nmap: Usage, Options & Common CI Errors
nmap discovers hosts and open ports across a network.
nmap is the port scanner used in CI to verify a service is reachable on its port. The two recurring snags are ICMP-blocked hosts reporting "down" and SYN scans needing root.
What it does
nmap probes hosts to discover which ports are open, what services run on them (-sV), and other details. In pipelines it is typically a targeted reachability check: is port X open on host Y?
Common usage
nmap -p 443 example.com
nmap -p 1-1000 --open 10.0.0.5 # show only open ports
nmap -Pn -p 5432 db.internal # skip host-up (ping) check
nmap -sT -p 80,443 example.com # TCP connect scan (no root)
nmap -sV -p 8080 service.internal # service/version detectionOptions
| Flag | What it does |
|---|---|
| -p <ports> | Port(s) or range to scan |
| -Pn | Treat host as up; skip the ping probe |
| -sT / -sS | TCP connect scan / SYN scan (SYN needs root) |
| -sV | Probe open ports for service/version |
| --open | Only report open ports |
| -n | Skip reverse DNS resolution |
Common errors in CI
"Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn" - cloud hosts and load balancers commonly drop ICMP, so add -Pn to scan anyway. The default -sS (SYN) scan needs root/CAP_NET_RAW: as non-root nmap falls back to -sT (connect), or errors "requires root privileges" if forced - use -sT in unprivileged containers. A port shown as "filtered" means a firewall/security group is dropping packets (different from "closed"). Scanning hosts you do not own may violate provider policy.