Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning [Paperback]

Gordon Fyodor Lyon (Author)

Book Description

Publication Date: January 1, 2009

Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire.

Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.

Nmap's original author, Gordon "Fyodor" Lyon, wrote this book to share everything he has learned about network scanning during more than 11 years of Nmap development. Visit http://nmap.org/book for more information and sample chapters.

Product Details

• Paperback: 468 pages
• Publisher: Nmap Project (January 1, 2009)
• Language: English
• ISBN-10: 0979958717
• ISBN-13: 978-0979958717
• Product Dimensions: 1 x 7.3 x 9.6 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (42 customer reviews)
• Amazon Best Sellers Rank: #75,751 in Books (See Top 100 in Books)
  • #8 in Books > Computers & Technology > Certification > CompTIA
  • #42 in Books > Computers & Technology > Security & Encryption
  • #68 in Books > Computers & Technology > Networking > Network Administration

Most Helpful Customer Reviews

45 of 45 people found the following review helpful

5.0 out of 5 stars The only Nmap book you need to read December 8, 2008

By Richard Bejtlich

Format:Paperback

Earlier this year Fyodor sent me a pre-publication review copy of his new self-published book, Nmap Network Scanning (NNS). I had heard of Fyodor's book when I wrote my 3 star review of Nmap in the Enterprise in June, but I wasn't consciously considering what could be in Fyodor's version compared to the Syngress title. Although the copy I read was labelled "Pre-Release Beta Version," I was very impressed by this book. Now that I have the final copy (available from Amazon) in my hands, I am really pleased with the product. In short, if you are looking for *the* book on Nmap, the search is over: NNS is a winner.

I've reviewed dedicated "tool" books before, including titles about Snort, Nessus, and Nagios. NNS dives into the internals of Nmap unlike any other title I've read. Without Nmap author Fyodor as the author, I think any competitor would need to have thoroughly read the source code of the application to have a chance at duplicating the level of detail Fyodor includes in NNS.

Instead of just describing how to use Nmap, Fyodor explains how Nmap works. Going even further, he describes the algorithms used to implement various tests, and why he chose those approaches. The "Idle Scan Implementation Algorithsm" section in Ch 5 is a great example of this sort of material. I will probably just refer students of my TCP/IP Weapons School class to this part of NNS when we discuss the technique!

One of the best parts of NNS, mentioned but explained in no other text, is the Nmap Scripting Engine (NSE). Ch 9 is all about NSE, with a brief intro to Lua and excellent documentation of using and building upon NSE. Beyond this groundbreaking material readers will find many examples of Nmap case studies from users.... This and other sections help make NNS a practical book, showing how people use Nmap in their environments for a variety of purposes.

If you use Nmap, for any reason, you should buy this book. Everyone (except author Fyodor) will learn something about network reconnaissance from this text. Read more ›

20 of 20 people found the following review helpful

5.0 out of 5 stars Valuable book about an invaluable security tool December 8, 2008

By Ben Rothke

Format:Paperback

The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap.

One may ask, why spend $50 on this book, when the Nmap Reference Guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. And for those that are cash strapped, the free reference guide is the way to go.

In addition, the web site for the book notes that about half of the content is available in the free online edition. The most useful information is in the book in chapters exclusive to the print edition, which includes Detecting and Subverting Firewalls and Intrusion Detection System, Optimizing Nmap Performance, Port Scanning Techniques and Algorithms, Host Discovery, and troubleshooting.

The main benefit of the buying the book is that it has the collected wisdom of Fyodor's, in addition to numerous real-world scenarios, and Nmap commands not documented elsewhere. At over 400 pages, the books 15 chapters provide the reader with everything they need to know about using Nmap to the fullest.

Chapter 1 starts with an overview of the history of Nmap and how it came to be.... As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it's best to avoid ISP abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter 1 provides a number of practical suggestions on just how to do that.

A complaint against Nmap it that is has often been blamed for crashing systems. Chapter 1 shows that the reality is that Nmap will rarely be the primary cause of a system crash. The truth is that many of the systems that crashed as a result of an Nmap scan were likely unstable from the outset, and Nmap either pushed them over the top or they coincidentally crashed at the same time as the Nmap scan.

An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target. He requested that the Nmap documentation be changed from targetto example. The section on target enumeration in the book shows the author did not take that request to heart.

