50 of 51 people found the following review helpful
on December 8, 2008
Earlier this year Fyodor sent me a pre-publication review copy of his new self-published book, Nmap Network Scanning (NNS). I had heard of Fyodor's book when I wrote my 3 star review of Nmap in the Enterprise in June, but I wasn't consciously considering what could be in Fyodor's version compared to the Syngress title. Although the copy I read was labelled "Pre-Release Beta Version," I was very impressed by this book. Now that I have the final copy (available from Amazon) in my hands, I am really pleased with the product. In short, if you are looking for *the* book on Nmap, the search is over: NNS is a winner.
I've reviewed dedicated "tool" books before, including titles about Snort, Nessus, and Nagios. NNS dives into the internals of Nmap unlike any other title I've read. Without Nmap author Fyodor as the author, I think any competitor would need to have thoroughly read the source code of the application to have a chance at duplicating the level of detail Fyodor includes in NNS.
Instead of just describing how to use Nmap, Fyodor explains how Nmap works. Going even further, he describes the algorithms used to implement various tests, and why he chose those approaches. The "Idle Scan Implementation Algorithsm" section in Ch 5 is a great example of this sort of material. I will probably just refer students of my TCP/IP Weapons School class to this part of NNS when we discuss the technique!
One of the best parts of NNS, mentioned but explained in no other text, is the Nmap Scripting Engine (NSE). Ch 9 is all about NSE, with a brief intro to Lua and excellent documentation of using and building upon NSE. Beyond this groundbreaking material readers will find many examples of Nmap case studies from users. This and other sections help make NNS a practical book, showing how people use Nmap in their environments for a variety of purposes.
If you use Nmap, for any reason, you should buy this book. Everyone (except author Fyodor) will learn something about network reconnaissance from this text.
24 of 24 people found the following review helpful
on December 8, 2008
The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap.
One may ask, why spend $50 on this book, when the Nmap Reference Guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. And for those that are cash strapped, the free reference guide is the way to go.
In addition, the web site for the book notes that about half of the content is available in the free online edition. The most useful information is in the book in chapters exclusive to the print edition, which includes Detecting and Subverting Firewalls and Intrusion Detection System, Optimizing Nmap Performance, Port Scanning Techniques and Algorithms, Host Discovery, and troubleshooting.
The main benefit of the buying the book is that it has the collected wisdom of Fyodor's, in addition to numerous real-world scenarios, and Nmap commands not documented elsewhere. At over 400 pages, the books 15 chapters provide the reader with everything they need to know about using Nmap to the fullest.
Chapter 1 starts with an overview of the history of Nmap and how it came to be. As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it's best to avoid ISP abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter 1 provides a number of practical suggestions on just how to do that.
A complaint against Nmap it that is has often been blamed for crashing systems. Chapter 1 shows that the reality is that Nmap will rarely be the primary cause of a system crash. The truth is that many of the systems that crashed as a result of an Nmap scan were likely unstable from the outset, and Nmap either pushed them over the top or they coincidentally crashed at the same time as the Nmap scan.
An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target. He requested that the Nmap documentation be changed from targetto example. The section on target enumeration in the book shows the author did not take that request to heart.
Another example of where the book goes beyond what is in the reference guide is where the author shows the most valuable TCP ports via his probe of tens of millions of IP addresses across the internet. Not surprisingly, ports 80 23 and 443 were the top three most commonly open TCP ports. It is surprising that other ports, which should have been secured long ago, are still as vulnerable as ever.
For the serious Nmap user, the book is worth purchasing just for the indispensable information in chapter 16, which is about optimizing Nmap performance. The author writes that one of his highest priorities in the creation of Nmap has been performance. Nmap uses parallelism and numerous advanced algorithms to execute its blazingly fast scans. This chapter shows how to create Nmap commands to obtain only the information you care about and significantly sped up the scan. The chapter details numerous scan time reduction techniques, and strategies on how to deal with long scans. The chapter concludes with the output of a user who, with a customized Nmap command, was able to reduce his scan of a 676,352 IP address network from nearly a week to 46 hours.
