Index

Options

summary of options, Options Summary-Options Summary

summary of options (Nping), Options Summary-Options Summary

--adler32, Firewall/IDS Evasion and Spoofing

--allow (Ncat option), Access Control Options

--allowfile (Ncat option), Access Control Options

--allports, Exclude Directive, Service and Version Detection

--append-output, Output Format and Verbosity Options, Controlling Output Type, Output

--append-output (Ncat option), Output Options

--arp (Nping option), Probe Modes

--arp-sender-ip (Nping option), ARP Mode

--arp-sender-mac (Nping option), ARP Mode

--arp-target-ip (Nping option), ARP Mode

--arp-target-mac (Nping option), ARP Mode

--arp-type (Nping option), ARP Mode, ARP Types, Ethernet Types

--badsum, The Bogus TCP Checksum Trick, Firewall/IDS Evasion and Spoofing

caveats of, The Bogus TCP Checksum Trick
example of, The Bogus TCP Checksum Trick

--badsum (Nping option), TCP Mode

--badsum-ip (Nping option), IPv4 Options

--bpf-filter (Nping option), Miscellaneous Options

--broker (Ncat option), Listen Mode Options

--chat (Ncat option), Listen Mode Options

--confdir (Zenmap option>, Options Summary

--count (Nping option), Miscellaneous Options

--crlf (Ncat option), Misc Options

--data, Firewall/IDS Evasion and Spoofing

--data (Nping option), Payload Options

--data-length, UDP Ping (-PU<port list>), IP Protocol Ping (-PO<protocol list>), Related Options, Evade specific rules, Firewall/IDS Evasion and Spoofing

no effect in OS detection, Sequence generation (SEQ, OPS, WIN, and T1), Firewall/IDS Evasion and Spoofing

--data-length (Nping option), Payload Options

--data-string, Firewall/IDS Evasion and Spoofing

--data-string (Nping option), Payload Options

--datadir, Well Known Port List: nmap-services, SunRPC Numbers: nmap-rpc, Using Customized Data Files, Miscellaneous Options

--defeat-icmp-ratelimit, Timing and Performance

--defeat-rst-ratelimit, Timing and Performance, Output

--delay (Ncat option), Timing Options

--delay (Nping option), Timing and Performance Options

--deny (Ncat option), Access Control Options

--denyfile (Ncat option), Access Control Options

--dest-ip (Nping option), IPv4 Options, IPv6 Options

--dest-mac (Nping option), Ethernet Options

--dest-port (Nping option), TCP Connect Mode, UDP Mode

--df (Nping option), IPv4 Options

--disable-arp-ping, Host Discovery

--discovery-ignore-rst, Host Discovery

--dns-servers, DNS Resolution, List Scan (-sL), Related Options, DNS proxying, Target Specification

--ec (Nping option) (see --echo-client)

--echo-client (Nping option), Echo Mode

example of, Echo Mode

--echo-port (Nping option), Echo Mode

--echo-server (Nping option), Echo Mode

--ep (Nping option) (see --echo-port)

--es (Nping option) (see --echo-server)

--ether-type (Nping option), Ethernet Options

--evil (Nping option), IPv4 Options

--exclude, Excluding Targets (--exclude, --excludefile <filename>), Target Specification

example of, Practical Examples

--exclude-ports, Port Specification and Scan Order

--excludefile, Excluding Targets (--exclude, --excludefile <filename>), Target Specification

--exec (Ncat option), Command Execution Options

--file (Zenmap option>, Options Summary

--filter (Nping option) (see --bpf-filter)

--flags (Nping option), TCP Mode

--flow (Nping option), IPv6 Options

--fuzzy (see --osscan-guess)

--h (Nping option) (see --help)

--help, Miscellaneous Options

--help (Ncat option), Misc Options

--help (Nping option), Miscellaneous Options

--help (Zenmap option>, Options Summary

--hex-dump (Ncat option), Output Options

--hide-sent (Nping option), Miscellaneous Options

--hop-limit (Nping option), IPv6 Options

--host-timeout, Timing-related Options, Speeding Up UDP Scans, Timing and Performance

example of, Solution

--icmp (Nping option), Probe Modes

--icmp-advert-entry (Nping option), ICMP Mode

--icmp-advert-lifetime (Nping option), ICMP Mode

--icmp-code (Nping option), ICMP Mode, ICMP Codes

--icmp-id (Nping option), ICMP Mode

--icmp-orig-time (Nping option), ICMP Mode

--icmp-param-pointer (Nping option), ICMP Mode

--icmp-recv-time (Nping option), ICMP Mode

--icmp-redirect-addr (Nping option), ICMP Mode

--icmp-seq (Nping option), ICMP Mode

--icmp-trans-time (Nping option), ICMP Mode

--icmp-type (Nping option), ICMP Mode, ICMP Types

--id (Nping option), IPv4 Options

--idle-timeout (Ncat option), Timing Options

--iflist, Output

--initial-rtt-timeout, Related Options, Timing-related Options, Timing and Performance

example of, Solution, Discussion, Solution

--interface (Nping option), Miscellaneous Options

--ip-options, Source Routing, Unexplained TTL jumps, Firewall/IDS Evasion and Spoofing

example of, A Practical Real-life Example of Firewall Subversion

--ip-options (Nping option), IPv4 Options

--ipv6 (Nping option), IPv6 Options

--keep-open (Ncat option), Listen Mode Options

--listen (Ncat option), Listen Mode Options

--lua-exec (Ncat option), Command Execution Options

--max-conns (Ncat option), Listen Mode Options

--max-hostgroup, Timing-related Options, A practical example: bypassing default Snort 2.2.0 rules, Timing and Performance

--max-os-tries, Omit Non-critical Tests, Usage and Examples, OS Detection

--max-parallelism, Related Options, Timing-related Options, Timing and Performance

example of, Scanning 676,352 IP Addresses in 46 Hours

--max-rate, Timing-related Options, Timing and Performance

--max-retries, Timing-related Options, Timing and Performance

example of, Solution

--max-rtt-timeout, Related Options, Timing-related Options, Introduction, Timing and Performance

example of, Solution, Discussion, Scanning 676,352 IP Addresses in 46 Hours, Solution, Manipulating XML Output with Perl

--max-scan-delay, Timing-related Options, Timing and Performance

example of, Solution

--mf (Nping option), IPv4 Options

--min-hostgroup, Timing-related Options, Speeding Up UDP Scans, Timing and Performance

example of, Solution, Discussion, Estimate and Plan for Scan Time, Scanning 676,352 IP Addresses in 46 Hours, Solution

--min-parallelism, Related Options, Timing-related Options, Timing and Performance

--min-rate, Timing-related Options, Network Condition Monitoring, Timing and Performance

--min-rtt-timeout, Related Options, Timing-related Options, Timing and Performance

--mtu, Firewall/IDS Evasion and Spoofing

--mtu (Nping option), IPv4 Options

--nc (Nping option) (see --no-crypto)

--nmap (Zenmap option>, Options Summary

--no-capture (Nping option), Miscellaneous Options

--no-crypto (Nping option), Echo Mode

--no-shutdown (Ncat option), Misc Options

--no-stylesheet, Creating HTML Reports, Output

--nodns (Ncat option), Misc Options

--noninteractive, Output

--nsock-engine, Timing and Performance

--once (Nping option), Echo Mode

--open, Output Format and Verbosity Options, Output

example of, Target Specification

--osscan-guess, Usage and Examples, IPv4 matching, Dealing with Misidentified and Unidentified Hosts, OS Detection

--osscan-limit, Omit Non-critical Tests, Usage and Examples, OS Detection

example of, Scanning 676,352 IP Addresses in 46 Hours

--output (Ncat option), Output Options

--packet-trace, Related Options, Output Format and Verbosity Options, Unexplained TTL jumps, Detecting Packet Forgery by Firewall and Intrusion Detection Systems, Enabling Packet Tracing, Output

example of, ARP Scan (-PR), TCP SYN (Stealth) Scan (-sS), Idle Scan Implementation Algorithms, A Practical Real-life Example of Firewall Subversion, Enabling Packet Tracing

--port-ratio, Port Specification and Scan Order

--privileged, Miscellaneous Options

--privileged (Nping option), Miscellaneous Options

--profile (Zenmap option>, Options Summary

--proxies, Firewall/IDS Evasion and Spoofing

--proxy (Ncat option), Proxy Options

--proxy-auth (Ncat option), Proxy Options

--proxy-dns (Ncat option), Proxy Options

--proxy-type (Ncat option), Proxy Options

--randomize-hosts, Related Options, Scatter probes across networks rather than scanning hosts consecutively, Firewall/IDS Evasion and Spoofing

--rate (Nping option), Timing and Performance Options

example of, A Practical Real-life Example of Firewall Subversion
implied by -d, Output

--recv-only (Ncat option), Misc Options

--reduce-verbosity (Nping option), Output Options

--release-memory, Miscellaneous Options

--resolve-all, Target Specification

--resume, Output Format and Verbosity Options, Resuming Aborted Scans, Output

--safe-payloads (Nping option), Echo Mode

--scan-delay, Timing-related Options, A practical example: bypassing default Snort 2.2.0 rules, Timing and Performance

example of, A practical example: bypassing default Snort 2.2.0 rules

--scanflags, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Custom Scan Types with --scanflags-Custom Scan Types with --scanflags, Evade specific rules, Close Analysis of Packet Headers and Contents, Port Scanning Techniques

example of, Custom SYN/FIN Scan

--script, Usage and Examples, Command-line Arguments, Script Selection, Nmap Scripting Engine (NSE)

--script-args, Usage and Examples, Command-line Arguments, Nmap Scripting Engine (NSE)

example of, Arguments to Scripts, Complete Examples

--script-args-file, Usage and Examples, Command-line Arguments, Nmap Scripting Engine (NSE)

--script-help, Usage and Examples, Command-line Arguments, Nmap Scripting Engine (NSE)

example of, Command-line Arguments

--script-timeout, Timing and Performance

--script-trace, Usage and Examples, Command-line Arguments, Nmap Scripting Engine (NSE)

example of, Complete Examples

--script-updatedb, Usage and Examples, Command-line Arguments, Files Related to Scripting, Nmap Scripting Engine (NSE)

--sctp (Ncat option), Protocol Options

--send-eth, Fragmentation, Firewall/IDS Evasion and Spoofing, Miscellaneous Options

example of, ARP Scan (-PR)
implied by --spoof-mac, MAC Address Spoofing, Firewall/IDS Evasion and Spoofing

--send-eth (Nping option), Miscellaneous Options

--send-ip, Disable Port Scan (-sn), ARP Scan (-PR), Miscellaneous Options

example of, ARP Scan (-PR)

--send-ip (Nping option), Miscellaneous Options

--send-only (Ncat option), Misc Options

--seq (Nping option), TCP Mode

--servicedb, Well Known Port List: nmap-services, Miscellaneous Options

--sh-exec (Ncat option), Command Execution Options

--source (Ncat option), Connect Mode Options

--source-ip (Nping option), IPv4 Options, IPv6 Options

--source-mac (Nping option), Ethernet Options

--source-port, Related Options, Source Port Manipulation, Firewall/IDS Evasion and Spoofing

example of, Designing the ideal combinations of probes

--source-port (Ncat option), Connect Mode Options

--source-port (Nping option), TCP Connect Mode, UDP Mode

--spoof-mac, Information Passed to a Script, MAC Address Spoofing, Firewall/IDS Evasion and Spoofing

--ssl (Ncat option), SSL Options

--ssl-alpn (Ncat option), SSL Options

--ssl-cert (Ncat option), SSL Options

--ssl-ciphers (Ncat option), SSL Options

--ssl-key (Ncat option), SSL Options

--ssl-servername (Ncat option), SSL Options

--ssl-trustfile (Ncat option), SSL Options

--ssl-verify (Ncat option), SSL Options

--stats-every, Output

--stylesheet, Creating HTML Reports, Output

--system-dns, DNS Resolution, Omit Non-critical Tests, Target Specification

--target (Zenmap option>, Options Summary

--tcp (Nping option), Probe Modes

example of, Description

--tcp-connect (Nping option), Probe Modes

--telnet (Ncat option), Misc Options

--top-ports, Port Specification and Scan Order

--tos (Nping option), IPv4 Options

--traceroute, Unexplained TTL jumps, An Overview of the “Topology” Tab, Searching Saved Results, Host Discovery

example of, Finding an Organization's IP Addresses, Unexplained TTL jumps

--traffic-class (Nping option), IPv6 Options

--ttl (Nping option), IPv4 Options

--udp (Ncat option), Protocol Options

--udp (Nping option), Probe Modes

--unique, Target Specification

--unixsock (Ncat option), Protocol Options

--unprivileged, Miscellaneous Options

--unprivileged (Nping option), Miscellaneous Options

--verbose (Ncat option), Output Options

--verbose (Nping option), Output Options

--verbose (Zenmap option>, Options Summary

--version, Miscellaneous Options

example of, Testing Whether Nmap is Already Installed

--version (Ncat option), Misc Options

--version (Nping option), Miscellaneous Options

--version-all, Technique Described, Probe Selection and Rarity, Service and Version Detection