Another example of where the book goes beyond what is in the reference guide is where the author shows the most valuable TCP ports via his probe of tens of millions of IP addresses across the internet. Not surprisingly, ports 80 23 and 443 were the top three most commonly open TCP ports. It is surprising that other ports, which should have been secured long ago, are still as vulnerable as ever.

For the serious Nmap user, the book is worth purchasing just for the indispensable information in chapter 16, which is about optimizing Nmap performance. The author writes that one of his highest priorities in the creation of Nmap has been performance. Nmap uses parallelism and numerous advanced algorithms to execute its blazingly fast scans. This chapter shows how to create Nmap commands to obtain only the information you care about and significantly sped up the scan. The chapter details numerous scan time reduction techniques, and strategies on how to deal with long scans. The chapter concludes with the output of a user who, with a customized Nmap command, was able to reduce his scan of a 676,352 IP address network from nearly a week to 46 hours.

Chapter 10 is also a fascinating chapter on the topic of detection and subverting of firewalls and IDS. The function of such tests on an internal network is to help an organization understand the dangers and risks of a real attack. Since it is not uncommon for firewalls to be accidentally misconfigured, or have rule bases that leak from far too many rules; such a test can be quite useful to any network.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the guide for anyone who wants to get more out of Nmap. It is useful whether one is a novice and only getting into basic security testing, or an advanced user looking for ways to optimize Nmap.

The book takes a real-world approach on how to use the tool and clearly documents every Nmap feature and option. It also shows how the tool should be correctly used in various settings.

What is unique about is that this is a rare book in which the creator of the program wrote it. Linus Torvalds never got around to writing a Linux reference, nor did the creators of the Check Point firewall. In Nmap Network Scanning, the reader gets the story from the creator of the code itself. This then is the ultimate Nmap reference guide.

Aside from the history and use of the program in the first chapter, the rest of the book is an extreme guide to maximizing the use of Nmap. It is written by a programmer and written for the technically astute. Anyone who wants to maximize their use of Nmap will find no better reference. Read more ›

23 of 24 people found the following review helpful

5.0 out of 5 stars Everything you need to know about Nmap December 8, 2008

By E. Block

Format:Paperback

Having the privilege of reviewing draft copies of this book over the past couple years, I think it will quickly become required reading for network engineers, system administrators, and anyone working in the computer security arena.

Fyodor, the developer of nmap, is the obvious choice to author a book on his project. This book, however, goes well beyond an expanded "man page" for the premier port scanning tool. Fyodor gives an insightful overview of TCP/IP (including some really beautiful graphs of IP headers). He also shows how to use nmap for network monitoring, to gain a better understanding of networks, and to test firewalls.

Consider this book a Rorschach test of sorts. If you want to learn how to inventory your network gear, this book has an answer. If you want to learn how to bypass firewalls and IDS, this book will help. If you need to test network security, this book will be required reading.
I have been using nmap for nearly a decade and there were still some great tips and tricks that I found for the first time in these pages.

Thanks for the effort Fyodor.

17 of 19 people found the following review helpful

4.0 out of 5 stars not for the casual user December 8, 2008

By W Boudville HALL OF FAMETOP 500 REVIEWERVINE™ VOICE

Format:Paperback

Lyon's book is not for the casual nmap user. By that I refer to perhaps a sysadmin wondering if any of her systems are secure and just needs a quick run with nmap [and other tools] across her network. Instead, the book is an extensive discussion about the full capabilities of nmap. Since Lyon is the author of nmap, this book should be taken as authoritative. It goes far beyond the user manuals and guides that you might find on the net.

The book also has comparative assessments of other network diagnostic tools, like scanrand. One of the merits of the text is this analysis. Usually, if not invariably, the remarks point up deficiencies in those tools, vis a vis nmap. I don't know enough about the tools and nmap to tell if these are accurate. But the arguments do appear logical enough. Typically, most tool guides describe only the tool itself. Rarely do they compare it to other alternatives. Leaving the hapless sysadmin to assess from scratch, or to surf the web looking for reliable commentary that has comparisons.

Another reason for getting this book is if you intend to improve nmap or improve on it with another product. Sure, nmap is open source. But studying the innards of a large code package can be difficult. The nmap user manuals are at the user level, and not for programmers who want to understand the actual workings of source code. This book has detailed explanations of crucial algorithms used by nmap. You can use these to better follow the code.