Nmap

Nmap, which stands for Network Mapper, was written by Gordon Lyon. In practical use, this tool can be used to check for open ports, what is running on those ports, and header information from the daemons servicing the open ports.

Emerge
Installing Nmap is simple; no configuration should be required. Pay attention to the optional USE flags in case there are some "non-stock" features that would be good to include in the install. See the USE flags list below before running the following command:

A quick way to add many USE flags at once for Nmap:

Using NMap
There are many ways to use the Nmap command. The following section will provide numerous examples in order for users to become familiar with using Nmap.

To see if port 80 was open at example.com, run nmap with the -p option to specify the port:

To check multiple ports, port 80 and port 8080 for example, separate each port with a comma:

To check for open SQL ports, run:

To check a wide range of ports, such as ports 1-1000, separate the low-end & high-end of the range with a - (dash):

Specify multiple port ranges by:

To find out if a server was running an IRC daemon, and then find out information about that IRC daemon do the same as above but add the -sV option:

The output above shows the hostname as defined in the IRC daemon configuration, as well as the IRC daemon version name. In this case, it happens to be Charybdis, which is a fork of ratbox. ircd-seven is also a fork of ratbox, so Nmap is unable to tell exactly which IRC daemon is in use. It is capable of providing the IRC daemon "family".

Similar port scans can be invoked in order to get information about web servers, or other services running on a target machines. The following example will get the web server and the operating system running on a machine at Google.com:

OS Fingerprinting
To fingerprint an operating system, use:

Easter Eggs
At least one Easter Egg is contained within Nmap, if more are found please document them here in the wiki!