Chapter 10 is also a fascinating chapter on the topic of detection and subverting of firewalls and IDS. The function of such tests on an internal network is to help an organization understand the dangers and risks of a real attack. Since it is not uncommon for firewalls to be accidentally misconfigured, or have rule bases that leak from far too many rules; such a test can be quite useful to any network.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the guide for anyone who wants to get more out of Nmap. It is useful whether one is a novice and only getting into basic security testing, or an advanced user looking for ways to optimize Nmap.
The book takes a real-world approach on how to use the tool and clearly documents every Nmap feature and option. It also shows how the tool should be correctly used in various settings.
What is unique about is that this is a rare book in which the creator of the program wrote it. Linus Torvalds never got around to writing a Linux reference, nor did the creators of the Check Point firewall. In Nmap Network Scanning, the reader gets the story from the creator of the code itself. This then is the ultimate Nmap reference guide.
Aside from the history and use of the program in the first chapter, the rest of the book is an extreme guide to maximizing the use of Nmap. It is written by a programmer and written for the technically astute. Anyone who wants to maximize their use of Nmap will find no better reference.
24 of 26 people found the following review helpful
on December 8, 2008
Having the privilege of reviewing draft copies of this book over the past couple years, I think it will quickly become required reading for network engineers, system administrators, and anyone working in the computer security arena.
Fyodor, the developer of nmap, is the obvious choice to author a book on his project. This book, however, goes well beyond an expanded "man page" for the premier port scanning tool. Fyodor gives an insightful overview of TCP/IP (including some really beautiful graphs of IP headers). He also shows how to use nmap for network monitoring, to gain a better understanding of networks, and to test firewalls.
Consider this book a Rorschach test of sorts. If you want to learn how to inventory your network gear, this book has an answer. If you want to learn how to bypass firewalls and IDS, this book will help. If you need to test network security, this book will be required reading.
I have been using nmap for nearly a decade and there were still some great tips and tricks that I found for the first time in these pages.
Thanks for the effort Fyodor.
8 of 8 people found the following review helpful
on December 31, 2008
I could summarize this book review by saying this is THE nmap reference book, what in itself would be an obvious conclusion I already expected before reading a single page, just by looking at the author name. Fyodor is the creator of nmap, a tool he has carefully fed and taken care of during all these years, and slightly knowing him from the Honeynet project, I couldn't expect less.
"Nmap Network Scanning" is a masterpiece that teaches the reader the Art of Network Mapping and Scanning, and definitely, one of the best books I've read in years. Honestly, there are only a few minor things regarding network scanning you cannot accomplish with a single tool, the current nmap version. The book takes advantage of it.
The official nmap reference guide is simply included on chapter 15, while the rest of the book steers the reader through the nifty art of network mapping and scanning. It disects the network scanning phases and techniques, describing the different options and tool arguments available throughout practical examples and real-world usage tips, here and there, that will improve all your scanning techniques. This is a never-ending book that took Fyodor 5 years to write, and it clearly spreads his experience testing and analyzing networks. This is specially true in the "Solution" section at the end of some chapters, where real-world scenarios are efficiently solved.
Additionally, the book clearly pinpoints the limitations for the multiple platforms (eg. Windows vs Linux) and scenarios (eg. privileged vs non-privileged user) nmap can run on. Besides that, it summarizes most nmap internals without requiring you to dive deep into the source code, what is a challenge in itself. All this information is complemented with some real challenges you find as a penetration tester today, such as the limitations to spoof Internet traffic from legal ISP, a topic I've been researching about recently.
The most advanced and technical chapters are chapter 7 and 8, detailing the inner workings of the nmap service, application, and OS fingerprinting modules, and chapter 9, providing the NSE knowledge required to read and develop your own nmap scripts.
