Best Practice Ezine #98 – nmap (Network Mapper)I want to start with a clear message: thank you David T. Klein for recommending nmap. This Network Mapper is a powerful tool, which satisfies every techie’s desire to snoop, sorry I mean audit, their network. Topics for nmapOutline of nmapHere is an outline of what nmap can do. The idea is to check your network by scanning TCP and UDP ports. Nmap’s classic job is to check the security on your network. From its low-level interrogation of IP packets, it cleverly works out which services each host is offering. Moreover, nmap it is designed to scan large networks rapidly and display Port, State, and Service information for each host. This outline does not do justice to the program, you really have to get nmap yourself to feel the power. Guy’s Initial FrustrationMy second message is that I accept responsibility for my frustration in searching on the nmap site for the correct file, nmap-4.11-win32.zip. You will soon realize that nmap is really a Unix program that has been persuaded to run on Windows systems. This tells us three things, it will be rock solid, have many powerful verbs, but there will be no GUI. Another minor problem I encountered was that nmap needs WinPcap. What WinPcap does is provide link-layer network access in Windows environments. It allows applications like nmap to capture and transmit network packets bypassing the protocol stack. In a nutshell, nmap is limited without WinPcap. Don’t let these trivial details put you off, nmap is a real joy to master. Dare I suggest that in the Unix world there are no beginners, therefore there they don’t cater for Windows newbies who are unfamiliar with Unix traditions. Just as animals in the Bovine group are born to run, for example antelopes, so Unix Administrators are born to hit the command line running. Mammals on the other hand, take a year before they even learn to crawl, so this Windows Administrator (Guy) takes ages just to install a new Unix-type program. Instructions to install nmapI really don’t want to stop you visiting nmap site, but I have to say that I grappled with various .tar files for half an hour, until finally I got the correct file for XP and Windows Server 2003, namely, Once you have unzipped and installed nmap, open a cmd prompt, navigate to the nmap folder than start issuing commands. I began with: nmap -h so that I could fine tune my scan techniques and out output format. Next I tried: nmap -A -T4 hostname. N.B. it has be the name of another machine on your network, your own machine’s name will not work. To make sense of these and many other commands, redirect the help to a text file and print a hard copy. At the risk of teaching my grandfather’s to suck eggs, redirect nmap’s help to a file thus: nmap -h > helpnmap.txt, then: print helpnmap.txt or: notepad helpnmap.txt and print from inside notepad. Note that if you don’t install WinPcap you will get a vague error message saying words to the effect of : ‘Install WinPcap 3.1 or later’. Visit the nmap site (Recommended)From here on I have nothing but praise for the power and breadth of nmap. Whereas my Computer Performance site is designed to get you started, thenmap site comes into its own once you have got the program up and running and you want more detailed and specialist information. To finish where I started, thanking David for passing on his favourite command: Guy Recommends: A Free Trial of the Network Performance Monitor (NPM) |