Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Nmap Network Scanning 125

brothke writes "The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap." Read on for the rest of Ben's review.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
author Gordon Lyon (Fyodor)
pages 468
publisher Nmap Project
rating 9
reviewer Ben Rothke
ISBN 978-0979958717
summary Valuable book about an invaluable security tool
One may ask, why spend $50 on this book, when the Nmap Reference Guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. And for those that are cash strapped, the free reference guide is the way to go.

In addition, the web site for the book notes that about half of the content is available in the free online edition. The most useful information is in the book in chapters exclusive to the print edition, which includes Detecting and Subverting Firewalls and Intrusion Detection System, Optimizing Nmap Performance, Port Scanning Techniques and Algorithms, Host Discovery, and troubleshooting.

The main benefit of the buying the book is that it has the collected wisdom of Fyodor's, in addition to numerous real-world scenarios, and Nmap commands not documented elsewhere. At over 400 pages, the books 15 chapters provide the reader with everything they need to know about using Nmap to the fullest.

Chapter 1 starts with an overview of the history of Nmap and how it came to be. As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it's best to avoid ISP abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter 1 provides a number of practical suggestions on just how to do that.

A complaint against Nmap it that is has often been blamed for crashing systems. Chapter 1 shows that the reality is that Nmap will rarely be the primary cause of a system crash. The truth is that many of the systems that crashed as a result of an Nmap scan were likely unstable from the outset, and Nmap either pushed them over the top or they coincidentally crashed at the same time as the Nmap scan.

An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target. He requested that the Nmap documentation be changed from targetto example. The section on target enumeration in the book shows the author did not take that request to heart.

Another example of where the book goes beyond what is in the reference guide is where the author shows the most valuable TCP ports via his probe of tens of millions of IP addresses across the internet. Not surprisingly, ports 80 23 and 443 were the top three most commonly open TCP ports. It is surprising that other ports, which should have been secured long ago, are still as vulnerable as ever.

For the serious Nmap user, the book is worth purchasing just for the indispensable information in chapter 16, which is about optimizing Nmap performance. The author writes that one of his highest priorities in the creation of Nmap has been performance. Nmap uses parallelism and numerous advanced algorithms to execute its blazingly fast scans. This chapter shows how to create Nmap commands to obtain only the information you care about and significantly sped up the scan. The chapter details numerous scan time reduction techniques, and strategies on how to deal with long scans. The chapter concludes with the output of a user who, with a customized Nmap command, was able to reduce his scan of a 676,352 IP address network from nearly a week to 46 hours.

Chapter 10 is also a fascinating chapter on the topic of detection and subverting of firewalls and IDS. The function of such tests on an internal network is to help an organization understand the dangers and risks of a real attack. Since it is not uncommon for firewalls to be accidentally misconfigured, or have rule bases that leak from far too many rules; such a test can be quite useful to any network.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the guide for anyone who wants to get more out of Nmap. It is useful whether one is a novice and only getting into basic security testing, or an advanced user looking for ways to optimize Nmap.

The book takes a real-world approach on how to use the tool and clearly documents every Nmap feature and option. It also shows how the tool should be correctly used in various settings.

What is unique about is that this is a rare book in which the creator of the program wrote it. Linus Torvalds never got around to writing a Linux reference, nor did the creators of the Check Point firewall. In Nmap Network Scanning, the reader gets the story from the creator of the code itself. This then is the ultimate Nmap reference guide.

Aside from the history and use of the program in the first chapter, the rest of the book is an extreme guide to maximizing the use of Nmap. It is written by a programmer and written for the technically astute. Anyone who wants to maximize their use of Nmap will find no better reference.

Ben Rothke manages the Bright Hub Enterprise Security channel and is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.


This discussion has been archived. No new comments can be posted.