--version-intensity, Speeding Up UDP Scans, Technique Described, Probe Selection and Rarity, Service and Version Detection

--version-light, Technique Described, Probe Selection and Rarity, Service and Version Detection

--version-trace, Technique Demonstrated, Service and Version Detection

example of, Technique Demonstrated

--versiondb, Miscellaneous Options

--vsock (Ncat option), Protocol Options

--wait (Ncat option), Timing Options

--webxml, Creating HTML Reports, Output

--win (Nping option), TCP Mode

-4 (Ncat option), Protocol Options

example of, Practical Examples, IPv6 Scanning (-6), IPv6 Attacks

-6 (Ncat option), Protocol Options

-6 (Nping option) (see --ipv6)

-A, Version Scanning DB: nmap-service-probes, Miscellaneous Options

example of, Avatar Online, A Quick Port Scanning Tutorial, Usage and Examples, RPC Grinding, Solution, Description
features enabled by, A Quick Port Scanning Tutorial, Omit Non-critical Tests, Usage and Examples, Command-line Arguments, Miscellaneous Options

-b, Selecting Scan Techniques, TCP FTP Bounce Scan (-b), Port Scanning Techniques

example of, TCP FTP Bounce Scan (-b), FTP Bounce Scan

-c (Ncat option) (see --sh-exec)

-C (Ncat option) (see --crlf)

-c (Nping option) (see --count)

example of, Description

-d, Output Format and Verbosity Options, Enabling Debugging Output, Output

example of, Technique Demonstrated, Enabling Debugging Output
giving more than once, Enabling Debugging Output, Enabling Packet Tracing, Output

-d (Ncat option) (see --delay)

-d (Nping option), Output Options

-e (Ncat option) (see --exec)

-e (Nping option) (see --interface)

-F, Selecting Ports to Scan, Distinguishing Open from Filtered UDP Ports, IP Protocol Scan (-sO), Port Selection Data and Strategies, Port Specification and Scan Order

example of, Scanning 676,352 IP Addresses in 46 Hours, Look for TTL Consistency

-f, Fragmentation, Firewall/IDS Evasion and Spoofing

giving twice, Firewall/IDS Evasion and Spoofing

-f (Zenmap option> (see --file)

example of, Source Port Manipulation

-g (GCC option), IBM AIX

-g (Ncat option), Source Routing, Connect Mode Options

-G (Ncat option), Connect Mode Options

-g (Nping option) (see --source-port)

-h, Miscellaneous Options

-h (Ncat option) (see --help)

-H (Nping option) (see --hide-sent)

-h (Zenmap option> (see --help)

-i (Ncat option) (see --idle-timeout)

-iL, Input From List (-iL), Related Options, Target Specification

example of, Practical Examples, Designing the ideal combinations of probes, Scanning 676,352 IP Addresses in 46 Hours
randomizing hosts with, Scatter probes across networks rather than scanning hosts consecutively, Firewall/IDS Evasion and Spoofing

-iR, Choose Targets at Random (-iR <numtargets>), Related Options, Finding a Working Idle Scan Zombie Host, Target Specification

example of, Choose Targets at Random (-iR <numtargets>), Designing the ideal combinations of probes, Estimate and Plan for Scan Time, Status field, Target Specification, Examples

-k (Ncat option) (see --keep-open)

-l (Ncat option) (see --listen)

-m (Ncat option) (see --max-conns)

-n, DNS Resolution, Related Options, DNS proxying, Target Specification

example of, Designing the ideal combinations of probes, Discussion, Estimate and Plan for Scan Time

-n (Ncat option) (see --nodns)

-N (Nping option) (see --no-capture)

-n (Zenmap option> (see --nmap)

-O, Usage and Examples, Seq Index field, Nmap OS Detection DB: nmap-os-db, OS Detection

example of, Scanning 676,352 IP Addresses in 46 Hours, Usage and Examples, Hiding Services on Obscure Ports, OS Spoofing, Examples
to identify idle scan zombie candidates, Finding a Working Idle Scan Zombie Host

-o (Ncat option) (see --output)

-oA, Output Format and Verbosity Options, Solution, Controlling Output Type, Output

example of, Avatar Online, Designing the ideal combinations of probes, Solution
in Zenmap, Output Files

-oG, MadHat in Wonderland, Output Format and Verbosity Options, Grepable Output (-oG), Output

example of, Discussion, Solution, Grepable Output (-oG), Status field, Examples
in Zenmap, Output Files

-oN, Output Format and Verbosity Options, Normal Output (-oN), Output

example of, OS Spoofing, Normal Output (-oN)
in Zenmap, Output Files

-oS, $crIpT kIddI3 0uTPut (-oS), Output

example of, $crIpT kIddI3 0uTPut (-oS)
in Zenmap, Output Files

-oX, Output Format and Verbosity Options, Command-line Arguments, XML Output (-oX), Output

example of, Scanning 676,352 IP Addresses in 46 Hours, XML Output (-oX), Examples
in Zenmap, Output Files

-p, Selecting Ports to Scan, Port Specification and Scan Order

example of, TCP SYN (Stealth) Scan (-sS), Idle Scan Implementation Algorithms, Solution, Examples
to select protocols, IP Protocol Scan (-sO)

-p (Ncat option) (see --source-port)

-p (Nping option) (see --dest-port)

example of, Description

-p (Zenmap option> (see --profile)

-P0, Host Discovery

(see also -Pn)

-PA, TCP ACK Ping (-PA<port list>), Host Discovery

example of, Avatar Online, Designing the ideal combinations of probes

-PE, ICMP Ping Types (-PE, -PP, and -PM), Host Discovery

example of, Avatar Online, Host Discovery Techniques, Designing the ideal combinations of probes, Scanning 676,352 IP Addresses in 46 Hours, A Practical Real-life Example of Firewall Subversion

-PM, ICMP Ping Types (-PE, -PP, and -PM), Host Discovery

-Pn, Disable Ping (-Pn), Miscellaneous Options, Omit Non-critical Tests, Host Discovery

example of, Idle Scan Implementation Algorithms, TCP FTP Bounce Scan (-b), Examples
with idle scan, Executing an Idle Scan, Idle Scan Implementation Algorithms

-PN, Host Discovery

(see also -Pn)

-PO, IP Protocol Ping (-PO<protocol list>), Host Discovery

-PP, ICMP Ping Types (-PE, -PP, and -PM), Host Discovery

example of, Avatar Online

-PR, Disable Port Scan (-sn), ARP Scan (-PR)

example of, ARP Scan (-PR)

-PS, TCP SYN Ping (-PS<port list>), Host Discovery

example of, Avatar Online, Choose Targets at Random (-iR <numtargets>), Designing the ideal combinations of probes, Target Specification

-PU, UDP Ping (-PU<port list>), Host Discovery

example of, Avatar Online

-PY, Host Discovery

-q (Nping option) (see --reduce-verbosity)

-R, DNS Resolution, Related Options, Omit Non-critical Tests, Target Specification

example of, Host Discovery Techniques

-r, Miscellaneous Options, Port Specification and Scan Order

example of, Idle Scan Implementation Algorithms

-s (Ncat option) (see --source)

-S (Nping option) (see --source-ip)

-sA, Selecting Scan Techniques, TCP ACK Scan (-sA), Port Scanning Techniques

example of, TCP ACK Scan (-sA), ACK Scan

-sC, Usage and Examples, Command-line Arguments, Nmap Scripting Engine (NSE)

example of, Introduction

-sF, Selecting Scan Techniques, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Port Scanning Techniques

example of, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Exotic Scan Flags

-sI, Selecting Scan Techniques, TCP Idle Scan (-sI), Port Scanning Techniques

example of, Executing an Idle Scan, Idle Scan Implementation Algorithms, A Practical Real-life Example of Firewall Subversion

-sL, Practical Examples, List Scan (-sL), Host Discovery

example of, Avatar Online, List Scan (-sL), Designing the ideal combinations of probes, Status field
randomizing hosts with, A practical example: bypassing default Snort 2.2.0 rules

-sM, Selecting Scan Techniques, TCP Maimon Scan (-sM), Port Scanning Techniques

example of, TCP Maimon Scan (-sM)

-sn, Disable Port Scan (-sn), Omit Non-critical Tests, Host Discovery

example of, Disable Port Scan (-sn), Host Discovery Techniques, Designing the ideal combinations of probes, Enabling Packet Tracing

-sN, Selecting Scan Techniques, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Port Scanning Techniques

-sO, Selecting Scan Techniques, IP Protocol Scan (-sO), Grepable Output Fields, Protocols field, Port Scanning Techniques

example of, IP Protocol Scan (-sO), Protocols field

-sP, Host Discovery

(see also -sn)

-sR, Service and Version Detection

-sS, Is Unauthorized Port Scanning a Crime?, Selecting Scan Techniques, TCP SYN (Stealth) Scan (-sS), Port Scanning Techniques

example of, Avatar Online, Choose Targets at Random (-iR <numtargets>), TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), ACK Scan, Target Specification, Examples

-sT, Is Unauthorized Port Scanning a Crime?, Selecting Scan Techniques, TCP Connect Scan (-sT), Port Scanning Techniques

example of, TCP Connect Scan (-sT), Manipulating XML Output with Perl

-sU, Selecting Scan Techniques, UDP Scan (-sU), Port Scanning Techniques

example of, UDP Scan (-sU), UDP Version Scanning

-sV, Distinguishing Open from Filtered UDP Ports, Speeding Up UDP Scans, Usage and Examples, Command-line Arguments, Version Scanning DB: nmap-service-probes, Service and Version Detection

example of, IPv6 Scanning (-6), Introduction, Technique Demonstrated, SSL Post-processor Notes, Solution

-sW, Selecting Scan Techniques, TCP Window Scan (-sW), Port Scanning Techniques

example of, TCP Window Scan (-sW)

-sX, Selecting Scan Techniques, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Port Scanning Techniques

example of, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX)

-sY, Port Scanning Techniques

-sZ, Port Scanning Techniques

-t (Ncat option) (see --telnet)

-t (Zenmap option> (see --target)

-T0 (see paranoid timing template)

-T1 (see sneaky timing template)

-T2 (see polite timing template)

-T3 (see normal timing template)

-T4 (see aggressive timing template)

-T5 (see insane timing template)

-U (Ncat option) (see --unixsock)

-u (Ncat option) (see --udp)

example of, Usage and Examples, Controlling Verbosity of Output, Examples
extra output enabled by, Controlling Verbosity of Output-Controlling Verbosity of Output
giving more than once, Controlling Verbosity of Output, Output
implied by -d, Enabling Debugging Output

-V, Miscellaneous Options

-v (Ncat option) (see --verbose)

-V (Nping option) (see --version)

-v (Nping option) (see --verbose)

-v (Zenmap option> (see --verbose)

-w (Ncat option) (see --wait)

-x (Ncat option) (see --hex-dump)

31337 (see default port of Ncat)

A

A (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), TCP acknowledgment number (A)

A scan, Comparing Results

a: (Zenmap search criterion, short for after:), Searching Saved Results

acceptable use policy, Is Unauthorized Port Scanning a Crime?

