What is the difference between nmap and netstat?

netstat nmap

Solution 1:

Nmap is a Network mapping tool. That means it's used to discover informations about hosts on a network (their ip, open ports, etc). Whereas Netstat is a network statistic tool used to list active connections from and to your computer. See https://en.wikipedia.org/wiki/Netstat.

Solution 2:

Nmap and netstat have lots of features that are very different from each other, but there are some that are harder to distinguish. In the "obvious differences" category, netstat can:

  • show currently-active connections
  • display route information
  • show network interface statistics

Whereas Nmap can:

  • show open ports on a remote system
  • fingerprint a target's TCP/IP stack
  • determine service and application version information

and many more. But of course, you can run Nmap against localhost and it will show similar information to what netstat will show. So what is the difference?

Netstat gets its information from the OS directly. It asks the kernel for a list of all the listening ports and displays them. It can show which addresses are listening in addition to which ports and, with sufficient privilege, which process IDs.

Nmap gets its information by experiment, trying to connect to each port in turn and displaying the result of the connection attempt. This process is much slower, so by default it only tries the 1000 most-common port numbers. It can further probe each port to determine the type of service that is running, but it can't show process ID (unless you have SNMP running and use the snmp-netstat script).

So when should you use netstat?

  • When you want to know what is listening on your local machine.
  • When you need process or interface/address information for each port.
  • When you trust the OS to give the correct answer. If you've been hacked, a rootkit can make the OS lie to netstat about what is really going on.

When should you use Nmap?

  • When you want to know about open ports on a remote system.
  • When you want further information about the service listening on each port.
  • When you need a second opinion about listening ports. See the comment about rootkits above.

Related

Removing the #1 house from the screen of Lenovo Thinkpad
Is it no longer possible enable NPAPI on Chrome?
Updating the screen resolution in centos7 in Hyper-V
Why does Word think there's Italian in a document that shouldn't contain any?
Windows 10 can't set connection to metered
How switch will learn MAC in these situations?
LAN Settings disabled in Internet Options. How to enable it?
How was I able to remove a root owned file without sudo [duplicate]
qtpy.PythonQtError: No Qt bindings could be found
How to enable BitLocker when booting Windows 10 from a non-Microsoft boot manager?
Should the HTML rendering engine in outlook 2010 be standards compliant? [closed]
Site with list of most popular file formats