Nmap performs four steps during a normal device scan. Some of these steps can be modified or disabled using options on the nmap command line.
1. If a hostname is used as a remote device specification, nmap will perform a DNS lookup prior to the scan. This isn't really an nmap function, but it's useful to mention since this DNS traffic will apprear as network traffic and the query will eventually be noted in the DNS logs. If an IP address is used to specify the remote device, this step never occurs. There's no way to disable a DNS lookup when a hostname is specified.
2. Nmap pings the remote device.
3. If an IP address is specified as the remote device, nmap will perform a reverse DNS lookup in an effort to identify a name that might be associated with the IP address.
4. Nmap executes the scan
If the scan is interrupted with (CTRL -C), an "interrupt" process performs a cleanup to close any log files and halt nmap. If the scan is resumed (with the --resume option), nmap uses the log file information to begin the scanning from the previous location. A normal (-oN) or grepable log file (-oG) option must be specified to resume the scanning process.
Using nmap from the command line.
The command line syntax for nmap is similar to any other command line-based utility. Each option is specified one after another on the same line, seperated by space and in no particular order. Nmap uses Unix-style command line syntax by preceding options abbreviations with a single hyphen (-) or non-abbreviated options with two hypen (--)
nmap -v -p 80 --randomize_hosts 192.168.0.*
the above command will run verbose option (-v), scan only port 80 (-p 80) and randomize the selected hosts (--randomize_hosts) across the range of 192.168.0.0 through 192.168.0.255.
Notice that the abbreviated -v and -p command use only one hypen and the non abbreviated --randomize_hosts option use two hypen.
Nmap Target Specifications
Nmap provides many methods of specifying a scan target. The target specification can be anywhere on the command line.
nmap 192.168.1.5
will perform a scan to the 192.168.1.5 address.
nmap 192.168.1.1/24
will scan everything between 192.168.1.9 and 192.168.1.255
Hypens, commas, and asterisks can also be used to creat a list of hosts
nmap 192.168.1-2*
would scan everything between 192.168.1.0 and 192.168.2.255
This could also be specified as 192.168.1,2.0-255, or as 192.168.1-2.1,2-5,6-255. Watch those commas and periods!
The nmap man page throws another twist to the target specification by specifying the networks as the variable values. For example, *.*.1.5 would scan all devices between 1.0.1.5 and 255.255.1.5 (that’s a total of 65,535 possible devices!).
