This is the third in a series of tips on how to use Nmap in an enterprise network environment.
Linux is the most popular platform for running Nmap. In fact, most Linux distributions actually include Nmap, although it may not be installed by default. Even if your system already has a copy of Nmap, you should consider upgrading to the latest version available from http://www.insecure.org/nmap/download.html. (Note that all Nmap releases are signed with a special Nmap Project Signing Key, which can be obtained from http://www.insecure.org/nmap/data/nmap_gpgkeys.txt.)
Linux users can choose between a source code install or the use of binary packages, such as RPM, provided by their distribution. A source install allows more flexibility in determining how Nmap is built and optimized for your system. Binary packages are generally quicker and easier to install, and are often customized to use the distribution's standard directory paths and configuration. These packages also allow for simpler management when it comes to issues such as upgrading software on the system. The Nmap package contains just the command-line executable and data files, while the Nmap-front end package contains the optional X-Window
Compiling and installing Nmap from source code is the most powerful way to install it. This ensures that you have the latest version, and Nmap can adapt to the library availability and directory structure of your particular system. The build system is designed to auto-detect as much as possible, but as there are dozens of command-line parameters and environmental variables that affect the way Nmap is built, I recommend running ./configure to view the help.
Installing Nmap via RPM is also quite easy, but if you do have problems, for example if your library versions are sufficiently different from those the RPMs were initially built on, you can build and install your own binary RPMs from the source RPMs.
To run and test Nmap, type
nmap –A –T4 scanme.insecure.org
This command will scan the host scanme.insecure.org at the shell prompt. The A and T4 options enable OS and version detection and set the timing template to "aggressive". There are more than a hundred command-line options, some of which we'll be looking at in the next few tips.
If you have problems running Nmap, scroll up the output screen and examine the first error messages. Then see if the problem is covered in the Nmap-dev list archives at http://seclists.org/#nmap-dev. There is also plenty of supporting documentation for Nmap at http://www.insecure.org/nmap/docs.html, and it is worthwhile to subscribe to the Nmap-hackers mailing list.
As Nmap is a command-line application, it can easily be run from a script, and precise scans can be executed without having to set lots of different options. However for those administrators who are less comfortable working at the command prompt, there are several GUIs available for Linux users. NmapFE is the most popular. It offers a number of options, which are all used to build an appropriate Nmap command. The Nmap command-line is shown at the bottom of the window as it is constructed -- a useful way to learn the command-line syntax. Finally, Nmap supports numerous PDAs, including Sharp Zaurus and Compaq IPAQ. For further information see the instructions at http://www.insecure.org/nmap/install/inst-pda.html.
NMAP TECHNICAL MANUAL
Nmap: A valuable open source tool for network security
How to install and configure Nmap for Windows
How to install and configure Nmap on Linux
How to scan ports and services
More port scanning techniques
Firewall configuration testing
Techniques for improving Nmap scan times
Interpreting and acting on Nmap scan results
Nmap parsers and interfaces
Nmap and the open source debate
This was first published in June 2006