Nmap Network Scanning

Comments Filter:
  • In college... (Score:3, Informative)

    by Shadow7789 ( 1000101 ) on Monday December 08, 2008 @03:14PM (#26037379)
    my school's IT department confused my port scanning with that of a virus and subsequently banned me from the network.
  • by larry bagina ( 561269 ) on Monday December 08, 2008 @03:16PM (#26037417) Journal

    I suspect a lot of slashdot readers are too new, have forgotten, or never learned of Fyodor's slashdot "girlfriend". Long story short -- a dude posted on slashdot, claiming to be a girl. Fyodor tried to hook up with "her" and "she" strung him along for awhile. After discovering "she" had dude parts, Fyodor hacked his computer and posted screenshots.

  • by larry bagina ( 561269 ) on Monday December 08, 2008 @03:39PM (#26037791) Journal

    link []
    link []

  • Re:matrix reloaded (Score:3, Informative)

    by pak9rabid ( 1011935 ) on Monday December 08, 2008 @03:47PM (#26037891)
    Haha, yea. I remember seeing that scene, pausing, rewinding, then going frame-by-frame to verify I saw what I thought I did.
  • by Surreal Puppet ( 1408635 ) on Monday December 08, 2008 @04:08PM (#26038229) Journal

    NMap is the best there is, period. There's not even specialist scanners that can up it's features, especially since you can set packet flags manually in the more recent versions. It really, really fills it's niche. I use it all the time in my daily life just for benign remote service discovery, and I assume many people do too. I've never had anyone complain about it either.

  • Re:In college... (Score:5, Informative)

    by MadMidnightBomber ( 894759 ) on Monday December 08, 2008 @04:11PM (#26038273)

    If you are at college, do NOT:

    * 'finger' every possible username programmatically.
    * do a nessus scan on the IT people's servers "just to see"
    * nmap the college's /16
    * attempt an infeasible online crack of an admin's password from a computer you've just logged into. in a lab you swiped your own card to get in.

    All of these actions will get you noticed, but not in a good way.

    love & kisses, your friendly college sysadmin

  • Re: Matrix Reloaded (Score:5, Informative)

    by fv ( 95460 ) * <> on Monday December 08, 2008 @04:51PM (#26038793) Homepage
    Yeah, Nmap has actually been in a surprising number of major movies. I created the Nmap in the Movies [] page to document them with screen shots. The Matrix Reloaded was the most exciting and really started the trend. I guess the rest of Hollywood just followed along and decided that the command shell was the new way to portray hacking, rather than ridiculous 3D animated eye-candy scenes from the era of Hackers and Swordfish. So we got Nmap in Bourne Ultimatum, Die Hard 4, etc.

    I wanted to include a screen shot of Trinity hacking the Matrix with Nmap for this book, but a then-potential publisher said I needed permission from Time Warner first. It took many unanswered requests, but Time Warner finally replied with basically "hell no, you IP pirate!" Of course they phrased it politely like "we would love to allow that, but our policies prohibit us from granting that permission". Funny, they didn't mind using Nmap in their movie without permission, credit, notification, etc. Then they say I can't even include a screen shot of them using Nmap?

    So I dumped the potential publisher and added the screen shots anyway (page 8) :).

    Insecure.Org []

  • Re:Network map? (Score:5, Informative)

    by fv ( 95460 ) * <> on Monday December 08, 2008 @05:14PM (#26039121) Homepage

    Have they included a network mapping function yet? They announced it as a GSoC project last year I think, did they get around to hack some graphical map output?

    Good question--and yes, we have! Full details on this feature, including screen shots, are provided in Section 12.5, "Surfing the Network Topology" starting on page 317. That section is also available free online []. The code has been integrated into the latest version (4.76) of Nmap, available here [].

    Insecure.Org []

  • by Anonymous Coward on Monday December 08, 2008 @07:01PM (#26040711)

    Counter link [].

    It all depends on who you trust more.

  • by karlconnors ( 1352873 ) on Tuesday December 09, 2008 @10:40AM (#26046331)

    As to your comment 'How can someone call the reference guide well written, then five sentences later say that the book explains commands not documented elsewhere', there is a difference
    between 'undocumented' and 'not documented elsewhere'.

    My understanding is undocumented is more of an active attempt to keep under wraps.

    Not documented elsewhere is something that someone never got around to writing about.

    And as to the comment 'this lends credibility to Fyodor's detractors', since when does he have detractors? And who are they?

I've noticed several design suggestions in your code.