Which of the following commands in Linux is primarily used for network…
2023
Which of the following commands in Linux is primarily used for network scanning and security auditing?
- A.
netset
- B.
tcpdump
- C.
ifconfig
- D.
nmap
- E.
traceroute
Attempted by 3 students.
Show answer & explanation
Correct answer: D
Concept
Network scanning is the active probing of hosts and ports on a network to discover live systems, open ports, the services running on them, and their versions; security auditing builds on this to identify exposed or misconfigured services. The dedicated Linux utility for this purpose is nmap (Network Mapper), a single tool that performs host discovery, port scanning, service/version detection, and OS fingerprinting.
Application
Running nmap against a target performs the full reconnaissance workflow in one command:
Host discovery: determine which hosts on the target range are alive.
Port scanning: probe TCP/UDP ports to find which are open, closed, or filtered.
Service and version detection: identify the application and version listening on each open port.
OS fingerprinting and scripted checks (NSE) for vulnerability and configuration auditing.
This combination of active port discovery plus service enumeration is exactly what network scanning and security auditing require, so nmap is the correct tool.
Contrast
netset: not a standard Linux networking command; it does no scanning at all.
tcpdump: a passive packet sniffer/analyzer that captures traffic already flowing past an interface; it never actively probes ports or hosts.
ifconfig: a legacy tool for viewing and configuring local network interface settings (IP, netmask), not for inspecting remote hosts.
traceroute: maps the sequence of router hops along the path to a destination; it reports the route, not open ports or services.
Result
nmap is the command primarily used for network scanning and security auditing.