Nmap Essentials

5 (1 reviews total)
By David Shaw
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Introduction to Nmap

About this book

Nmap is an extremely powerful network port scanner used to identify hosts on a network. Nmap is free, flexible, powerful, and easy to implement, which makes it a very convenient utility.

This book demonstrates how to run basic and advanced scans, optimizing them to perform well in a variety of environments. Starting with an overview of Nmap, the reader will be guided through installation on popular operating systems. The book then explains how to use Nmap to run basic and advanced scans in addition to using the Nmap Scripting Engine (NSE). All this helps with optimizing Nmap performance in a variety of environments, eventually enabling the reader to integrate with other Nmap tools such as Nessus, Nikto, Burp Suite, and NSE versus NASL scanning.

By the end of the book, the reader will have gained essential insights into network security analysis.

Publication date:
May 2015


Chapter 1. Introduction to Nmap

Before we get started with the technical intricacies of mastering Nmap, it's a good idea to understand how Nmap itself began and evolved as a project. This tool has been around for almost twenty years, and is a well-loved and often-used component across many technical industries.

In this chapter, we will cover:

  • How the Nmap project began

  • The evolution of the tool itself

  • New add-ons to the Nmap suite

  • How to install Nmap on Windows, OS X, and Linux


Nmap's humble beginnings

Nmap started from humble beginnings. Unlike the commercial security tools that are released today, the very first Nmap was only about 2,000 lines of code—and was released in 1997 in issue 51 of Phrack, a hacker "zine" that was started in 1985. Nmap's timeline is a fascinating one, and its growth has been phenomenal. The general timeline of Nmap development is as follows:

  • At the time of release, Nmap did not have very many features; in fact, it was bare bones. There was no version number attached to this release of Nmap because the developers did not plan to release any future versions. Nmap was designed only to scan for open ports on a target machine, and only worked when run from a Linux host and compiled with gcc.

  • Only four days after the initial release of Nmap, though, a slightly improved version was released (also through Phrack)—version 1.25. It was becoming very clear, even in the infancy of the now-famous tool, that there was an extremely high demand for a high-performance port scanner. Although there had previously been ways to detect open ports, Nmap made it straightforward to assess a third-party host over the Internet or across a local network. The hacker community was intrigued.

  • By March 1998, about six months after the initial Nmap release, the scanner had become the de facto port scanner of the underground hacker community and blossoming information security industry. Renaud Deraison asked permission to use the scanner code in a new vulnerability assessment engine he was creating, and (after receiving permission) Nmap scanning technology became integrated with the very first version of Nessus.

  • By September 2003, when Nmap 3.45 was released, there had been many major changes to the project. Fyodor, the primary developer, is now working on maintaining Nmap full-time. The tool has many new features—such as service detection, OS detection, timing configuration, and optimization flags (all of which will be covered later in this book)—and has truly reached a state of maturity.

  • In December 2006, one of the most important aspects of the Nmap project was integrated into all Nmap builds: Nmap Scripting Engine (NSE). The NSE allows users of Nmap to write their own modules (in a programming language called Lua) to trigger on certain ports being open, or certain services—or even specific versions of services—found listening. This release allows the elevation of Nmap from a simple networking tool to a fully robust and customizable vulnerability assessment engine, suitable for a wide variety of tasks.


The many uses of Nmap

Although port scanning is obviously very important for security professionals—after all, without understanding what network ports are open, it would be impossible to assess the security of a system—Nmap is also very valuable for other types of information technology professionals.

System administrators use Nmap to determine which of their systems are online, so they can understand if there are problems or inconsistencies on their network. Similarly, using OS detection and service detection, these administrators are able to easily verify that all systems are running the same (hopefully current) versions of operating systems and network-enabled software.

Because of its ability to change timing, as well as set specific flags on different packets (for example, the Xmas Tree scan), developers can turn to Nmap for help in testing embedded network stacks, in order to verify that the aggressive network traffic won't have unintended outcomes that may crash a system.

Lastly—and perhaps most importantly—students of network and computer engineering are major users of Nmap. Because it is a free and open source software, there is no barrier to get the software and run it immediately. Even amateur users scanning their own small home networks can learn an immense amount about how their computers and networks work and are configured by seeing what services are online. Although there are Windows and OS X ports, Nmap is also a great introduction to running straightforward (but advanced) tools on the Linux command line.


Installing Nmap

On most modern operating systems (Windows, OS X, and most distributions of Linux), installing Nmap is a very easy task. The official Nmap website (http://insecure.org/) distributes downloadable installers for Windows and Mac OS X that are very easy to run.

For Windows, a full walk-through of the installation process is available at http://nmap.org/book/inst-windows.html.

For Mac OS X, a full walk-through of the installation process is available at http://nmap.org/book/inst-macosx.html.

To install Nmap for Linux, there are several options. The most recent "bleeding edge" builds are always available to install from source (see the following paragraph). There are RPMs that can be downloaded from the http://insecure.org/ website, but most Linux distributions already have Nmap in their standard packages' repositories.

To install from a repository on Debian/Ubuntu is very straightforward. First, run sudo apt-get update to verify that all 'apt sources' lists are up to date. Then, it is as simple as sudo apt-get install Nmap to download and install a working version of Nmap!


Downloading the example code

You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.


Building Nmap from source

To install Nmap from source, three steps must be taken:

  1. Download the source code.

  2. Compile the code.

  3. Install the compiled tool.

Downloading the code with a tool such as wget is very simple; all we need to do is type wget http://nmap.org/dist/nmap-6.47.tar.bz2 (or whatever is the current version of Nmap).

Once the tool is downloaded, it must be removed from its tarball—or compressed—state. This is done using the tar command by typing tar xvf nmap-6.47.tar.bz2.

At this stage, we now have a new directory filled with Nmap source code. If we change the directory by typing cd nmap-6.47, we are then able to compile this code. For those users that are familiar with installing tools on Linux, the next step will be familiar. We need to ./configure make and sudo make install in order to install Nmap on our system.

The "Nmap dragon" is a famous piece of ASCII art that is displayed during the ./configure step of Nmap source code compilation.

Once Nmap is successfully installed, you can verify that it works—and see which options it was compiled with—by typing nmap -V. We'll cover the different flags that you can pass to Nmap in the subsequent chapters.



After reading this chapter, you should have a solid understanding of the wonderful background that Nmap brings to the information security world. Starting as a small project, the Nmap project is now one of the pillars of several industries.

If you have followed the installation instructions, you should now have a fully functional copy of Nmap ready to work with throughout the rest of the chapters. If not, now would be a great time to go ahead and install the tool so that you are ready to start scanning, auditing, and assessing!

In the next chapter, we will learn the basics of TCP/IP networking in order to better understand how Nmap is able to assess open ports, and find out which services and operating systems are running.

About the Author

  • David Shaw

    David Shaw has extensive experience in many areas of information security. He began working in the trenches of perimeter analysis and conducting external threat research for large financial institutions. After switching to offensive security, he joined Redspin to conduct application security assessments and network penetration tests.

    David is currently the Chief Technology Officer and Vice President of Professional Services at Redspin, specializing in external and application security, and managing a team of highly skilled engineers. He has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at THOTCON, NolaCon, ToorCon, LayerOne, DEF CON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

    Browse publications by this author

Latest Reviews

(1 reviews total)