Chapter 14. Understanding and Customizing Nmap Data Files


Nmap relies on seven data files for port scanning and other operations, all of which have names beginning with nmap-. One example is nmap-services, a registry of port names to their corresponding port number and protocol. The others, which this chapter describes one by one, are nmap-service-probes (version detection probe database), nmap-rpc (SunRPC program name to number database for direct RPC scanning), nmap-os-db (OS detection database), nmap-payloads (protocol-specific payloads), nmap-mac-prefixes (ethernet MAC address prefix (OUI) to vendor lookup table), and nmap-protocols (list of IP protocols for protocol scan). Additionally this chapter covers certain files related to scripting with the Nmap Scripting Engine. The source distribution installs these files in /usr/local/share/nmap/ and the official Linux RPMs put them in /usr/share/nmap/. Other distributions may install them elsewhere.

The latest versions of these files are kept at, though it is strongly recommended that users upgrade to the most recent Nmap version rather than grabbing newer data files à la carte. There are no guarantees that newer files will work with older versions of Nmap (though they almost always do), and the resulting Frankenstein versions of Nmap can confuse the operating system and service fingerprint submission process.

Most users never change the data files, but it can be handy for advanced users who might want to add a version fingerprint or port assignment for a custom daemon running at their company. This section provides a description of each file and how they are commonly changed. The general mechanism for replacing Nmap data files with custom versions is then discussed. A couple of the files don't relate to port scanning directly, but they are all discussed here for convenience.