This is the type of book I recommend you to read in front of your computer, practicing simultaneously. Open a terminal, enable your network connection, and run the latest nmap version as you read throughout the book while testing the different options and examples. You can use multiple target virtual machines to experiment with, or if not available, the scanme.nmap.org site (use with caution). One thing is sure: you will have a lot of fun!
I have been using nmap since 1999, and found the book fits a broader audience, from the novice reader (please, do not get overwhelmed initially by all the available nmap options and scan types), that can learn the principles of the scanning techniques used (the packet flow diagrams on the port scanning chapter are specially helpful), up to the advanced professional, explaining what's behind the scenes of every technique and nmap argument, at the OS and network traffic level. The book applies to most security professionals, from security administrators that need to manage and secure their environments, to penetration testers interested on driving their skills to a new level.
This is the kind of book that feeds your creativity and research motivation. Fyodor, once again, promotes along the book the open-source philosophy, the need to share and contribute to the community, in this case in the form of OS and service fingerprints, NSE scripts, or just reporting nmap bugs.
Some minor things I would have liked to see mentioned for an extra finishing touch, offering my tiny contribution for a future version, are:
- A statistical analysis of the most common ICMP types currenty allowed on the field, similar to the study for TCP and UDP ports Fyodor did. On my experience, for example, I find ICMP timestamps allowed much frequently than ICMP netmask requests today.
- Extend the analysis of port knocking with the Single Packet Authorization (SPA) concept.
- Finally, I would have loved to see specific sections for the new nmap-related tools, such as ndiff (the command line version), or ncat.
Respectfully, once I finished reading the book I feel like Raul "Fyodor" Siles..., you will do too! :)
Fyodor was generous enough to release an extensive portion of the book for free on the official nmap book website. Take a look at it and you won't doubt about getting your own full copy.
4 of 4 people found the following review helpful
on January 11, 2009
Although the information available from Fyodor's site, insecure.org, is free, and very helpful and available, having this book has expanded my understanding of security immensely. With the tips and tricks in the book, I've learned even more. Excellent tool for anyone on the security side of admin-ing. A must have in your hard copy library.
3 of 3 people found the following review helpful
on January 1, 2009
NMAP, the open source network mapping tool, should be in any network or security administrator's toolbox. It's a feature-rich network scanner that goes far beyond port scanning such as service and OS detection, stealth and evasion modes, and sports an internal scripting engine. NMAP Network Scanning, a reference guide written by Gordon Lyon, a.k.a. Fyodor, is a must-have book to get the most out of NMAP.
The self-published book is a solid reference work complete with explanations on how and why NMAP features work, examples on how to use them, how to interpret the results, and real-life scenarios showing interesting use cases. The writing and explanations are clear and concise but do require familiarity with common protocols like Ethernet, IP, TCP/UDP, as well as common services like Sun RPC and Windows Networking. Information that IT and security administrators should already have.
You can skip the first two chapters if you're already familiar with NMAP and know how to install software on your chosen operating system. Many Linux users nowadays will simply use whatever version of NMAP is packaged for that distribution and the program is often installed by default. If you're compiling from source, you will want to read the text that comes with the source code and run "configure -help" for the compiler directives.
Chapter 3, Host Discovery, gets into using NMAP. Within a few pages, you learn to run host discovery as well as techniques to find IP addresses to feed NMAP. The latter is an example of where the book shines. Throughout the book, Lyon provides guidance on relevant topics required to get the most out of NMAP, like how to find an organizations IP address range. The rest of the chapter describes various ways to discover hosts using ICMP, TCP, and UDP, and where each type of scan is applicable and any pitfalls.
Chapters 4 and 5, Port Scanning Overview and Port Scanning Techniques and Algorithms, dig into the heart of NMAP -- port scanning for every occasion. Filled with insights on everything from timing options to firewall and IDS evasion techniques, chapter 4 should be read regardless of your NMAP skill level. That prepares you for chapter 5, where Lyon explains the different scan types, what they are used for, and how to interpret the results. Each of the scan types includes screen shots of the output as well as an analysis of what occurred. It's like looking over an expert's shoulder and you're bound to learn more about NMAP more quickly by understanding the examples and applying them than simply trying the scan types on your own. Chapter 5 ends with a quick overview of optimizing NMAP scans, the topic of chapter 6.
