Intended Audience and Organization

This book documents the free Nmap Security Scanner, from port scanning basics for novices to the types of packet crafting used by advanced hackers. It should benefit Nmap users (or potential users) of all experience levels.

Starting with the basics, this book gives an overview of Nmap by example in Chapter 1. Then Chapter 2 covers obtaining, compiling and installing Nmap. Chapters 3 through 5 cover features in the order you might use them when conducting a penetration test. First comes host discovery (ping scanning), which determines the available hosts on a network. Next, port scanning is covered in depth. In Chapter 5, all the Nmap scanning techniques are detailed, with advice and examples. Scanning a large network can take a long time, so Chapter 6 is full of performance optimization advice. Chapter 7 details service and application version detection, in which Nmap queries ports to determine exactly what is running rather than simply guessing based on the port number. Chapter 8 covers one of Nmap's most loved features: remote OS detection. Chapter 9 details the Nmap Scripting Engine (NSE), which allows users to write (and share) simple scripts to automate a wide variety of networking tasks. My favorite chapter is number 10: Detecting and Subverting Firewalls and Intrusion Detection Systems. For balance, that is followed by a chapter on defending against Nmap scans. Chapter 12 then fully documents the Zenmap multi-platform Nmap GUI and results viewer. The next two chapters cover output formats and data files. The final four chapters are reference guides for the whole family of tools: Nmap, Ndiff, Ncat, and Nping. These are quick resources for looking up specific command-line options or brief feature summaries.

Scattered throughout the book are detailed instructions for performing common tasks such as scanning a network for a certain single open TCP port or detecting wireless access points by scanning from the wired side. First each problem is described, then an effective solution is provided. A final discussion section describes the solution in more depth and may provide alternative solutions and insights into similar problems.