Home page logo
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News


Nmap Network Scanning

Miscellaneous Options

-h, --help (Display help)

Displays help information and exits.

-V, --version (Display version)

Displays the program's version number and quits.

-c <rounds>, --count <rounds> (Stop after a given number of rounds)

This option lets you specify the number of times that Nping should loop over target hosts (and in some cases target ports). Nping calls these rounds. In a basic execution with only one target (and only one target port in TCP/UDP modes), the number of rounds matches the number of probes sent to the target host. However, in more complex executions where Nping is run against multiple targets and multiple ports, the number of rounds is the number of times that Nping sends a complete set of probes that covers all target IPs and all target ports. For example, if Nping is asked to send TCP SYN packets to hosts and ports 80 and 433, then 256 × 2 = 512 packets are sent in one round. So if you specify -c 100, Nping will loop over the different target hosts and ports 100 times, sending a total of 256 × 2 × 100 = 51200 packets. By default Nping runs for 5 rounds. If a value of 0 is specified, Nping will run continuously.

-e <name>, --interface <name> (Set the network interface to be used)

This option tells Nping what interface should be used to send and receive packets. Nping should be able to detect this automatically, but it will tell you if it cannot. <name> must be the name of an existing network interface with an assigned IP address.

--privileged (Assume that the user is fully privileged)

Tells Nping to simply assume that it is privileged enough to perform raw socket sends, packet sniffing, and similar operations that usually require special privileges. By default Nping quits if such operations are requested by a user that has no root or administrator privileges. This option may be useful on Linux, BSD or similar systems that can be configured to allow unprivileged users to perform raw-packet transmissions. The NPING_PRIVILEGED environment variable may be set as an alternative to using --privileged.

--unprivileged (Assume that the user lacks raw socket privileges)

This option is the opposite of --privileged. It tells Nping to treat the user as lacking network raw socket and sniffing privileges. This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken. The NPING_UNPRIVILEGED environment variable may be set as an alternative to using --unprivileged.

--send-eth (Use raw ethernet sending)

Asks Nping to send packets at the raw ethernet (data link) layer rather than the higher IP (network) layer. By default, Nping chooses the one which is generally best for the platform it is running on. Raw sockets (IP layer) are generally most efficient for Unix machines, while ethernet frames are required for Windows operation since Microsoft disabled raw socket support. Nping still uses raw IP packets despite this option when there is no other choice (such as non-ethernet connections).

--send-ip (Send at raw IP level)

Asks Nping to send packets via raw IP sockets rather than sending lower level ethernet frames. It is the complement to the --send-eth option.

--bpf-filter <filter spec> --filter <filter spec> (Set custom BPF filter)

This option lets you use a custom BPF filter. By default Nping chooses a filter that is intended to capture most common responses to the particular probes that are sent. For example, when sending TCP packets, the filter is set to capture packets whose destination port matches the probe's source port or ICMP error messages that may be generated by the target or any intermediate device as a result of the probe. If for some reason you expect strange packets in response to sent probes or you just want to sniff a particular kind of traffic, you can specify a custom filter using the BPF syntax used by tools like tcpdump. See the documentation at http://www.tcpdump.org/ for more information.

-H, --hide-sent (Do not display sent packets)

This option tells Nping not to print information about sent packets. This can be useful when using very short inter-probe delays (i.e., when flooding), because printing information to the standard output has a computational cost and disabling it can probably speed things up a bit. Also, it may be useful when using Nping to detect active hosts or open ports (e.g. sending probes to all TCP ports in a /24 subnet). In that case, users may not want to see thousands of sent probes but just the replies generated by active hosts.

-N, --no-capture (Do not attempt to capture replies)

This option tells Nping to skip packet capture. This means that packets in response to sent probes will not be processed or displayed. This can be useful when doing flooding and network stack stress tests. Note that when this option is specified, most of the statistics shown at the end of the execution will be useless. This option does not work with TCP Connect mode.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]