Nmap Fundamentals

6 min read

(For more resources related to this topic, see here.)

Nmap (Network Mapper)

Nmap (Network Mapper) is an open-source tool specialized in network exploration and security auditing, originally published by Gordon “Fyodor” Lyon. The official website (http://nmap.org) describes it as follows:

Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

There are many other port scanners out there, but none of them even comes close to offering the flexibility and advanced options of Nmap.

The Nmap Scripting Engine (NSE) has revolutionized the possibilities of a port scanner by allowing users to write scripts that perform custom tasks using the host information collected by Nmap.

Additionally, the Nmap Project includes other great tools:

  • Zenmap: A graphical interface for Nmap
  • Ndiff: A tool for scan result comparison
  • Nping: An excellent tool for packet generation and traffic analysis
  • Ncrack: An Nmap-compatible tool for brute forcing network logins
  • Ncat: A debugging utility to read and write data across networks

Needless to say, it is essential that every security professional and network administrator master this tool to conduct security assessments, monitor, and administer networks efficiently.

Nmap’s community is very active, and new features are added every week. I encourage you to always keep an updated copy in your arsenal, if you haven’t done this already; and even better, to subscribe to the development mailing list at http://cgi.insecure.org/mailman/listinfo/nmap-dev.

Downloading Nmap from the official source code repository

This section describes how to download Nmap’s source code from the official subversion repository. By doing so, users can compile the latest version of Nmap and keep up with the daily updates that are committed to the subversion repository.

Getting ready

Before continuing, you need to have a working Internet connection and access to a subversion client. Unix-based platforms come with a command-line client called subversion (svn). To check if its already installed in your system, just open a terminal and type:

$ svn

If it tells you that the command was not found, install svn using your favorite package manager or build it from source code. The instructions for building svn from source code are out of the scope of this book, but they are widely documented online. Use your favorite search engine to find specific instructions for your system.

If you would rather work with a graphical user interface, RapidSVN is a very popular, crossplatform alternative. You can download and install RapidSVN from http://rapidsvn.tigris.org/.

How to do it…

Open your terminal and enter the following command:

$ svn co --username guest https://svn.nmap.org/nmap/

Downloading the example code

You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.

Wait until svn downloads all the files stored in the repository. You should see the list of the added files as it finishes, as shown in the following screenshot:

When the program returns/exits, you will have Nmap’s source code in your current directory.

How it works…

$ svn checkout https://svn.nmap.org/nmap/

This command downloads a copy of the remote repository located at https://svn.nmap.org/nmap/. This repository has world read access to the latest stable build, allowing svn to download your local working copy.

There’s more…

If you are using RapidSVN then follow these steps:

  1. Right-click on Bookmarks.
  2. Click on Checkout New Working Copy.
  3. Type https://svn.nmap.org/nmap/ in the URL field.
  4. Select your local working directory.
  5. Click on OK to start downloading your new working copy.

Experimenting with development branches

If you want to try the latest creations of the development team, there is a folder named nmapexp that contains different experimental branches of the project. Code stored there is not guaranteed to work all the time, as the developers use it as a sandbox until it is ready to be merged into the stable branch. The full subversion URL of this folder is https://svn.nmap.org/nmap-exp/.

Keeping your source code up-to-date

To update a previously-downloaded copy of Nmap, use the following command inside your working directory:

$ svn update

You should see the list of files that have been updated, as well as some revision information.

Compiling Nmap from source code

Precompiled packages always take time to prepare and test, causing delays between releases. If you want to stay up-to-date with the latest additions, compiling Nmap’s source code is highly recommended.

This recipe describes how to compile Nmap’s source code in the Unix environment.

Getting ready

Make sure the following packages are installed in your system:

  • gcc
  • openssl
  • make

Install the missing software using your favorite package manager or build it from source code.

How to do it…

  1. Open your terminal and go into the directory where Nmap’s source code is stored.
  2. Configure it according to your system:

    $ ./configure

    An ASCII dragon warning you about the power of Nmap will be displayed (as shown in the following screenshot) if successful, otherwise lines specifying an error will be displayed.

  3. Build Nmap using the following command:

    $ make

    If you don’t see any errors, you have built the latest version of Nmap successfully. You can check this by looking for the compiled binary Nmap in your current directory.

    If you want to make Nmap available for all the users in the system, enter the following command:

    # make install

How it works…

We used the script configure to set up the different parameters and environmental variables affecting your system and desired configuration. Afterwards, GNUs make generated the binary files by compiling the source code.

There’s more…

If you only need the Nmap binary, you can use the following configure directives to avoid installing Ndiff, Nping, and Zenmap:

  • Skip the installation of Ndiff by using –without-ndiff
  • Skip the installation of Zenmap by using –without-zenmap
  • Skip the installation of Nping by using –without-nping

OpenSSL development libraries

OpenSSL is optional when building Nmap. Enabling it allows Nmap to access the functions of this library related to multiprecision integers, hashing, and encoding/decoding for service detection and Nmap NSE scripts.

The name of the OpenSSL development package in Debian systems is libssl-dev.

Configure directives

There are several configure directives that can be used when building Nmap. For a complete list of directives, use the following command:

The name of the OpenSSL development package in Debian systems is libssl-dev.

$ ./configure --help

Precompiled packages

There are several precompiled packages available online (http://nmap.org/download. html) for those who don’t have access to a compiler, but unfortunately, it’s very likely you will be missing features unless its a very recent build. Nmap is continuously evolving. If you are serious about harnessing the power of Nmap, keep your local copy up-to-date with the official repository.


Please enter your comment!
Please enter your name here