NMAP Essentials: Harness the power of Nmap, the most versatile network port scanner on the planet, to secure large scale networks

Nmap started from humble beginnings. Unlike the commercial security tools that are released today, the very first Nmap was only about 2,000 lines of code—and was released in 1997 in issue 51 of Phrack, a hacker "zine" that was started in 1985. Nmap's timeline is a fascinating one, and its growth has been phenomenal. The general timeline of Nmap development is as follows:

Although port scanning is obviously very important for security professionals—after all, without understanding what network ports are open, it would be impossible to assess the security of a system—Nmap is also very valuable for other types of information technology professionals.

System administrators use Nmap to determine which of their systems are online, so they can understand if there are problems or inconsistencies on their network. Similarly, using OS detection and service detection, these administrators are able to easily verify that all systems are running the same (hopefully current) versions of operating systems and network-enabled software.

Because of its ability to change timing, as well as set specific flags on different packets (for example, the Xmas Tree scan), developers can turn to Nmap for help in testing embedded network stacks, in order to verify that the aggressive network traffic won't have unintended outcomes that may crash a system.

Lastly—and perhaps most importantly—students of network and computer engineering are major users of Nmap. Because it is a free and open source software, there is no barrier to get the software and run it immediately. Even amateur users scanning their own small home networks can learn an immense amount about how their computers and networks work and are configured by seeing what services are online. Although there are Windows and OS X ports, Nmap is also a great introduction to running straightforward (but advanced) tools on the Linux command line.

On most modern operating systems (Windows, OS X, and most distributions of Linux), installing Nmap is a very easy task. The official Nmap website (http://insecure.org/) distributes downloadable installers for Windows and Mac OS X that are very easy to run.

For Windows, a full walk-through of the installation process is available at http://nmap.org/book/inst-windows.html.

For Mac OS X, a full walk-through of the installation process is available at http://nmap.org/book/inst-macosx.html.

To install Nmap for Linux, there are several options. The most recent "bleeding edge" builds are always available to install from source (see the following paragraph). There are RPMs that can be downloaded from the http://insecure.org/ website, but most Linux distributions already have Nmap in their standard packages' repositories.

To install from a repository on Debian/Ubuntu is very straightforward. First, run sudo apt-get update to verify that all 'apt sources' lists are up to date. Then, it is as simple as sudo apt-get install Nmap to download and install a working version of Nmap!

To install Nmap from source, three steps must be taken:

Downloading the code with a tool such as wget is very simple; all we need to do is type wget http://nmap.org/dist/nmap-6.47.tar.bz2 (or whatever is the current version of Nmap).

Once the tool is downloaded, it must be removed from its tarball—or compressed—state. This is done using the tar command by typing tar xvf nmap-6.47.tar.bz2.

At this stage, we now have a new directory filled with Nmap source code. If we change the directory by typing cd nmap-6.47, we are then able to compile this code. For those users that are familiar with installing tools on Linux, the next step will be familiar. We need to ./configure make and sudo make install in order to install Nmap on our system.

The "Nmap dragon" is a famous piece of ASCII art that is displayed during the ./configure step of Nmap source code compilation.

Once Nmap is successfully installed, you can verify that it works—and see which options it was compiled with—by typing nmap -V. We'll cover the different flags that you can pass to Nmap in the subsequent chapters.

After reading this chapter, you should have a solid understanding of the wonderful background that Nmap brings to the information security world. Starting as a small project, the Nmap project is now one of the pillars of several industries.

If you have followed the installation instructions, you should now have a fully functional copy of Nmap ready to work with throughout the rest of the chapters. If not, now would be a great time to go ahead and install the tool so that you are ready to start scanning, auditing, and assessing!

In the next chapter, we will learn the basics of TCP/IP networking in order to better understand how Nmap is able to assess open ports, and find out which services and operating systems are running.