NMAP Network Scanning: A Must-Have Addition To Your Library - InformationWeek
IoT
IoT
Software // Information Management
Commentary
12/29/2008
03:08 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
7 Key Cloud Security Trends Shaping 2017 & Beyond
Dec 15, 2016
Cloud computing is enabling business transformation as organizations accelerate time to market and ...Read More>>

NMAP Network Scanning: A Must-Have Addition To Your Library

NMAP, the open source network mapping tool, should be in any network or security administrator's toolbox. It's a feature-rich network scanner that goes far beyond port scanning such as service and OS detection, stealth and evasion modes, and sports an internal scripting engine. NMAP Network Scanning, a reference guide written by Gordon Lyon, a.k.a. Fyodor, is a must-have book to get the most out of NMAP.

NMAP, the open source network mapping tool, should be in any network or security administrator's toolbox. It's a feature-rich network scanner that goes far beyond port scanning such as service and OS detection, stealth and evasion modes, and sports an internal scripting engine. NMAP Network Scanning, a reference guide written by Gordon Lyon, a.k.a. Fyodor, is a must-have book to get the most out of NMAP.The self-published book is a solid reference work complete with explanations on how and why NMAP features work, examples on how to use them, how to interpret the results, and real-life scenarios showing interesting use cases. The writing and explanations are clear and concise but do require familiarity with common protocols like Ethernet, IP, TCP/UDP, as well as common services like Sun RPC and Windows Networking. Information that IT and security administrators should already have.

You can skip the first two chapters if you're already familiar with NMAP and know how to install software on your chosen operating system. Many Linux users nowadays will simply use whatever version of NMAP is packaged for that distribution and the program is often installed by default. If you're compiling from source, you will want to read the text that comes with the source code and run "configure -help" for the compiler directives.

Chapter 3, Host Discovery, gets into using NMAP. Within a few pages, you learn to run host discovery as well as techniques to find IP addresses to feed NMAP. The latter is an example of where the book shines. Throughout the book, Lyon provides guidance on relevant topics required to get the most out of NMAP, like how to find an organizations IP address range. The rest of the chapter describes various ways to discover hosts using ICMP, TCP, and UDP, and where each type of scan is applicable and any pitfalls.

Chapters 4 and 5, Port Scanning Overview and Port Scanning Techniques and Algorithms, dig into the heart of NMAP -- port scanning for every occasion. Filled with insights on everything from timing options to firewall and IDS evasion techniques, chapter 4 should be read regardless of your NMAP skill level. That prepares you for chapter 5, where Lyon explains the different scan types, what they are used for, and how to interpret the results. Each of the scan types includes screen shots of the output as well as an analysis of what occurred. It's like looking over an expert's shoulder and you're bound to learn more about NMAP more quickly by understanding the examples and applying them than simply trying the scan types on your own. Chapter 5 ends with a quick overview of optimizing NMAP scans, the topic of chapter 6.

By the time you reach chapter 7, Service and Application Version Detection and Remote OS Detection, and chapter 8, Remote OS Detection, you know you're heading into the guts of NMAP. Lyon's in-depth description of service and OS detection is deep and thorough. You don't need to know the gory details to use these NMAP features, but understanding how service and OS detection works will deepen your appreciation of what NMAP can do. Chapter 7 winds up with two examples, finding nonstandard applications on your network and finding open proxies. Chapter 8 describes a way to find wireless access points on a network, which is a common headache for IT administrators.

Chapter 9, NMAP Scripting Engine, provides and overview of NSE and a brief description of the scripts that ship with the NMAP program as well as the NMAP application programming interface (API). Lyon then runs through a tutorial in writing NMAP scripts. Here again, Lyon provides source listings and explanation of the API and scripting features that are immediately useful.

Chapters 10 and 11, focus on detecting firewalls and intrusion-detection systems and techniques to defend against NMAP scans. Good reading for any IT and security administrator and come near the end of the book since these chapters leverage information already stated earlier in the book. Chapter 12 describes Zenmap, the NMAP GUI, if you're so inclined to such things. And the final chapters round out the book describing the output formats and data files used by NMAP with examples and explanations on use.

On the cover page, Lyon promises to tell you how to use NMAP to solve real world network security and network management tasks. He delivers on that promise with clear and concise text, screen shots, and examples. If you use NMAP, this is a must-have book.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll