NMAP, the open source network mapping tool, should be in any network or security administrator's toolbox. It's a feature-rich network scanner that goes far beyond port scanning such as service and OS detection, stealth and evasion modes, and sports an internal scripting engine. <a href="http://nmap.org/book/" target="_blank"><em>NMAP Network Scanning</em></a>, a reference guide written by Gordon Lyon, a.k.a. Fyodor, is a must-have book to get the most out of NMAP.

Mike Fratto, Former Network Computing Editor

December 29, 2008

4 Min Read

NMAP, the open source network mapping tool, should be in any network or security administrator's toolbox. It's a feature-rich network scanner that goes far beyond port scanning such as service and OS detection, stealth and evasion modes, and sports an internal scripting engine. NMAP Network Scanning, a reference guide written by Gordon Lyon, a.k.a. Fyodor, is a must-have book to get the most out of NMAP.The self-published book is a solid reference work complete with explanations on how and why NMAP features work, examples on how to use them, how to interpret the results, and real-life scenarios showing interesting use cases. The writing and explanations are clear and concise but do require familiarity with common protocols like Ethernet, IP, TCP/UDP, as well as common services like Sun RPC and Windows Networking. Information that IT and security administrators should already have.

You can skip the first two chapters if you're already familiar with NMAP and know how to install software on your chosen operating system. Many Linux users nowadays will simply use whatever version of NMAP is packaged for that distribution and the program is often installed by default. If you're compiling from source, you will want to read the text that comes with the source code and run "configure -help" for the compiler directives.

Chapter 3, Host Discovery, gets into using NMAP. Within a few pages, you learn to run host discovery as well as techniques to find IP addresses to feed NMAP. The latter is an example of where the book shines. Throughout the book, Lyon provides guidance on relevant topics required to get the most out of NMAP, like how to find an organizations IP address range. The rest of the chapter describes various ways to discover hosts using ICMP, TCP, and UDP, and where each type of scan is applicable and any pitfalls.

Chapters 4 and 5, Port Scanning Overview and Port Scanning Techniques and Algorithms, dig into the heart of NMAP -- port scanning for every occasion. Filled with insights on everything from timing options to firewall and IDS evasion techniques, chapter 4 should be read regardless of your NMAP skill level. That prepares you for chapter 5, where Lyon explains the different scan types, what they are used for, and how to interpret the results. Each of the scan types includes screen shots of the output as well as an analysis of what occurred. It's like looking over an expert's shoulder and you're bound to learn more about NMAP more quickly by understanding the examples and applying them than simply trying the scan types on your own. Chapter 5 ends with a quick overview of optimizing NMAP scans, the topic of chapter 6.

By the time you reach chapter 7, Service and Application Version Detection and Remote OS Detection, and chapter 8, Remote OS Detection, you know you're heading into the guts of NMAP. Lyon's in-depth description of service and OS detection is deep and thorough. You don't need to know the gory details to use these NMAP features, but understanding how service and OS detection works will deepen your appreciation of what NMAP can do. Chapter 7 winds up with two examples, finding nonstandard applications on your network and finding open proxies. Chapter 8 describes a way to find wireless access points on a network, which is a common headache for IT administrators.

Chapter 9, NMAP Scripting Engine, provides and overview of NSE and a brief description of the scripts that ship with the NMAP program as well as the NMAP application programming interface (API). Lyon then runs through a tutorial in writing NMAP scripts. Here again, Lyon provides source listings and explanation of the API and scripting features that are immediately useful.

Chapters 10 and 11, focus on detecting firewalls and intrusion-detection systems and techniques to defend against NMAP scans. Good reading for any IT and security administrator and come near the end of the book since these chapters leverage information already stated earlier in the book. Chapter 12 describes Zenmap, the NMAP GUI, if you're so inclined to such things. And the final chapters round out the book describing the output formats and data files used by NMAP with examples and explanations on use.

On the cover page, Lyon promises to tell you how to use NMAP to solve real world network security and network management tasks. He delivers on that promise with clear and concise text, screen shots, and examples. If you use NMAP, this is a must-have book.

About the Author(s)

Mike Fratto

Former Network Computing Editor

Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics and executive editor for Secure Enterprise. He has spoken at several conferences including Interop, MISTI, the Internet Security Conference, as well as to local groups. He served as the chair for Interop's datacenter and storage tracks. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights