This is the third in a series of tips on how to use Nmap in an enterprise network environment.
Linux is the most popular platform for running Nmap. In fact, most Linux distributions actually include Nmap, although it may not be installed by default. Even if your system already has a copy of Nmap, you should consider upgrading to the latest version available from http://www.insecure.org/nmap/download.html. (Note that all Nmap releases are signed with a special Nmap Project Signing Key, which can be obtained from http://www.insecure.org/nmap/data/nmap_gpgkeys.txt.)
Linux users can choose between a source code install or the use of binary packages, such as RPM, provided by their distribution. A source install allows more flexibility in determining how Nmap is built and optimized for your system. Binary packages are generally quicker and easier to install, and are often customized to use the distribution's standard directory paths and configuration. These packages also allow for simpler management when it comes to issues such as upgrading software on the system. The Nmap package contains just the command-line executable and data files, while the Nmap-front end package contains the optional X-Window GUI called NmapFE.
Compiling and installing Nmap on Linux from source code is the most powerful way to install it. This ensures that you have the latest version, and Nmap can adapt to the library availability and directory structure of your particular system. The build system is designed to auto-detect as much as possible, but as there are dozens of command-line parameters and environmental variables that affect the way Nmap is built, I recommend running ./configure to view the help.
Installing Nmap on Linux systems via RPM is also quite easy, but if you do have problems, for example if your library versions are sufficiently different from those the RPMs were initially built on, you can build and install your own binary RPMs from the source RPMs.
To run and test Nmap, type:
nmap –A –T4 scanme.insecure.org
This command will scan the host scanme.insecure.org at the shell prompt. The A and T4 options enable OS and version detection and set the timing template to "aggressive". There are more than a hundred command-line options, some of which we'll be looking at in the next few tips.
If you have problems running Nmap, scroll up the output screen and examine the first error messages. Then see if the problem is covered in the Nmap-dev list archives at http://seclists.org/#nmap-dev. There is also plenty of supporting documentation for Nmap on Linux at http://www.insecure.org/nmap/docs.html, and it is worthwhile to subscribe to the Nmap-hackers mailing list.
As Nmap is a command-line application, it can easily be run from a script, and precise scans can be executed without having to set lots of different options. However for those administrators who are less comfortable working at the command prompt, there are several GUIs available for Linux users. NmapFE is the most popular. It offers a number of options, which are all used to build an appropriate Nmap command. The Nmap command-line is shown at the bottom of the window as it is constructed -- a useful way to learn the command-line syntax. Finally, Nmap supports numerous PDAs, including Sharp Zaurus and Compaq IPAQ. For further information see the instructions at http://www.insecure.org/nmap/install/inst-pda.html.
Nmap technical manual
- An introduction to Nmap
- Nmap: A valuable open source tool for network security
- How to install and configure Nmap for Windows
- How to install and configure Nmap on Linux
- How to scan ports and services with Nmap
- More port scanning techniques
- Firewall configuration testing
- Techniques for improving Nmap port scan times
- How to interpret and act on Nmap scan results
- Nmap parsers and interfaces
- Nmap and the open source debate
About the author:
Michael Cobb, CISSP-ISSAP, is a renowned security author with over 20 years of experience in the IT industry. He has a passion for making IT security best practices easier to understand and achievable. His website http://www.hairyitdog.com offers free security posters to raise employee awareness of the importance of safeguarding company and client data and of following good practices. He co-authored the book IIS Security and has written many technical articles for leading IT publications. Mike has also been a Microsoft Certified Database Manager and registered consultant with the CESG Listed Advisor Scheme (CLAS).
Discover how to use nmap for Linux administration and security
View a demonstration of using Nmap to scan a network
Join the discussion: Interpreting and acting on Nmap scan results