Install nmap with Homebrew
If you have the Homebrew package manager installed, run to download and install nmap and any necessary dependencies.
Scan with nmap
nmap is built to scan a provided hostname or network address and return a list of open ports. The name stands for “network mapper,” but it’s more of a port mapper. The simplest way to run nmap is with an IP address or range of IP addresses specified as the target; replace with the appropriate IP address to scan on your local network. This specific command scans nmap’s educational testing server at scanme.org. To scan for open ports on a range of IP addresses, use a slash. To find the IP addresses of your router and various devices on your network, you can run arp or ipconfig. Using the -A flag will force nmap to scan more aggressively, returning significantly more information but transparently revealing your presence in the server logs. The -A flag must be run with sudo. If you can’t or don’t want to use the sudo command, take a look at our guide to running nmap without sudo or root. This scans the defined IP address for the operating system (-O). Again, it must be run with sudo. If you want to run nmap a little more stealthily, use the -sS flag: This has the effect of forcing “half-open” scanning and sends a TCP SYN packet to check whether the port is open but does not respond with an ACK packet when receiving an affirmative response. As such, the remote server likely won’t log the scan. The -sS flag and other scanning mode switches must be run with sudo. For example, the -sP mode switch will scan for IP addresses but not ports, functioning something like arp below. See the nmap man page for more scanning modes. To get more verbose results, add the -vv or -v3 tag. This will turn on more verbose logging levels, producing a more readable but longer standard output. Depending on what you’re looking for, these flags may help you find it. Of course, you can always pipe the results of nmap into grep to search for specific results. If you wanted to check port 22 only, for example, you might run the command below: This will return no lines if the port is not available and return the port’s status line if available.
Scan Your Local Network’s Active IP Addresses with arp
arp scans your local network for connected devices. Because arp is designed to create and modify address resolution protocols, it has limited tools available for scanning your network. But it ships on every Mac, and it’s a rapid way to get specific information. To see a list of all responding devices currently connected to your network, open Terminal and run: This returns a list of all devices connected to your network, reported by IP address and MAC address. There isn’t much more to arp. You can run arp -a -i en0 to only get reports from your network interface en0, but that’s all.
1. Is nmap a hacking tool?
While nmap can be used for nefarious purposes, there is nothing about nmap that makes it a hacking tool by itself. There is nothing wrong with using it, especially if you’re using it on your own network.
2. Do I need to install nmap with Homebrew?
No. While installing with the brew command is easy, you can also install nmap with the macOS installer from the nmap website.
3. Is nmap only available on macOS?
No. In addition to macOS, nmap is also available on Windows, Linux, and other Unix variants like FreeBSD, Solaris, and more.
4. Is this all nmap can do?
Covering everything nmap could do would take several articles. For more information, see the nmap manual.
A Suite of Network Tools
While nmap is certainly one of the most powerful network tools available, it isn’t the only software you’ll want in your toolset. For example, ipconfig is useful for getting information on network interfaces, while the arp command is useful for running a quick sweep of all the devices on your network. For more options in macOS, learn how to install it on a USB drive.