ACK (TCP flag), TCP Mode

ACK ping, TCP ACK Ping (-PA<port list>), Host Discovery

(see also -PA)

ACK scan, Selecting Scan Techniques, TCP ACK Scan (-sA)-TCP ACK Scan (-sA), ACK Scan, Port Scanning Techniques

(see also -sA)

“action” script variable, Action, Information Passed to a Script, The Action

adaptive retransmission (see retransmission)

address ranges, Avatar Online, Specifying Target Hosts and Networks, Target Specification, Target Specification

Adler32 checksum, Firewall/IDS Evasion and Spoofing

administrator privileges (see privileged users)

afp NSE library, List of All Libraries

after: (Zenmap search criterion), Searching Saved Results

aggregated results (Zenmap), Scan Aggregation, The “Scans” tab, An Overview of the “Topology” Tab

aggressive (-T4) timing template, Avatar Online, Related Options, Timing Templates (-T), Timing and Performance

“Aggressive OS guesses:”, Usage and Examples

AIX, installing on, IBM AIX

ajp NSE library, List of All Libraries

AmigaOS, installing on, AmigaOS

amqp NSE library, List of All Libraries

announce mailing list, Port Scanning Techniques

Antirez, TCP Idle Scan (-sI)

Apple Gatekeeper, Executable Installer

Apple Mac OS X (see Mac OS X)

apt-get, Debian Linux and Derivatives such as Ubuntu

argv, XML Output (-oX)

ARIN (American Registry for Internet Numbers), Avatar Online, Whois Queries Against IP Registries, Discussion

ARP ping, ARP Scan (-PR), Host Discovery

(see also -PR)
overriding other ping types, Disable Port Scan (-sn), ARP Scan (-PR)

ARP types

mnemonics of, in Nping, ARP Types-ARP Types

as (assembler), IBM AIX

AS number (see autonomous system number)

asn-query script, Mutexes

asn1 NSE library, List of All Libraries

“auth” script category, Script Categories

auth service, TCP probe and port selection, Designing the ideal combinations of probes, Dealing with Misidentified and Unidentified Hosts, Script Writing Tutorial, Look for TTL Consistency

auth-owners script, The Head, Ports field

“author” script variable, author Field , Version Detection Using NSE, Example Script: finger

authorized users (see privileged users)

auto (nmap-os-db), CPE name (CPE lines)

autonomous system (AS) number, Internet Routing Information

B

B scan, Comparing Results
b: (Zenmap search criterion, short for before:), Searching Saved Results
base32 NSE library, List of All Libraries
base64 NSE library, List of All Libraries
Beale, Jay, Source Port Manipulation
before: (Zenmap search criterion), Searching Saved Results
Bell, Eddie, Example Script: finger
Berrueta, David Barroso, OS Spoofing
BGP (see Border Gateway Protocol)
bin NSE library, List of All Libraries
binary packages, If You Encounter Compilation Problems
binutils, IBM AIX
bit NSE library, List of All Libraries
bitcoin NSE library, List of All Libraries
bittorrent NSE library, List of All Libraries
bjnp NSE library, List of All Libraries
black hat, Is Unauthorized Port Scanning a Crime?, TCP SYN (Stealth) Scan (-sS)
blind TCP spoofing, Usage and Examples, Decoding the Subject Fingerprint Format, Seq Index field
Boolean expressions in script selection, Script Selection, Nmap Scripting Engine (NSE)
Border Gateway Protocol (BGP), Internet Routing Information
“broadcast” script category, Script Categories
broken IP ID increment, IP ID sequence generation algorithm (TI, CI, II)
brute NSE library, List of All Libraries
“brute” script category, Script Categories
BSDs, FreeBSD / OpenBSD / NetBSD
bugs, reporting, Bugs, Bugs

C

ca-bundle.crt, SSL Options

Cain and Abel, The History and Future of Nmap

Cain, Michael, A Practical Real-life Example of Firewall Subversion

Casorran, Diego, AmigaOS

cassandra NSE library, List of All Libraries

“categories” script variable, categories Field, The Head, Example Script: finger

CC (OS detection response test), TCP explicit congestion notification (ECN), Explicit congestion notification (CC)

CD (OS detection response test), ICMP echo (IE), ICMP response code (CD)

certification revocation, SSL Options

CFLAGS, Environment Variables, IBM AIX

cfp: (Zenmap search criterion, short for closed|filtered:), Host Filtering, Searching Saved Results

changelog, The History of Nmap, Testing Whether Nmap is Already Installed, Authors

cheats (version detection), Cheats and Fallbacks

checksums, The Bogus TCP Checksum Trick, Firewall/IDS Evasion and Spoofing

(see also --badsum)
and OS detection, Integrity of returned probe IP checksum value (RIPCK)
of RST data, TCP RST data checksum (RD)

CI (OS detection response test), IP ID sequence generation algorithm (TI, CI, II)

CIDR (Classless Inter-Domain Routing), Avatar Online, Is Unauthorized Port Scanning a Crime?, Specifying Target Hosts and Networks, Target Specification, Target Specification

Cisco Security Agent, Escalating Arms Race

citrixxml NSE library, List of All Libraries

Class (nmap-os-db), Device and OS classification (Class lines)

Classless Inter-Domain Routing (see CIDR)

client mode (Ncat) (see connect mode)

closed port state, Avatar Online, What is Port Scanning?, TCP SYN (Stealth) Scan (-sS), Host Filtering, Searching Saved Results, Description, Port Scanning Basics

closed: (Zenmap search criterion), Host Filtering, Searching Saved Results

closed|filtered port state, What is Port Scanning?, Idle Scan Step by Step, Idle Scan Implementation Algorithms, Host Filtering, Searching Saved Results, Description, Port Scanning Basics

closed|filtered: (Zenmap search criterion), Host Filtering, Searching Saved Results

comm NSE library, List of All Libraries

command-line options

of Nmap, Options Summary-Options Summary
of Nping, Options Summary-Options Summary
of Zenmap, Command-line Options

Common Platform Enumeration, Common Platform Enumeration (CPE)-Common Platform Enumeration (CPE)

hardware, Structure of a CPE Name
operating system, Introduction, Usage and Examples, CPE name (CPE lines), Structure of a CPE Name, OS Detection
service, Structure of a CPE Name, Service and Version Detection

comparing results (Zenmap), Comparing Results-Comparing Results

compilation, Linux/Unix Compilation and Installation from Source Code

problems with, If You Encounter Compilation Problems

Computer Fraud and Abuse Act, Is Unauthorized Port Scanning a Crime?

Computer Misuse Act, Is Unauthorized Port Scanning a Crime?

concurrent execution, Execute Concurrent Nmap Instances

configure directives, Configure Directives

congestion control, Congestion Control, Introduction, Increase Available Bandwidth and CPU Time

connect mode (Ncat), Connect Mode and Listen Mode

connect scan, Selecting Scan Techniques, TCP Connect Scan (-sT)-TCP Connect Scan (-sT), Port Scanning Techniques, Firewall/IDS Evasion and Spoofing

(see also -sT)

conspicuous scans, Avoid easily detected Nmap features, Detect Nmap Scans

copyright, Introduction, Nmap Copyright, Nmap Copyright and Licensing, Ncat Copyright and Licensing

of scripts, license Field

country code, Zenmap in Your Language

cp: (Zenmap search criterion, short for closed:), Host Filtering, Searching Saved Results

CPE, Information Passed to a Script (see Common Platform Enumeration)

CPE (nmap-os-db), CPE name (CPE lines)

cpe:// (CPE) version detection field, match Directive

crashing targets, Can Port Scanning Crash the Target Computer/Networks?, Scan Proactively, Then Close or Block Ports and Fix Vulnerabilities, No Warranty

CRC32C checksum, Firewall/IDS Evasion and Spoofing

creds NSE library, List of All Libraries

CRLF line ending, Misc Options

CT (SCAN line test), Decoding the SCAN line of a subject fingerprint

CU (SCAN line test), Decoding the SCAN line of a subject fingerprint

cvs NSE library, List of All Libraries

CWR (TCP flag), TCP Mode

CXXFLAGS, Environment Variables

Cygwin, Command-line Zip Binaries, Compile from Source Code

D

D (SCAN line test), Decoding the SCAN line of a subject fingerprint

d// (device type) version detection field, match Directive, Device Types

d: (Zenmap search criterion, short for date:), Searching Saved Results

data files, Understanding and Customizing Nmap Data Files-Understanding and Customizing Nmap Data Files

customizing, Using Customized Data Files-Using Customized Data Files
directory search order, Command-line Arguments, Using Customized Data Files, Nmap Scripting Engine (NSE)
used by Zenmap, Files Used by Zenmap-Files Used by Zenmap

database, output to a, Output to a Database

datafiles NSE library, List of All Libraries

date: (Zenmap search criterion), Searching Saved Results

DC (SCAN line test), Decoding the SCAN line of a subject fingerprint

Debian, Configure Directives

Debian, installing on, Debian Linux and Derivatives such as Ubuntu

debug levels of Nping, Output Options

debugging, Enabling Debugging Output, Output

(see also -d)
Zenmap, Error Output

decoys, TCP Idle Scan (-sI), IP ID Tricks, Decoys, Firewall/IDS Evasion and Spoofing

which scans use, Decoys, Service and Version Detection

default port of Ncat, Connect Mode and Listen Mode

default ports, What Exactly is a Port?, A Quick Port Scanning Tutorial, Selecting Ports to Scan, Omit Non-critical Tests, Port Specification and Scan Order

default script category, The Head

“default” script category, Script Categories

DEFAULT_PROTO_PROBE_PORT_SPEC, IP Protocol Ping (-PO<protocol list>), Host Discovery

DEFAULT_SCTP_PROBE_PORT_SPEC, Host Discovery

DEFAULT_TCP_PROBE_PORT_SPEC, TCP SYN Ping (-PS<port list>), Host Discovery

DEFAULT_UDP_PROBE_PORT_SPEC, UDP Ping (-PU<port list>), Host Discovery

defending against Nmap, Defenses Against Nmap

denial of service, Exploit Chronology

against reactive IDSs, DoS Attacks Against Reactive Systems, Reactive Port Scan Detection

deny by default, Avatar Online, TCP probe and port selection, Congestion Control, Standard SYN Scan, ACK Scan, Block and Slow Nmap with Firewalls

(see also filtered port state)

“dependencies” script variable, dependencies Field

“description” script variable, description Field, The Head, Version Detection Using NSE, Example Script: finger

detecting scans, Detect Nmap Scans

device type (OS detection), Device and OS classification (Class lines), Device Types

“Device type:”, Usage and Examples

DF (OS detection response test), IP don't fragment bit (DF)

DFI (OS detection response test), ICMP echo (IE), Don't fragment (ICMP) (DFI)

dhcp NSE library, List of All Libraries

dhcp6 NSE library, List of All Libraries

diff (see comparing results)

dig command, Discussion

digests, cryptographic, Verifying the Integrity of Nmap Downloads

dir: (Zenmap search modifier), Searching Saved Results

“discovery” script category, Script Categories

disk image (Mac OS X), Executable Installer

DLI (retired OS detection response test), Retired Tests

.dmg (Mac OS X disk image), Executable Installer

DNS, DNS Resolution

misleading records, Naming conventions
records as source of information, DNS Resolution, WAP Characteristics, A Practical Real-life Example of Firewall Subversion, Host Discovery
selecting servers, Scan From a Favorable Network Location, DNS proxying
zone transfer, DNS Tricks

dns NSE library, List of All Libraries

DNS resolution, Target Specification

dnsbl NSE library, List of All Libraries

dnssd NSE library, List of All Libraries

document type definition (DTD), XML Output (-oX), Purpose

“dos” script category, Script Categories

downloading, Testing Whether Nmap is Already Installed, Downloading Nmap

drda NSE library, List of All Libraries

DS (SCAN line test), Decoding the SCAN line of a subject fingerprint

DTD (see document type definition)

dynamic ports, What Exactly is a Port?

E

eap NSE library, List of All Libraries

“Easy” TCP sequence generation class, Usage and Examples

ECN (see explicit congestion notification)

ECN (OS fingerprint category line), TCP explicit congestion notification (ECN)

ECN (TCP flag), TCP Mode

egress filtering, TCP Idle Scan (-sI)

eigrp NSE library, List of All Libraries

Enright, Brandon, Version Detection Using NSE

“environment” script variable, Environment Variables

environment variables

in configuration, Environment Variables

environment.plist, Zenmap in Your Language

ephemeral ports, What Exactly is a Port?

