Bash instead?

Nmap is great, but sometimes you don’t really need it. If you just need to see if a port is roughly open this trick using straight up Bash can be sufficient.

:-> $ echo > /dev/tcp/
:-> $ echo > /dev/tcp/
-bash: System error
-bash: /dev/tcp/ Invalid argument
:-< $

See "Network Madness" in my Bash notes for more.

What’s going on with a known host?

Normal useful nmap command:

sudo nmap -A

This needs root. The -A is OS with Version detection. Using -O instead works, but it isn’t as clever and can’t find the OS sometimes.

Looking for unknown hosts on a network range

This will take a long time but produce results about a /24 network:

sudo nmap -A 192.168.1.*
sudo nmap -A

This one is from my updater script. Works pretty fast.

/usr/bin/nmap -sP -oG - | /bin/grep "Status: Up" | /bin/sed "s/^.*(\\(.*\\)).*$/\\1/"