nmap from your work or school computer to attack banks and military targets is a bad idea.
Application commandsTrinity scanned the Matrix with the command nmap -v -sS -O 10.2.2.2.
Replaceable variablesLet source be the machine running Nmap and target be microsoft.com.


Prev Up Next
Intended Audience and Organization Home Other Resources
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]