Ereet, TCP SYN (Stealth) Scan (-sS), Distinguishing Open from Filtered UDP Ports, Custom SYN/FIN Scan, TCP Window Scan (-sW), Executing an Idle Scan, IP Protocol Scan (-sO)

escaping

in XML output, XML Output (-oX)

estimating scan time, Estimate and Plan for Scan Time, Controlling Verbosity of Output

Ethernet types

mnemonics of, in Nping, Ethernet Types

example.com, Finding an Organization's IP Addresses

exceptions in NSE, Exception Handling, The Action

Exclude directive (nmap-service-probes), Technique Described, Exclude Directive, Putting It All Together, Service and Version Detection

excluding targets, Excluding Targets (--exclude, --excludefile <filename>), Target Specification

(see also --exclude and --excludefile)

explicit congestion notification (ECN), TCP explicit congestion notification (ECN), Explicit congestion notification (CC), Enabling Packet Tracing

“exploit” script category, Script Categories

export control, United States Export Control

“external” script category, Script Categories

F

F (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), TCP flags (F)

fallback directive (nmap-service-probes), fallback Directive

fallbacks (version detection), Technique Described, Cheats and Fallbacks

family (OS detection), Device and OS classification (Class lines)

fast scan (see -F)

Fedora (Linux distribution)

installing on, with RPM, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)
installing on, with Yum, Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum

Felix (penetration tester), Avatar Online

filtered port state, Avatar Online, What is Port Scanning?, TCP SYN (Stealth) Scan (-sS), Host Filtering, Searching Saved Results, Description, Port Scanning Basics

filtered: (Zenmap search criterion), Host Filtering, Searching Saved Results

filtering, Host Filtering

(see also host filtering in Zenmap)

FIN (TCP flag), TCP Mode

FIN scan, Selecting Scan Techniques, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX)-TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), ACK Scan, Exotic Scan Flags, Port Scanning Techniques

(see also -sF)

finding an organization's addresses, Finding an Organization's IP Addresses

from routing information, Internet Routing Information
using DNS, DNS Tricks
using whois, Whois Queries Against IP Registries

finger script, Example Script: finger

fingerprint (see OS fingerprint and service fingerprint)

Fingerprint (nmap-os-db), Free-form OS description (Fingerprint line)

fingerprinting (see version detection, OS detection)

Fink, Third-party Packages

firewalls, TCP ACK Ping (-PA<port list>), Distinguishing Open from Filtered UDP Ports, Introduction, Block and Slow Nmap with Firewalls

bypassing, UDP Ping (-PU<port list>), TCP Idle Scan (-sI), Detecting and Subverting Firewalls and Intrusion Detection Systems, Bypassing Firewall Rules, A Practical Real-life Example of Firewall Subversion, Firewall/IDS Evasion and Spoofing-Firewall/IDS Evasion and Spoofing
determining the rules of, Determining Firewall Rules
stateful, TCP ACK Ping (-PA<port list>), ACK Scan
UDP filtering, UDP Version Scanning

fisheye, Fisheye controls

Flow-Portscan (Snort module), A practical example: bypassing default Snort 2.2.0 rules

foreign languages (see translations)

forged packets (see spoofed packets)

“Formidable” TCP sequence generation class, Usage and Examples

four-way handshake, Host Discovery

fp: (Zenmap search criterion, short for filtered:), Host Filtering, Searching Saved Results

fragmentation, Fragment packets

DF bit, IP don't fragment bit (DF)
not used in OS detection, IP Fragmentation
to bypass firewalls, Fragmentation

Fragroute, Fragmentation

FreeBSD, installing on, FreeBSD / OpenBSD / NetBSD, FreeBSD Binary Package and Source Ports Instructions

FTP bounce scan, Selecting Scan Techniques, TCP FTP Bounce Scan (-b)-TCP FTP Bounce Scan (-b), Port Scanning Techniques

(see also -b)
bypassing firewalls with, FTP Bounce Scan
limited usefulness of, TCP FTP Bounce Scan (-b)

ftp NSE library, List of All Libraries

“fuzzer” script category, Script Categories

G

G (SCAN line test), Decoding the SCAN line of a subject fingerprint

Gatekeeper (see Apple Gatekeeper)

GCC, IBM AIX

GCD (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP ISN greatest common divisor (GCD)

general operation, General Operation

General Public License (see GNU General Public License)

generation (OS detection), Device and OS classification (Class lines)

gettext, Creating a new translation

Gibson, Chris, The History of Nmap

giop NSE library, List of All Libraries

.gnmap filename extension, Controlling Output Type

GNU General Public License, Introduction, The History of Nmap, Nmap Copyright and Licensing

GomoR, Passive Fingerprinting

“Good luck!” TCP sequence generation class, Usage and Examples

Google Summer of Code, The History of Nmap, History

GPL (see GNU General Public License)

gps NSE library, List of All Libraries

graphical user interface (see Zenmap)

Gray, JJ, Source Port Manipulation

grepable output, MadHat in Wonderland, Grepable Output (-oG)-Grepable Output (-oG), Output

comments in, Grepable Output (-oG), Output
deprecation of, XML Output (-oX), Grepable Output (-oG)
fields of, Grepable Output Fields
parsing, Parsing Grepable Output on the Command Line
resuming from, Resuming Aborted Scans

GUI (see Zenmap)

H

h// (hostname) version detection field, match Directive

half-open scan (see SYN scan)

hashes, cryptographic, Verifying the Integrity of Nmap Downloads

Hazel, Philip, Third-Party Software and Funding Notices

“hidden” services, Hiding Services on Obscure Ports

Honeyd, Honeypots and Honeynets, OS Spoofing

Honeynet Project, Honeypots and Honeynets

honeynets and honeypots, Round Trip Times, Honeypots and Honeynets

hop limit (IPv6), IPv6 Options

(see also TTL)

host command, DNS Tricks

“Host Details” scan results tab, The “Host Details” tab

host discovery, The Phases of an Nmap Scan, Host Discovery (“Ping Scanning”)-Host Discovery (“Ping Scanning”), Host Discovery-Host Discovery

default probe types, Disable Port Scan (-sn), Default Combination

disabling, Disable Ping (-Pn), Host Discovery

with idle scan, Executing an Idle Scan, Idle Scan Implementation Algorithms

effectiveness of ICMP echo for, Host Discovery Techniques, ICMP Ping Types (-PE, -PP, and -PM)

examples of, Practical Examples

probe selection, Most valuable probes

purpose of, Introduction

host groups

persistence of NSE through, Initialization Phase

“hostrule” script variable, Rules

Hoyte, Doug, Problem, Problem

HP-UX, installing on, Other proprietary UNIX (HP-UX, IRIX, etc.)

hping2, Discussion, TCP Idle Scan (-sI), Look for TTL Consistency

HTML from XML output, Creating HTML Reports, Output

http NSE library, List of All Libraries

httpspider NSE library, List of All Libraries

I

$I() version detection helper function, match Directive

i// (info) version detection field, match Directive

IANA (see Internet Assigned Numbers Authority)

iax2 NSE library, List of All Libraries

IBM AIX (see AIX, installing on)

icepick, Reverse probes

ICMP codes

mnemonics of, in Nping, ICMP Codes

ICMP destination unreachable, Introduction, IP Protocol Scan (-sO), TCP/IP Fingerprinting Methods Supported by Nmap, Unused port unreachable field nonzero (UN), Standard SYN Scan, A Practical Real-life Example of Firewall Subversion

ICMP echo, Host Discovery Techniques, TCP/IP Fingerprinting Methods Supported by Nmap, ICMP echo (IE), Host Discovery

ICMP ping, Host Discovery Techniques, ICMP Ping Types (-PE, -PP, and -PM), Host Discovery

(see also -PE, -PP, and -PM)

ICMP types

mnemonics of, in Nping, ICMP Types-ICMP Codes

identd (see auth service)

idle scan, Selecting Scan Techniques, TCP Idle Scan (-sI)-TCP Idle Scan (-sI), A Practical Real-life Example of Firewall Subversion, Port Scanning Techniques

(see also -sI)
advantages of, TCP Idle Scan (-sI)
disadvantages of, TCP Idle Scan (-sI)
example, Executing an Idle Scan
finding zombies, TCP Idle Scan (-sI)
implementation, Idle Scan Implementation Algorithms

IE (OS fingerprint category line), ICMP echo (IE), Retired Tests

II (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), IP ID sequence generation algorithm (TI, CI, II)

imap NSE library, List of All Libraries

informix NSE library, List of All Libraries

inroute: (Zenmap search criterion), Host Filtering, Searching Saved Results

insane (-T5) timing template, Related Options, Timing Templates (-T), Timing and Performance

installation, Obtaining, Compiling, Installing, and Removing Nmap-Obtaining, Compiling, Installing, and Removing Nmap

from source code, Linux/Unix Compilation and Installation from Source Code

Institute of Electrical and Electronics Engineers (IEEE)

OUI list, MAC Address Vendor Prefixes: nmap-mac-prefixes

interactive output, Interactive Output, Output

interface, Firewall/IDS Evasion and Spoofing

(see also -e)

internationalization (see localization)

Internet Assigned Number Authority (IANA)

assigned protocols list, IP Protocol Number List: nmap-protocols

Internet Assigned Numbers Authority (IANA), What Exactly is a Port?

assigned ports list, What Exactly is a Port?, Well Known Port List: nmap-services

Internet service providers (ISPs)

acceptable use policy, Is Unauthorized Port Scanning a Crime?
and port scanning, Legal Issues, Is Unauthorized Port Scanning a Crime?
filtering, TCP Idle Scan (-sI)

intrusion detection systems, Introduction, Subverting Intrusion Detection Systems-Subverting Intrusion Detection Systems, Detect Nmap Scans

detecting, Intrusion Detection System Detection-Intrusion Detection System Detection
evading, Timing Templates (-T), Avoiding Intrusion Detection Systems-Avoiding Intrusion Detection Systems, Port Scanning Techniques, Timing and Performance, Firewall/IDS Evasion and Spoofing-Firewall/IDS Evasion and Spoofing
exploiting, Exploiting Intrusion Detection Systems
misleading, Misleading Intrusion Detection Systems-Misleading Intrusion Detection Systems

intrusion prevention systems, Introduction, Firewall/IDS Evasion and Spoofing

(see also intrusion detection systems)

Intrusion prevention systems, Sudden firewall changes and suspicious packets

“intrusive” script category, Script Categories

IP ID, TCP Idle Scan (-sI), Returned probe IP ID value (RID), IP ID Tricks

consistency of, Look for IP ID and Sequence Number Consistency

IP ID sequence generation, Usage and Examples, IP ID sequence generation algorithm (TI, CI, II), IP ID Tricks, Look for IP ID and Sequence Number Consistency

classes, Finding a Working Idle Scan Zombie Host

IP options, Source Routing, Firewall/IDS Evasion and Spoofing

(see also --ip-options)
record route, Unexplained TTL jumps
source routing, Source Routing

IP Personality, OS Spoofing

IP protocol ping, IP Protocol Ping (-PO<protocol list>), Host Discovery

(see also -PO)

IP protocol scan, Selecting Scan Techniques, IP Protocol Scan (-sO)-IP Protocol Scan (-sO), Port Scanning Techniques

(see also -sO)

ipidseq script, Raw packet network I/O

IPL (OS detection response test), UDP (U1), IP total length (IPL)

ipOps NSE library, List of All Libraries

ipp NSE library, List of All Libraries

iptables, TCP ACK Ping (-PA<port list>), Distinguishing Open from Filtered UDP Ports, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), ACK Scan, Fragmentation, Block and Slow Nmap with Firewalls, OS Spoofing, Host Discovery, Firewall/IDS Evasion and Spoofing

forging RSTs, Sneaky firewalls that return RST

IPv6, Specifying Target Hosts and Networks, IPv6 Scanning (-6), IPv6 Attacks-IPv6 Attacks, Source Routing, Target Specification, Miscellaneous Options

and host discovery, Related Options
limitations of, TCP SYN Ping (-PS<port list>), TCP ACK Ping (-PA<port list>), Selecting Scan Techniques
OS detection, IPv6 fingerprinting

IPv6 address

link-local, Target Specification

IPv6 tunnel broker, IPv6 Scanning (-6), IPv6 Attacks, Miscellaneous Options

ir: (Zenmap search criterion, short for inroute:), Host Filtering, Searching Saved Results

IRIX, installing on, Other proprietary UNIX (HP-UX, IRIX, etc.)

iscsi NSE library, List of All Libraries

isns NSE library, List of All Libraries

ISO 3166, Zenmap in Your Language

ISO 639, Zenmap in Your Language

ISPs (see Internet service providers)

ISR (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP ISN counter rate (ISR)

(see also tar pits)

Lamo, Adrian, Proxies

LANG environment variable, Zenmap in Your Language

language code, Zenmap in Your Language

latency, Discussion, Timing probes, Scan From a Favorable Network Location

estimating with hping2, Discussion
estimating with ping, Discussion

ldap NSE library, List of All Libraries

LDFLAGS, Environment Variables

legal advice, Is Unauthorized Port Scanning a Crime?

legal issues, Legal Issues-Can Port Scanning Crash the Target Computer/Networks?