By the time you reach chapter 7, Service and Application Version Detection and Remote OS Detection, and chapter 8, Remote OS Detection, you know you're heading into the guts of NMAP. Lyon's in-depth description of service and OS detection is deep and thorough. You don't need to know the gory details to use these NMAP features, but understanding how service and OS detection works will deepen your appreciation of what NMAP can do. Chapter 7 winds up with two examples, finding nonstandard applications on your network and finding open proxies. Chapter 8 describes a way to find wireless access points on a network, which is a common headache for IT administrators.
Chapter 9, NMAP Scripting Engine, provides and overview of NSE and a brief description of the scripts that ship with the NMAP program as well as the NMAP application programming interface (API). Lyon then runs through a tutorial in writing NMAP scripts. Here again, Lyon provides source listings and explanation of the API and scripting features that are immediately useful.
Chapters 10 and 11, focus on detecting firewalls and intrusion-detection systems and techniques to defend against NMAP scans. Good reading for any IT and security administrator and come near the end of the book since these chapters leverage information already stated earlier in the book. Chapter 12 describes Zenmap, the NMAP GUI, if you're so inclined to such things. And the final chapters round out the book describing the output formats and data files used by NMAP with examples and explanations on use.
On the cover page, Lyon promises to tell you how to use NMAP to solve real world network security and network management tasks. He delivers on that promise with clear and concise text, screen shots, and examples. If you use NMAP, this is a must-have book.
5 of 6 people found the following review helpful
on December 16, 2008
Every Security God needs a Bible, and Fyodor's absolute, incredibly
definitive guide on Nmap will imbue you with rock-solid scanning
stratagems without having to sacrifice the network to lesser tools and
An earlier review mentioned this book, "Is not for the casual nmap
user..." Indeed, Nmap is not a casual tool. No other open-source
security tool in recent memory (10yrs) matches the potentially bad....and
ostensibly good events someone could discern from a network.
What makes the book unique in its approach is that it was written by the
creator of the tool. Fyodor is a rare combination of first-rate
programmer and elucidating author, which some might relate to -- how many
of us have used an excellent tool, only to be underwhelmed by the dearth
This is especially important from a technique/holistic view, meaning that
the more intricate the security tool, the more potential mayhem one can
create. It's the difference between knowing your vulnerabilities or
finding out how personally vulnerable you are to pointed questions by
angry admins after you brought down the network...or worse.
Over half the book goes over features and options I haven't seen online
anywhere else -- that alone makes the book a worthwhile purchase. Buying
the book reaffirms the concept that intelligent, well-designed open
source software can be exponentially better than software costing
thousands...and you can take that to your Knowledge Bank.
3 of 3 people found the following review helpful
on August 9, 2010
For me this was a really good book. I am by no means a security expert; I'm a student. But this book really showed me the ins and outs of nmap but also it gave me good starting places about attack vectors that I had never considered before. Also it gave me a good view of possible ways recon can be performed against a network and some of the things to look for as well as some of the tracks of thought you should take when auditing your logs and / or pentesting your own network. It taught me how to fish.
3 of 3 people found the following review helpful
on January 18, 2010
NMAP is a powerful tool even in its most basic usage. I knew it was capable of a lot more than the preconfigured scans Zenmap GUI provides, but I had no idea the depth of the product. While "Fyodor" provides a lot of documentation online at the NMAP web site, the book definitely goes above and beyond.
If you're looking at doing network analysis, this book is a must-read and inexpensive compared to most IT-field references.
3 of 3 people found the following review helpful
on February 12, 2010
If you are serious about Security scanning this is the book to have. Most of the information is online at [...] The big difference is the book provides more information with different scenarios of why and when you do different scans. I learned more things that I can do in the book that I missed reading online.