The Mighty Nmap

Today let's talk about nmap. The name stands for network mapper. It was written by Gordon Lyon and published in Phrack Magazine in 1997. The source code was provided at the time. It is a free program. The software is open sourced. The program was originally written in the C programming language and later ported to C++. Initially it was available on UNIX/Linux machines. But it has since been made available on Windows, Mac, and other platforms.

Nmap is a security scanner. It can do a ping scan and find hosts. It can determine the operating system on the host. It can scan for ports on a machine. When it is doing port scanning, it sorts the ports into there main categories:
  1. open - a program is listening on the port and will respond
  2. closed - there is no program listening on the port
  3. filtered - no reply from host
You can use nmap to audit your firewall security. You can also use it to inventory machines on your network. As an aside, nmap can spoof the source IP address you are running it from. There are many modes of scanning it supports. You can scan a single host, a range of IP addresses, or even the whole subnet.

There was a GUI version released called NmapFE. It has been replaced by Zenmap. There is a Windows GUI version called NMapWin. There is also a suite around nmap to include the following:
  • Zenmap - the GUI version of nmap
  • Ncat - redirect sockets
  • Ndiff - compare different nmap scans
  • Nping - packet generator
Nmap uses raw IP packets for its scanning. You can ask nmap to output in XML format as an option. Nmap can be used for Black Hat purposes. When performing nefarious scans, you can tell nmap to scan slowly to avoid detection. In some jurisdictions, it is illegal to run nmap scans on machines that are not your own. Nmap has a mailing list called Nmap-hackers. LOL.