Lei, Zhao, The History of Nmap

LF line ending, Misc Options

lfs NSE library, List of All Libraries

libdnet, Information Passed to a Script, Third-Party Software and Funding Notices, Third-Party Software

libpcap, Raw packet network I/O, Third-Party Software and Funding Notices, Third-Party Software

libssl-dev package, Configure Directives

license (see copyright)

“license” script variable, license Field , Version Detection Using NSE, Example Script: finger

LINGUAS environment variable, Environment Variables

link-local IPv6 address (see IPv6 address, link-local)

Linux

compiling on, Linux/Unix Compilation and Installation from Source Code
installing on, with apt-get, Debian Linux and Derivatives such as Ubuntu
installing on, with RPM, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)
installing on, with Yum, Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum

list scan, Avatar Online, The Phases of an Nmap Scan, List Scan (-sL), Host Discovery

(see also -sL)
purpose of, List Scan (-sL)

listen mode (Ncat), Connect Mode and Listen Mode

listop NSE library, List of All Libraries

loading scan results, Saving and Loading Scan Results

locale, Zenmap in Your Language

localization, Zenmap in Your Language-Zenmap in Your Language

logging tools, Detect Nmap Scans

loopback interface, Windows, IP ID Tricks

Low-level timing controls, Low-Level Timing Controls

.lua filename extension, Files Related to Scripting

Lua programming language, Introduction, Lua Base Language, Nmap Scripting Engine (NSE), Third-Party Software and Funding Notices

(see also Nmap Scripting Engine)

LuaDoc, Writing Script Documentation (NSEDoc)

.luadoc filename extension, Writing Script Documentation (NSEDoc)

luaL_newlib, Adding C Modules to Nselib

Lutomirski, Andy, The History of Nmap, Windows

M

M (SCAN line test), Decoding the SCAN line of a subject fingerprint

MAC address, Solution, Information Passed to a Script, MAC Address Vendor Prefixes: nmap-mac-prefixes, Firewall/IDS Evasion and Spoofing

spoofing, MAC Address Spoofing

(see also --spoof-mac)

Mac OS X, Apple Mac OS X-Apple Mac OS X

compiling on, Compile from Source Code
executable installer, Executable Installer
installing from third-party packages, Third-party Packages
running Nmap on, Executing Nmap on Mac OS X

machine output (see grepable output)

MacPorts, Third-party Packages

MadHat, MadHat in Wonderland, Grepable Output (-oG)

Maimon scan, Selecting Scan Techniques, TCP Maimon Scan (-sM), Exotic Scan Flags, Port Scanning Techniques

(see also -sM)

Maimon, Uriel, TCP Maimon Scan (-sM), Port Scanning Techniques

“malware” script category, Script Categories

man page (see reference guide)

Mandrake (Linux distribution)

installing on, with RPM, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)
installing on, with Yum, Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum

Marques, Adriano Monteiro, The History of Nmap, History

match directive (nmap-service-probes), match Directive, Putting It All Together

match NSE library, List of All Libraries

MatchPoints (nmap-os-db), IPv4 matching

Matrix, the, Saving the Human Race, The History of Nmap

ME (decoy address), Decoys, Firewall/IDS Evasion and Spoofing

Medeiros, João Paulo S., An Overview of the “Topology” Tab

“Medium” TCP sequence generation class, Usage and Examples

membase NSE library, List of All Libraries

Metasploit, Introduction

Metasploit Framework, The History and Future of Nmap

Microsoft Windows (see Windows)

Mitnick, Kevin, Usage and Examples

Mizrahi, Avi, Is Unauthorized Port Scanning a Crime?

mobileme NSE library, List of All Libraries

Mogren, Jack, Introduction, Scanning 676,352 IP Addresses in 46 Hours

mongodb NSE library, List of All Libraries

Moulton, Scott, Is Unauthorized Port Scanning a Crime?

msrpc NSE library, List of All Libraries

msrpcperformance NSE library, List of All Libraries

msrpctypes NSE library, List of All Libraries

mssql NSE library, List of All Libraries

mutexes in NSE, Mutexes

MySQL, Output to a Database

mysql NSE library, List of All Libraries

N

natpmp NSE library, List of All Libraries

Ncat, Submit New Probes

man page, Ncat Reference Guide-Ncat Reference Guide
source routing (see source routing)

NCAT_LOCAL_ADDR> environment variable, Command Execution Options

NCAT_LOCAL_PORT> environment variable, Command Execution Options

NCAT_PROTO> environment variable, Command Execution Options

NCAT_PROXY_AUTH environment variable, Proxy Options

NCAT_REMOTE_ADDR> environment variable, Command Execution Options

NCAT_REMOTE_PORT> environment variable, Command Execution Options

ncp NSE library, List of All Libraries

Ndiff, Scan Proactively, Then Close or Block Ports and Fix Vulnerabilities, Comparing Results

man page, Ndiff Reference Guide-Ndiff Reference Guide

ndiff_command_path, Sections of zenmap.conf

ndmp NSE library, List of All Libraries

Neighbor Discovery

for host discovery, Host Discovery

Nessus, The History of Nmap, Execute Concurrent Nmap Instances

netbios NSE library, List of All Libraries

NetBSD, installing on, FreeBSD / OpenBSD / NetBSD, NetBSD Binary Package Instructions

Netcat, The History and Future of Nmap

Netcraft, Finding an Organization's IP Addresses

Netfilter (see iptables)

NetStumbler, Problem

network address translation, Introduction, Block and Slow Nmap with Firewalls

network distance, Usage and Examples, IP initial time-to-live (T), Decoding the SCAN line of a subject fingerprint

network inventory, Network inventory and support

network inventory (Zenmap), Scan Aggregation

Network Mapper (see Nmap)

newtargets script argument, Script Categories

Nmap

birthday of, Controlling Verbosity of Output
checking if installed, Testing Whether Nmap is Already Installed
description of, Description
future of, The Future of Nmap-The Future of Nmap
history of, The History of Nmap-The History of Nmap
uses of, Introduction

.nmap directory, Command-line Arguments, Using Customized Data Files, Nmap Scripting Engine (NSE), Miscellaneous Options

.nmap filename extension, Controlling Output Type

nmap NSE library, Lua Base Language, List of All Libraries, Nmap API-Nmap API, Script Parallelism in NSE

“Nmap Output” scan results tab, The “Nmap Output” tab

Nmap Project Signing Key, Verifying the Integrity of Nmap Downloads

Nmap Scripting Engine (NSE), The Phases of an Nmap Scan, A Quick Port Scanning Tutorial, Nmap Scripting Engine-Nmap Scripting Engine, Nmap Scripting Engine (NSE)-Nmap Scripting Engine (NSE)

API, Nmap API
C modules, Adding C Modules to Nselib
documentation in, Writing Script Documentation (NSEDoc)-Writing Script Documentation (NSEDoc)
for version detection, Nmap Scripting Engine Integration
implementation, Implementation Details
library, Script Language
list of modules, NSE Libraries
list of scripts, NSE Scripts
modules, Files Related to Scripting
parts of, Script Language
sample scripts, Version Detection Using NSE-Example Script: finger
tutorial, Script Writing Tutorial-Script Writing Tutorial

nmap-dev mailing list, The History of Nmap, If You Encounter Compilation Problems, Oracle/Sun Solaris, Other proprietary UNIX (HP-UX, IRIX, etc.), Fingerprinting Methods Avoided by Nmap, Creating a new translation, Enabling Debugging Output, Timing and Performance, Output, Bugs

nmap-diff, MadHat in Wonderland

nmap-hackers mailing list, Is Unauthorized Port Scanning a Crime?, The History of Nmap, IP Protocol Scan (-sO) (see announce mailing list)

nmap-mac-prefixes, MAC Address Spoofing, MAC Address Vendor Prefixes: nmap-mac-prefixes-MAC Address Vendor Prefixes: nmap-mac-prefixes

excerpt, MAC Address Vendor Prefixes: nmap-mac-prefixes

nmap-os-db, Response Tests, Understanding an Nmap Fingerprint, Information Passed to a Script, Nmap OS Detection DB: nmap-os-db-Nmap OS Detection DB: nmap-os-db, OS Detection

custom modifications, Modifying the nmap-os-db Database Yourself
excerpts, Decoding the Reference Fingerprint Format, Device and OS classification (Class lines), CPE name (CPE lines), IPv4 matching, Nmap OS Detection DB: nmap-os-db

nmap-protocols, IP Protocol Scan (-sO), IP Protocol Number List: nmap-protocols

excerpt, IP Protocol Number List: nmap-protocols

nmap-report, MadHat in Wonderland, Scan Proactively, Then Close or Block Ports and Fix Vulnerabilities

nmap-rpc, RPC Grinding, SunRPC Numbers: nmap-rpc

comments in, SunRPC Numbers: nmap-rpc
excerpt, SunRPC Numbers: nmap-rpc

nmap-service-probes, Distinguishing Open from Filtered UDP Ports, nmap-service-probes File Format-nmap-service-probes File Format, Version Scanning DB: nmap-service-probes-Version Scanning DB: nmap-service-probes, Host Discovery, Service and Version Detection

comments in, nmap-service-probes File Format
complete example, Putting It All Together
excerpt, Version Scanning DB: nmap-service-probes

nmap-services, What Exactly is a Port?, Selecting Ports to Scan, Introduction, Usage and Examples, Well Known Port List: nmap-services-Well Known Port List: nmap-services, Service and Version Detection

comments in, Well Known Port List: nmap-services
excerpt, Well Known Port List: nmap-services

nmap.h, TCP SYN Ping (-PS<port list>), UDP Ping (-PU<port list>), IP Protocol Ping (-PO<protocol list>), Scatter probes across networks rather than scanning hosts consecutively, Host Discovery, Firewall/IDS Evasion and Spoofing

nmap.xsl, Creating HTML Reports, Output

Nmap::Parser, Solution, Manipulating XML Output with Perl-Manipulating XML Output with Perl, Output

Nmap::Scanner, Solution, Manipulating XML Output with Perl-Manipulating XML Output with Perl, Output

NMAPDATADIR, Command-line Arguments, Using Customized Data Files, Nmap Scripting Engine (NSE)

NMAPDIR environment variable, Command-line Arguments, Using Customized Data Files, Nmap Scripting Engine (NSE), Miscellaneous Options

NmapFE, The History of Nmap, Command-line and Graphical Interfaces

nmap_command_path, Comparing Results, The nmap Executable, Sections of zenmap.conf

NMAP_PRIVILEGED environment variable, Miscellaneous Options

NMAP_UNPRIVILEGED environment variable, Miscellaneous Options

“No exact OS matches for host”, Usage and Examples

non-controversial scanning, Is Unauthorized Port Scanning a Crime?, Can Port Scanning Crash the Target Computer/Networks?, List Scan (-sL)

non-standard ports, Hiding Services on Obscure Ports, Service and Version Detection

normal (-T3) timing template, Related Options, Timing Templates (-T), Timing and Performance

normal output, Introduction, Normal Output (-oN)-Normal Output (-oN), Output

and Zenmap comparison, Comparing Results
differences from interactive output, Controlling Verbosity of Output, Normal Output (-oN)
resuming from, Resuming Aborted Scans

“Not shown:”, A Quick Port Scanning Tutorial

novelty detection, IPv6 matching

Npcap, Third-Party Software and Funding Notices, Third-Party Software

Nping, Distinguishing Open from Filtered UDP Ports, IP ID Tricks, Detecting Packet Forgery by Firewall and Intrusion Detection Systems, Round Trip Times, Close Analysis of Packet Headers and Contents, Timing and Performance

description of, Description
man page, Nping Reference Guide-Nping Reference Guide

