With its first major release in nearly 2 years,
has made great strides
in speed and usability. Nmap 4.00 was released on 31 January and has a
very large list
of features and upgrades since the 3.50 release in February 2004.
Nmap is a "network mapper" that allows a network administrator or curious
user to discover many things about a network or host. Nmap will do host
discovery to determine which hosts are available and port scanning to
determine open ports and what services are running behind those ports.
It can also try to determine which operating system is running on a target machine by
examining the contents of packets and responses using a technique known
stack fingerprinting. One of the main uses for Nmap is security
auditing a network in order to detect and possibly disable any and all
unnecessary services running on a host or network.
The feature that users are most excited about, according to
Fyodor, creator of Nmap, is status reporting which
provides real-time information on how much progress Nmap has made and an
estimated time of completion. One can get this report by pressing return
while Nmap is running; other keys will increase or decrease the verbosity
and debug levels or toggle packet tracing. This makes for a much
nicer user experience:
With Nmap 3.50, you would start a scan and Nmap would
quietly chug away for a variable amount of time (from minutes to
hours) before suddenly reporting results for a target host. ...
Staring at a screen for 30 minutes waiting for
Nmap to complete is frustrating, but when you know the time in advance
you can simply go out for lunch.
Speed and memory usage improvements in the port scanning engine were a big
focus of the improvements made since 3.50. Several functions, such as reverse
DNS lookup and UDP scans have been parallelized and Nmap now uses raw
Ethernet packets to do ARP requests which speeds up host detection
significantly. The speed improvements were not readily apparent
in the relatively simple scans the author tried; they are largely geared for
scanning many thousands of ports on large numbers of hosts.
Documentation was another focus of the 4.00 effort and Fyodor has rewritten
the man page,
an install guide, and
a version detection guide.
Open source software is frequently characterized as having poor
documentation. I tried to fight that stereotype by putting a lot of
work into Nmap 4.00 docs.
Thanks to the DAG
repository, upgrading to Nmap 4.00 was painless on the (now obsolete)
Fedora Core 3
distribution. Running Nmap is fairly straightforward, but there are an
enormous number of options and ways to specify targets. Wading through
the very comprehensive man page is required to do anything very complicated,
though Nmap often seems to suggest useful options when scans fail and this
feature can be very helpful.
Nmap 4.00 looks to be a very solid release of a tool that should be on
every administrator's list of essential security tools.
to post comments)