This is the second in a series of tips on how to use Nmap in an enterprise network environment.
Nmap was originally a command-line application for Unix, but a Windows version has been available since 2000. This tip discusses how to install and configure Nmap for Windows.
Although you can download and install Nmap for Windows from a zip file, the latest version requires the free WinPcap packet capture library to be installed as well. I suggest you opt for using the Nmap Windows installer, which handles WinPcap installation for you. This installer, nmap-4.01-setup.exe, can be downloaded from the insecure.org website. The installer doesn't add a shortcut to the Programs menu for Nmap as you need to run nmap.exe from a DOS command prompt, and although WinPcap does appear in the Add/Remove applet, you will need to run the uninstall program in the Nmap folder if you choose to remove Nmap at any time. The total space required for the complete installation is only 2.6Mb.
The default install directory is C:\Program Files\Nmap\, but because the installer adds Nmap to the computer's PATH environment variable, you can execute Nmap from any directory. So to run and test Nmap, open a Command Prompt window and type the following, which will scan the host
scanme.insecure.org: nmap -A -T4 scanme.insecure.org
The A and T4 options enable OS and version detection, and set the timing template to "aggressive."
There are more than a hundred command-line options, some of which we'll be looking at in the next few tips. Note that the command options are case sensitive. Nmap for Window is not as efficient as on Unix. The connect scan (-sT) in particular is often much slower because of shortcomings in the Windows networking API. You can improve connect scan performance by double clicking the nmap_performance.reg file located in the Nmap directory, which will make three registry changes in order to increase the number of ephemeral ports reserved for applications such as Nmap, and decrease the amount of time before a closed connection can be reused. If you run in to problems running Nmap on Windows you should check for error messages in the Windows event log and then see if the problem is covered in the Nmap-dev list archives. There is also plenty of supporting documentation for Nmap, and it is worthwhile to subscribe to the Nmap hackers mailing list, too.
The main advantage of Nmap being a command-line application is it is easier to run from a script, and precise scans can be executed without having to set lots of different options. However, this can be intimidating for new and infrequent users. And although there are graphical user interfaces (GUI) available for Unix, as yet there are no stable GUIs for Windows. Fortunately, this is expected to change this year. There is no official release date, but the creator of Nmap, Fyodor, hopes to have a Windows-compatible version of NmapFE, the most popular GUI for Unix, out sometime this year. There are other cross-platform GUIs that are in development too, such as UMIT.
Nmap technical manual
- An introduction to Nmap
- Nmap: A valuable open source tool for network security
- How to install and configure Nmap for Windows
- How to install and configure Nmap on Linux
- How to scan ports and services with Nmap
- More port scanning techniques
- Firewall configuration testing
- Techniques for improving Nmap port scan times
- How to interpret and act on Nmap scan results
- Nmap parsers and interfaces
- Nmap and the open source debat
About the author:
Michael Cobb, CISSP-ISSAP, is a renowned security author with over 20 years of experience in the IT industry. He has a passion for making IT security best practices easier to understand and achievable. His website http://www.hairyitdog.com offers free security posters to raise employee awareness of the importance of safeguarding company and client data and of following good practices. He co-authored the book IIS Security and has written many technical articles for leading IT publications. Mike has also been a Microsoft Certified Database Manager and registered consultant with the CESG Listed Advisor Scheme (CLAS).
Learn how to create an inventory with nmap network scanning
Get some tips and tricks to using Nmap to scan a network
View a demonstration of using Nmap to scan a network