NPING_PRIVILEGED environment variable, Miscellaneous Options

NPING_UNPRIVILEGED environment variable, Miscellaneous Options

nrpc NSE library, List of All Libraries

NSE (see Nmap Scripting Engine)

.nse filename extension, Files Related to Scripting

nsedebug NSE library, List of All Libraries

NSEDoc, Writing Script Documentation (NSEDoc)-Writing Script Documentation (NSEDoc)

for C modules, Writing Script Documentation (NSEDoc)

Nsock, Raw packet network I/O, Output Options

debug output of, Output Options
in NSE, Nmap API

Nsock IO engine, Timing and Performance

NULL probe (version detection), Technique Described, Probe Directive

cheat, Cheats and Fallbacks
implicit fallback to, fallback Directive

NULL scan, Selecting Scan Techniques, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX)-TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Exotic Scan Flags, Port Scanning Techniques

(see also -sN)

O

O (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP explicit congestion notification (ECN), TCP options (O, O1–O6)

o// (OS) version detection field, match Directive

O1–O6 (OS detection response tests), Sequence generation (SEQ, OPS, WIN, and T1), TCP options (O, O1–O6)

o: (Zenmap search criterion, short for option:), Searching Saved Results

ofp: (Zenmap search criterion, short for open|filtered:), Host Filtering, Searching Saved Results

old releases, The History of Nmap

omp2 NSE library, List of All Libraries

op: (Zenmap search criterion, short for open:), Host Filtering, Searching Saved Results

open port state, Avatar Online, What is Port Scanning?, TCP SYN (Stealth) Scan (-sS), TCP Connect Scan (-sT), Technique Described, Rules, Host Filtering, Searching Saved Results, Description, Port Scanning Basics

open proxies, Proxies

open source, IP Protocol Scan (-sO), Scanning 676,352 IP Addresses in 46 Hours, Community Contributions, Source Code Availability and Community Contributions

Open Source Security Testing Methodology Manual (OSSTMM), Is Unauthorized Port Scanning a Crime?

open: (Zenmap search criterion), Host Filtering, Searching Saved Results

OpenBSD, installing on, FreeBSD / OpenBSD / NetBSD, OpenBSD Binary Packages and Source Ports Instructions

OpenSSL, SSL Post-processor Notes, Third-Party Software and Funding Notices, Third-Party Software

disabling, Configure Directives
packages required for, Configure Directives

openssl NSE library, List of All Libraries, Adding C Modules to Nselib

openssl-devel, Configure Directives

open|filtered port state, What is Port Scanning?, UDP Scan (-sU), TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Technique Described, Rules, Host Filtering, Searching Saved Results, Description, Port Scanning Basics

open|filtered: (Zenmap search criterion), Host Filtering, Searching Saved Results

operating system detection (see OS detection)

OPS (OS fingerprint category line), Sequence generation (SEQ, OPS, WIN, and T1)

option: (Zenmap search criterion), Searching Saved Results

Oracle Solaris (see Solaris)

organizationally unique identifier (OUI), MAC Address Spoofing, MAC Address Vendor Prefixes: nmap-mac-prefixes, Firewall/IDS Evasion and Spoofing

(see also nmap-mac-prefixes)

“OS CPE:”, Usage and Examples

“OS details:”, Usage and Examples

OS detection, The Phases of an Nmap Scan, Remote OS Detection-Remote OS Detection, OS Detection-OS Detection

1st generation, OS Spoofing
2nd generation, Introduction
category lines, Probes Sent-Probes Sent
classifications, Device and OS classification (Class lines)
effects of packet filters, Dealing with Misidentified and Unidentified Hosts
IPv6 probes sent, Probes Sent
matching algorithms, IPv4 matching
probes sent, Probes Sent-Probes Sent
reasons for, Reasons for OS Detection
response tests, Response Tests-Response Tests
using version detection, match Directive, Usage and Examples

OS fingerprint

displaying with -d, Usage and Examples

explained, Understanding an Nmap Fingerprint

reference fingerprint, Decoding the Reference Fingerprint Format, Nmap OS Detection DB: nmap-os-db

test expressions in, Test expressions

subject fingerprint, Usage and Examples, Decoding the Subject Fingerprint Format

submission of, When Nmap Fails to Find a Match and Prints a Fingerprint

OS spoofing, OS Spoofing

os: (Zenmap search criterion), Host Filtering, Searching Saved Results

ospf NSE library, List of All Libraries

OSSTMM (see Open Source Security Testing Methodology Manual)

OT (SCAN line test), Decoding the SCAN line of a subject fingerprint

OUI (see organizationally unique identifier) (see organizationally unique identifier)

output

to stdout with -, Controlling Output Type, Normal Output (-oN), $crIpT kIddI3 0uTPut (-oS), XML Output (-oX), Grepable Output (-oG), Output

output formats, Nmap Output Formats-Nmap Output Formats, Output-Output

grepable (see grepable output)
interactive (see interactive output)
normal (see normal output)
scR1pT kIddI3 (see scR1pT kIddI3 output)
summary of, Controlling Output Type
the importance of clear output, Introduction
XML (see XML output)

P

P (SCAN line test), Decoding the SCAN line of a subject fingerprint

$P() version detection helper function, match Directive

p// (product name) version detection field, match Directive

p0f, Passive Fingerprinting

packet loss, Introduction, Scan From a Favorable Network Location

packet NSE library, List of All Libraries

packet tracing (see --packet-trace)

Papapetrou, Demetris, A Practical Real-life Example of Firewall Subversion

parallelism, Host and Port Parallelization, Execute Concurrent Nmap Instances

in idle scan, Idle Scan Implementation Algorithms

paranoid (-T0) timing template, Can Port Scanning Crash the Target Computer/Networks?, Related Options, Timing Templates (-T), Slow down, Timing and Performance

passive OS fingerprinting, Passive Fingerprinting

PATH environment variable, Testing Whether Nmap is Already Installed, IBM AIX, The nmap Executable, Using Customized Data Files

additional directories searched by Zenmap, The nmap Executable
Path on Windows, Executing Nmap on Windows

payloads, protocol-specific (see protocol-specific payloads)

PCRE (see Perl Compatible Regular Expressions)

pcre NSE library, List of All Libraries

PEM (Privacy Enhanced Mail), SSL Options

penetration testing, Finding an Organization's IP Addresses, Introduction, Output to a Database

Avatar Online example, Avatar Online-Avatar Online
Megacorp example, A Practical Real-life Example of Firewall Subversion-A Practical Real-life Example of Firewall Subversion
permission for, Is Unauthorized Port Scanning a Crime?, Finding an Organization's IP Addresses, Take an Alternative Path

performance, Optimizing Nmap Performance, Timing and Performance-Timing and Performance

improvement example, Scanning 676,352 IP Addresses in 46 Hours

Perl Compatible Regular Expressions (PCRE), match Directive, Third-Party Software and Funding Notices

Permeh, Ryan, The History of Nmap, Windows

Persaud, Anthony, Manipulating XML Output with Perl

PGP signatures, Verifying the Integrity of Nmap Downloads

pgsql NSE library, List of All Libraries

Phrack, The History of Nmap, TCP Maimon Scan (-sM), Port Scanning Techniques

ping scan, Disable Port Scan (-sn), Host Discovery

(see also -sn and host discovery)

PING_GROUP_SZ, Scatter probes across networks rather than scanning hosts consecutively, Firewall/IDS Evasion and Spoofing

Playboy, Discussion

polite (-T2) timing template, Can Port Scanning Crash the Target Computer/Networks?, Related Options, Timing Templates (-T), Timing and Performance

pop3 NSE library, List of All Libraries

popular ports (see port frequency)

PORT column, Well Known Port List: nmap-services

port frequency, TCP probe and port selection, What Are the Most Popular Ports?, Port Selection Data and Strategies, Well Known Port List: nmap-services

port knocking, Port Knocking, Probe Modes

limitations of, Port Knocking

port scan

disabling with -sn, Disable Port Scan (-sn), Host Discovery

port scanning, The Phases of an Nmap Scan

algorithms, Port Scanning Techniques and Algorithms, Scan Code and Algorithms
definition, What is Port Scanning?
purpose of, Why Scan Ports?

port specification, Selecting Ports to Scan, Port Specification and Scan Order

wildcards in, Selecting Ports to Scan, Port Specification and Scan Order

port states, Introduction to Port Scanning, What is Port Scanning?

closed (see closed port state)
closed|filtered (see closed|filtered port state)
deducing from multiple scans, TCP ACK Scan (-sA)
filtered (see filtered port state)
ignored (not shown), A Quick Port Scanning Tutorial, Standard SYN Scan, Sorting by Service, Ignored State field
open (see open port state)
open|filtered (see open|filtered port state)
unfiltered (see unfiltered port state)

port zero, What Exactly is a Port?, Port Specification and Scan Order

portmapper, RPC Grinding

“portrule” script variable, Rules, The Rule, Example Script: finger

ports

definition, What Exactly is a Port?
dynamic, What Exactly is a Port?
ephemeral, What Exactly is a Port?
“interesting”, Description
private, What Exactly is a Port?
registered, What Exactly is a Port?
reserved, What Exactly is a Port?
well-known, What Exactly is a Port?

“Ports / Hosts” scan results tab, The “Ports / Hosts” tab

ports directive (nmap-service-probes), ports and sslports Directives, Putting It All Together

PortSentry, Detect Nmap Scans

“postrule” script variable, Rules

postscan scripts, The Future of Nmap

pppoe NSE library, List of All Libraries

pr: (Zenmap search criterion, short for profile:), Searching Saved Results

“prerule” script variable, Rules

prescan scripts, The Future of Nmap

printers, version detection exclusion of, Exclude Directive

private addresses, Choose Targets at Random (-iR <numtargets>), Decoding the SCAN line of a subject fingerprint, IP ID Tricks, IPv6 Attacks, Block and Slow Nmap with Firewalls

private ports, What Exactly is a Port?

privileged users, Executing Nmap on Windows, Executing Nmap on Mac OS X, What Exactly is a Port?, Selecting Scan Techniques, Introduction, TCP SYN (Stealth) Scan (-sS), Host Discovery, Port Scanning Techniques, Miscellaneous Options

proactive scanning, Scan Proactively, Then Close or Block Ports and Fix Vulnerabilities, The Profile Editor

probable ports in version detection, Technique Described

Probe directive (nmap-service-probes), Probe Directive, Putting It All Together

probe modes, Probe Modes-Probe Modes

probe string (version detection), Technique Described, Probe Directive

profile editor (Zenmap), The Profile Editor

profile: (Zenmap search criterion), Searching Saved Results

profiles (see Zenmap: scan profiles)

protocol ping (see IP protocol ping)

protocol scan (see IP protocol scan)

protocol-specific payloads, Probe Directive, Version Scanning DB: nmap-service-probes

disabling with --data-length, Firewall/IDS Evasion and Spoofing
IP, IP Protocol Ping (-PO<protocol list>), Host Discovery, Firewall/IDS Evasion and Spoofing
UDP, UDP Ping (-PU<port list>), UDP Scan (-sU), Host Discovery, Firewall/IDS Evasion and Spoofing

Provos, Niels, OS Spoofing

proxies, Proxies, Firewall/IDS Evasion and Spoofing

effect on OS detection, Usage and Examples
HTTP, Avatar Online
open, Proxies

proxy, Firewall/IDS Evasion and Spoofing

proxy NSE library, List of All Libraries

PSH (TCP flag), TCP Mode

PSH scan, PSH Scan

PTR record (see reverse DNS)

Q

Q (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP explicit congestion notification (ECN), TCP miscellaneous quirks (Q)

quoted string

in XML output, XML Output (-oX)

R

R (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), Responsiveness (R)

RadialNet, An Overview of the “Topology” Tab

random targets, Choose Targets at Random (-iR <numtargets>), Target Specification

(see also -iR)

randomization of hosts, Related Options, Firewall/IDS Evasion and Spoofing

(see also --randomize-hosts)

randomization of ports, Port Specification and Scan Order

rarity directive (nmap-service-probes), rarity Directive, Putting It All Together

rarity of version detection probes, Technique Described, Probe Selection and Rarity

rate limiting, Speeding Up UDP Scans, IP Protocol Scan (-sO), Scan Delay, Tar Pits, Port Scanning Techniques, Timing and Performance

detection of, Scan Delay

raw packets, Selecting Scan Techniques, Introduction, Host Discovery, Port Scanning Techniques

in NSE, Raw packet network I/O

raw sockets, Miscellaneous Options

RD (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), TCP RST data checksum (RD)

rdp NSE library, List of All Libraries

reason reporting (see --reason)

recent scans database, The Recent Scans Database

recent_scans.txt, Per-user Configuration Files

record route IP option, Unexplained TTL jumps, Firewall/IDS Evasion and Spoofing

record timestamp IP option, Firewall/IDS Evasion and Spoofing

Red Hat, Configure Directives

Red Hat (Linux distribution)

installing on, with RPM, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)
installing on, with Yum, Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum

redis NSE library, List of All Libraries

reference guide (man page), Nmap Reference Guide-Nmap Reference Guide

registered ports, What Exactly is a Port?

registry (NSE), The Registry

regular expressions, Technique Described, match Directive

(see also Perl Compatible Regular Expressions)
for syntax highlighting in Zenmap, Sections of zenmap.conf

removal, Removing Nmap

reserved ports, What Exactly is a Port?

resuming scans, Resuming Aborted Scans, Output

retired OS detection tests, Retired Tests

retransmission, Adaptive Retransmission, Timing and Performance

number of retransmissions, Adaptive Retransmission

reverse DNS, Avatar Online, The Phases of an Nmap Scan, Finding an Organization's IP Addresses, DNS Resolution, List Scan (-sL), A Quick Port Scanning Tutorial, Solution, Introduction, WAP Characteristics, DNS proxying, Searching Saved Results

disabling with -n, Target Specification
from an IDS, Reverse probes
omitting to save time, Omit Non-critical Tests

reverse probes, Reverse probes

revoked certificates (see certificate revocation)

RFC 1122, Host Discovery

RFC 1393, ICMP Types

RFC 1577, ARP Types

RFC 1812, Redirect

RFC 1931, ARP Types

RFC 2390, ARP Types

RFC 2474, IPv4 Options, IPv6 Options

RFC 2560, IPv6 Options

RFC 3168, Enabling Packet Tracing, TCP Mode

RFC 3339,

RFC 792, ICMP Ping Types (-PE, -PP, and -PM), Host Discovery

RFC 903, ARP Types

RFC 950, ICMP Ping Types (-PE, -PP, and -PM), Host Discovery

RID (OS detection response test), UDP (U1), Returned probe IP ID value (RID)

omission of, Returned probe IP ID value (RID), Decoding the Subject Fingerprint Format

Rieger, Gerhard, The History of Nmap, IP Protocol Scan (-sO), Port Scanning Techniques

RIPCK (OS detection response test), UDP (U1), Integrity of returned probe IP checksum value (RIPCK)

RIPE (Réseaux IP Européens), Whois Queries Against IP Registries

RIPL (OS detection response test), UDP (U1), Returned probe IP total length value (RIPL)

rmi NSE library, List of All Libraries

RND (decoy address), Decoys, Firewall/IDS Evasion and Spoofing

root (see privileged users)

rootkits, Why Scan Ports?, ACK Scan, Port Knocking

round trip time (RTT), Round Trip Times

estimating, Round Trip Time Estimation

RPC, Technique Described, IPv6 Attacks

bypassing filtered portmapper port (see RPC grinder)

RPC grinder, Introduction, Usage and Examples, RPC Grinding-RPC Grinding, Why Would Ethical Professionals (White-hats) Ever Do This?, SunRPC Numbers: nmap-rpc, Service and Version Detection

rpc NSE library, List of All Libraries

rpcap NSE library, List of All Libraries

rpcbind, Usage and Examples, RPC Grinding

rpcinfo, RPC Grinding, IPv6 Attacks

RPM, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora), Removing Nmap

installing from, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)

RST (TCP flag), TCP Mode

rsync NSE library, List of All Libraries

rtsp NSE library, List of All Libraries

RTT (see round trip time)

RUCK (OS detection response test), UDP (U1), Integrity of returned probe UDP checksum (RUCK)

RUD (OS detection response test), UDP (U1), Integrity of returned UDP data (RUD)

RUL (retired OS detection response test), Retired Tests

rules in NSE (see “prerule”, “portrule”, “hostrule” and “postrule”)

runlevel, dependencies Field

“Running:”, Usage and Examples

runtime interaction, A Quick Port Scanning Tutorial, Estimate and Plan for Scan Time, Runtime Interaction

disabling, Output

S

S (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), TCP sequence number (S)

safe script category, The Head

“safe” script category, Script Categories

same-origin restriction, Saving a Permanent HTML Report

sasl NSE library, List of All Libraries

saving scan results, Saving and Loading Scan Results

Saxon, Saving a Permanent HTML Report

SCAN (subject OS fingerprint line), Decoding the Subject Fingerprint Format, Decoding the SCAN line of a subject fingerprint

scan delay, Scan Delay

scan profiles (see Zenmap: scan profiles)

Scanlogd, Decoys, Detect Nmap Scans, Firewall/IDS Evasion and Spoofing

scanme.nmap.org, Is Unauthorized Port Scanning a Crime?, Specifying Target Hosts and Networks, Target Specification, Examples, Target Specification

Scanrand, Introduction, Introduction

“Scans” scan results tab, The “Scans” tab

scan_profile.usp, Per-user Configuration Files

Schubert, Max, Manipulating XML Output with Perl

SCO Corporation, The History of Nmap

script arguments, Arguments to Scripts, Nmap Scripting Engine (NSE)

(see also --script-args)

script arguments from file, Nmap Scripting Engine (NSE)

(see also --script-args-file)

script categories, Script Categories

script database (see script.db)

script dependencies, dependencies Field

scR1pT kIddI3 output, $crIpT kIddI3 0uTPut (-oS), Output

script kiddies, Saving the Human Race, Why Would Ethical Professionals (White-hats) Ever Do This?, Naming conventions, Ignoring Intrusion Detection Systems, Detect Nmap Scans, Clever Trickery, Controlling Output Type, Port Scanning Techniques

script names, examples of, Introduction

script post-scanning phase, Rules

script pre-scanning, Rules

script selection, Script Selection

script.db, Command-line Arguments, Initialization Phase, Script selection, Files Related to Scripting, Nmap Scripting Engine (NSE)

scripting (see Nmap Scripting Engine)

scripts, location of, Command-line Arguments, Files Related to Scripting, Nmap Scripting Engine (NSE)

SCTP checksum, Firewall/IDS Evasion and Spoofing

SCTP COOKIE ECHO scan, Port Scanning Techniques

SCTP INIT ping, Host Discovery

SCTP INIT scan, Port Scanning Techniques

security by obscurity, Clever Trickery

SEQ (OS fingerprint category line), Sequence generation (SEQ, OPS, WIN, and T1)

server mode (Ncat) (see listen mode)

SERVICE column, Well Known Port List: nmap-services

service detection (see version detection)

service fingerprint, Introduction, Technique Described

example of, Submit Service Fingerprints
submission of, Introduction, Community Contributions

“Service Info:”, Introduction, Usage and Examples

service: (Zenmap search criterion), Host Filtering, Searching Saved Results

setuid, why Nmap shouldn't be, Inappropriate Usage

Shimomura, Tsutomu, Usage and Examples

shortport NSE library, List of All Libraries

SI (retired OS detection response test), Retired Tests

SinFP, Passive Fingerprinting

sip NSE library, List of All Libraries

Skype, Version Detection Using NSE

skypev2-version script, Version Detection Using NSE

smb NSE library, List of All Libraries

smb-brute script, dependencies Field

smb-os-discovery script, dependencies Field

smbauth NSE library, List of All Libraries

Smith, Zach, The History of Nmap

smtp NSE library, List of All Libraries

sneaky (-T1) timing template, Can Port Scanning Crash the Target Computer/Networks?, Related Options, Timing Templates (-T), Slow down, Timing and Performance

sniffer-detect script, Raw packet network I/O

snmp NSE library, List of All Libraries

Snort, The History and Future of Nmap, A practical example: bypassing default Snort 2.2.0 rules, Detect Nmap Scans

rules referencing Nmap, Evade specific rules

social engineering, Social engineering

sockets in NSE, Connect-style network I/O

socks NSE library, List of All Libraries

soft match (version detection), Technique Described

softmatch directive (nmap-service-probes), softmatch Directive, Putting It All Together

Solar Designer, Decoys, Firewall/IDS Evasion and Spoofing

Solaris, installing on, Oracle/Sun Solaris

Song, Dug, Third-Party Software and Funding Notices, Third-Party Software

source address filtering, TCP Idle Scan (-sI)

source code, Linux/Unix Compilation and Installation from Source Code

advantages of, Linux/Unix Compilation and Installation from Source Code

source port number, Source Port Manipulation, Firewall/IDS Evasion and Spoofing

source routing, Source Routing, A Practical Real-life Example of Firewall Subversion, Firewall/IDS Evasion and Spoofing

in Ncat, Source Routing, A Practical Real-life Example of Firewall Subversion

SP (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP ISN sequence predictability index (SP)

spoofed packets, Idle Scan Step by Step, Idle Scan Implementation Algorithms, Dealing with Misidentified and Unidentified Hosts, IP ID Tricks, Port scan spoofing, DoS Attacks Against Reactive Systems, Reactive Port Scan Detection

detecting, Detecting Packet Forgery by Firewall and Intrusion Detection Systems
from localhost, IP ID Tricks
spoofed RST from firewall, Sneaky firewalls that return RST, ACK Scan, Sudden firewall changes and suspicious packets, Look for TTL Consistency

spoofing MAC address, MAC Address Spoofing, Firewall/IDS Evasion and Spoofing

spoofing source address, Port scan spoofing, Firewall/IDS Evasion and Spoofing

srvloc NSE library, List of All Libraries

SS (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), Shared IP ID sequence Boolean (SS)

ssh1 NSE library, List of All Libraries

ssh2 NSE library, List of All Libraries

sshv1 script, Avatar Online

SSL, ports and sslports Directives

(see also sslports directive)
in version detection, Usage and Examples, Technique Described, SSL Post-processor Notes, Service and Version Detection
tunneling, Technique Described

sslcert NSE library, List of All Libraries

sslports directive (nmap-service-probes), ports and sslports Directives

standard error, Controlling Output Type, Output

standard input, Input From List (-iL), Practical Examples, Misc Options

standard output, Avatar Online, Output Format and Verbosity Options, Controlling Output Type, Controlling Verbosity of Output, Interactive Output, XML Output (-oX), Output

stateless scanners, Network Condition Monitoring, Adaptive Retransmission

stderr (see standard error)

stdin (see standard input)

stdnse NSE library, List of All Libraries

stdout (see standard output)

stealth scan (see SYN scan and idle scan)

strbuf NSE library, List of All Libraries

strftime conversions in filenames, Output Files, Controlling Output Type, Output

strict NSE library, List of All Libraries, Hacking NSE Libraries

stun NSE library, List of All Libraries

stylesheet, Output

submission of OS corrections, When Nmap Guesses Wrong

submission of OS fingerprints, When Nmap Fails to Find a Match and Prints a Fingerprint

submission of service corrections, Submit Database Corrections

submission of service fingerprints, Introduction, Community Contributions, Service and Version Detection

$SUBST() version detection helper function, match Directive

Subversion, Obtaining Nmap from the Subversion (SVN) Repository

sudo, Executing Nmap on Mac OS X

suid (see setuid)

Summer of Code (see Google Summer of Code)

Sun Solaris (see Solaris)

SunRPC (see RPC)

SUSE (Linux distribution)

installing on, with RPM, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)

sv: (Zenmap search criterion, short for service:), Host Filtering, Searching Saved Results

SVN (see Subversion)

SYN (TCP flag), TCP Mode

SYN ping, TCP SYN Ping (-PS<port list>), Host Discovery

(see also -PS)

SYN scan, Selecting Scan Techniques, TCP SYN (Stealth) Scan (-sS)-TCP SYN (Stealth) Scan (-sS), Standard SYN Scan, Port Scanning Techniques

(see also -sS)
advantages of, TCP SYN (Stealth) Scan (-sS)

syntax highlighting, The “Nmap Output” tab

T

T (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), IP initial time-to-live (T)

T1 (OS fingerprint category line), Sequence generation (SEQ, OPS, WIN, and T1)

T2–T7 (OS fingerprint category lines), TCP (T2–T7)

t: (Zenmap search criterion, short for target:), Host Filtering, Searching Saved Results

tab NSE library, List of All Libraries

tar pits, Adaptive Retransmission, Tar Pits

Target Corporation, Finding an Organization's IP Addresses

target NSE library, List of All Libraries

target specification, Specifying Target Hosts and Networks, Practical Examples, Target Specification

at random, Choose Targets at Random (-iR <numtargets>), Target Specification

from list, Input From List (-iL), Target Specification

(see also -iL)

in Nping, Target Specification

in Zenmap, Scanning

target.com, Finding an Organization's IP Addresses, DNS Tricks

target: (Zenmap search criterion), Host Filtering, Searching Saved Results

target_list.txt, Per-user Configuration Files

TCP checksum, The Bogus TCP Checksum Trick, Firewall/IDS Evasion and Spoofing

TCP connect, Probe Modes

(see also connect scan)
in Nping, Probe Modes

TCP flags, TCP flags (F), Exotic Scan Flags, Close Analysis of Packet Headers and Contents, Port Scanning Techniques

(see also --scanflags)

TCP Flags, Enabling Packet Tracing

TCP options, TCP options (O, O1–O6)

and OS detection, Sequence generation (SEQ, OPS, WIN, and T1), TCP timestamp option algorithm (TS)

TCP sequence generation, Usage and Examples, TCP sequence number (S), Seq Index field

TCP sequence prediction, Usage and Examples, TCP ISN sequence predictability index (SP)

TCP timestamp, TCP timestamp option algorithm (TS)

TCP window size, TCP Window Scan (-sW), TCP initial window size (W, W1–W6), Test expressions

TCP/IP fingerprinting (see OS detection)

tcpdump, The History and Future of Nmap, Submit New Probes, Miscellaneous Options

tcpwrappedms directive (nmap-service-probes), tcpwrappedms Directive

tftp NSE library, List of All Libraries

TG (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP (T2–T7), IP initial time-to-live guess (TG)

threads in NSE, Mutexes

three-way handshake, TCP SYN Ping (-PS<port list>), TCP SYN (Stealth) Scan (-sS), Host Discovery

TI (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), IP ID sequence generation algorithm (TI, CI, II)

time to live (TTL), Usage and Examples, IP initial time-to-live (T), Firewall/IDS Evasion and Spoofing

consistency of, Look for TTL Consistency
unexplained jumps, Unexplained TTL jumps

timing, Optimize Timing Parameters, Timing and Performance-Timing and Performance

low-level controls, Low-Level Timing Controls
slow, Is Unauthorized Port Scanning a Crime?, Can Port Scanning Crash the Target Computer/Networks?, Slow down

timing probes, Timing probes

timing templates, Optimize Timing Parameters, Timing Templates (-T)-Timing Templates (-T), Slow down, Timing and Performance

(see also paranoid, sneaky, polite, normal, aggressive, and insane)
effects of, Timing Templates (-T)

TM (SCAN line test), Decoding the SCAN line of a subject fingerprint

tns NSE library, List of All Libraries

“Topology” scan results tab, The “Topology” tab, Surfing the Network Topology

TOS (see type of service)

TOS (retired OS detection response test), Retired Tests

TOSI (retired OS detection response test), Retired Tests

totalwaitms directive (nmap-service-probes), totalwaitms Directive, Putting It All Together

traceroute, The Phases of an Nmap Scan, A Quick Port Scanning Tutorial, Decoding the SCAN line of a subject fingerprint, Unexplained TTL jumps, Host Discovery

(see also --traceroute)

translation (see localization)

translations

of manual pages, Environment Variables

Trinity, Saving the Human Race

“Trivial joke” TCP sequence generation class, Usage and Examples

trust relationships, TCP Idle Scan (-sI), IP ID Tricks, Port Scanning Techniques

TS (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP timestamp option algorithm (TS)

TTL (see time to live)

type of service (TOS), ICMP echo (IE), Retired Tests

U

U1 (OS fingerprint category line), UDP (U1), Retired Tests, Decoding the SCAN line of a subject fingerprint

Ubuntu, installing on, Debian Linux and Derivatives such as Ubuntu

UDP ping, UDP Ping (-PU<port list>), Host Discovery

(see also -PU)

UDP scan, Selecting Scan Techniques, UDP Scan (-sU)-UDP Scan (-sU), Port Scanning Techniques

(see also -sU)
compared with TCP scan, UDP Scan (-sU)
default port of, Host Discovery
performance of, Speeding Up UDP Scans
speeding up, Speeding Up UDP Scans, Separate and Optimize UDP Scans

ufp: (Zenmap search criterion, short for unfiltered:), Host Filtering, Searching Saved Results

ultra_scan, The History of Nmap, Host Discovery Code Algorithms, Scan Code and Algorithms

Umit, History

UN (OS detection response test), UDP (U1), Unused port unreachable field nonzero (UN)

unfiltered port state, What is Port Scanning?, TCP ACK Scan (-sA), Rules, ACK Scan, Host Filtering, Searching Saved Results, Description, Port Scanning Basics

unfiltered: (Zenmap search criterion), Host Filtering, Searching Saved Results

uninstallation, Removing Nmap

Unix time, XML Output (-oX)

Unix, installing on, Linux/Unix Compilation and Installation from Source Code

unprivileged users, Miscellaneous Options

limitations of, TCP SYN Ping (-PS<port list>), TCP ACK Ping (-PA<port list>), TCP Connect Scan (-sT), Host Discovery

unpwdb NSE library, List of All Libraries

upnp NSE library, List of All Libraries

uptime guess, Usage and Examples, OS Detection

URG (TCP flag), TCP Mode

url NSE library, List of All Libraries

V

V (SCAN line test), Decoding the SCAN line of a subject fingerprint

v// (version) version detection field, match Directive

vendor (OS detection), Device and OS classification (Class lines)

verbosity, Controlling Verbosity of Output, Output

(see also -v)

verbosity levels of Nping, Output Options

verifying the integrity of downloads, Verifying the Integrity of Nmap Downloads

versant NSE library, List of All Libraries

version detection, The Phases of an Nmap Scan, Service and Application Version Detection-Service and Application Version Detection, Script Categories, Service and Version Detection-Service and Version Detection

(see also “version” script category)
confidence of, XML Output (-oX)
creating new probes, Submit New Probes
default intensity, Probe Selection and Rarity, Service and Version Detection
examples, Usage and Examples-Usage and Examples
features of, Introduction
helper functions, match Directive
information provided by, Usage and Examples, match Directive, Discussion
intensity, Probe Selection and Rarity, Service and Version Detection
performance, Technique Described, Probe Selection and Rarity
post-processors, Post-processors
technique, Technique Described
to improve UDP scan, Distinguishing Open from Filtered UDP Ports, Introduction, Technique Described, UDP Version Scanning
using NSE, Introduction, Version Detection Using NSE

version number of Nmap (see --version)

version script category, Version Detection Using NSE

“version” script category, Script Categories, Command-line Arguments

virtual hosts, Cheats and Fallbacks

vnc NSE library, List of All Libraries

Vogt, Jens, Windows

“vuln” script category, Script Categories

vulnerability detection, Introduction

vulns NSE library, List of All Libraries

vuzedht NSE library, List of All Libraries

W

W (OS detection response test), Sequence generation (SEQ, OPS, WIN, and T1), TCP explicit congestion notification (ECN), TCP initial window size (W, W1–W6)

W1–W6 (OS detection response tests), Sequence generation (SEQ, OPS, WIN, and T1), TCP initial window size (W, W1–W6)

WAP (see wireless access points)

warranty (lack of), No Warranty, No Warranty

web scanning, The Future of Nmap

welcome banner, Technique Described

well-known ports, What Exactly is a Port?, Well Known Port List: nmap-services, Service and Version Detection

white hat, Is Unauthorized Port Scanning a Crime?, Why Would Ethical Professionals (White-hats) Ever Do This?

whois, Finding an Organization's IP Addresses, Discussion, Script Categories, Mutexes

whois script, Mutexes

whois-ip script, Usage and Examples

wildcards (see port selection, wildcards in)

in script selection, Script Selection, Nmap Scripting Engine (NSE)

WIN (OS fingerprint category line), Sequence generation (SEQ, OPS, WIN, and T1)

windentd, Reverse probes

window scan, Selecting Scan Techniques, TCP Window Scan (-sW)-TCP Window Scan (-sW), Exotic Scan Flags, Port Scanning Techniques

(see also -sW)

Windows, Windows-Windows

compiling on, Compile from Source Code
limitations of, Windows
performance of, Windows
running Nmap on, Executing Nmap on Windows
self-installer, Windows Self-installer
zip binaries, Command-line Zip Binaries

Windows Vista, Miscellaneous Options

wireless access points (WAPs), Detecting unauthorized and dangerous devices, SOLUTION: Detect Rogue Wireless Access Points on an Enterprise Network

dangers of, Problem

Wireshark, The History and Future of Nmap, Submit New Probes, Fragmentation, Detecting Packet Forgery by Firewall and Intrusion Detection Systems, Close Analysis of Packet Headers and Contents, Firewall/IDS Evasion and Spoofing

“Worthy challenge” TCP sequence generation class, Usage and Examples

wsdd NSE library, List of All Libraries

X

x86 architecture, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)

x86_64 architecture, RPM-based Distributions (Red Hat, Mandrake, SUSE, Fedora)

Xalan, Saving a Permanent HTML Report

Xcode, Compile Nmap from source code

xdmcp NSE library, List of All Libraries

Xmas scan, Selecting Scan Techniques, TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX)-TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX), Port Scanning Techniques

(see also -sX)

.xml filename extension, Controlling Output Type

XML output, Introduction, XML Output (-oX)-Creating HTML Reports, Output

converting to HTML, Creating HTML Reports
document type definition, XML Output (-oX), Purpose
example, XML Output (-oX)
getting device type from, WAP Characteristics
parsing, Solution
parsing with Perl, Manipulating XML Output with Perl-Manipulating XML Output with Perl
uses of, Using XML Output-Using XML Output

xmpp NSE library, List of All Libraries

XPath, WAP Characteristics

XSL, Creating HTML Reports, Output

XSLT processors, Saving a Permanent HTML Report

xsltproc, Saving a Permanent HTML Report, Output

Y

Yellow Dog (Linux distribution)

installing on, with Yum, Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum

Yum, Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum

Z

Zalewski, Michal, Passive Fingerprinting

Zenmap, The History of Nmap, Zenmap GUI Users' Guide-Zenmap GUI Users' Guide

command-line options, Command-line Options

comparing results, Comparing Results-Comparing Results

configuration file (see zenmap.conf)

dependencies of, Compile Zenmap from source code

disabling, Configure Directives

history of, History

keyword search, Host Filtering, Searching Saved Results

keyword search in, Searching Saved Results

loading scan results, Saving and Loading Scan Results

network inventory, Scan Aggregation

profile editor, The Profile Editor

purpose of, The Purpose of a Graphical Frontend for Nmap

recent scans database, Searching Saved Results, Per-user Configuration Files

disabling, Sections of zenmap.conf

saving scan results, Saving and Loading Scan Results

scan profiles, Profiles, The Profile Editor

creating, The Profile Editor
deleting, Editing or Deleting a Profile

searching, Searching Saved Results-Searching Saved Results

sorting by host, Sorting by Host

sorting by service, Sorting by Service

zenmap.db, Per-user Configuration Files

(see also recent scans database)

.zenmap directory, Per-user Configuration Files, Options Summary

Zenmap search criteria, Searching Saved Results

dates in, Searching Saved Results
fuzzy date matching, Searching Saved Results

zenmap.conf, The “Nmap Output” tab, Comparing Results, The nmap Executable, Per-user Configuration Files, Description of zenmap.conf-Description of zenmap.conf

zenmap.db, Per-user Configuration Files (see recent scans database)

ZENMAP_DEVELOPMENT environment variable, Error Output

zenmap_version, Per-user Configuration Files

zombie host (idle scan), TCP Idle Scan (-sI), Finding a Working Idle Scan Zombie Host, Decoding the Subject Fingerprint Format, ACK Scan

zone ID (IPv6 address), Target Specification

zone transfer, DNS Tricks