Book Review: Nmap Network Scanning
Nmap network scanning” is the official nmap project guide to network discovery and security scanning. It is the guide for anyone who wants to get more out of nmap. It is useful whether one is a novice and only getting into basic security testing, or for advanced users looking for ways to optimize nmap and get more out of it
One may ask, why spend ($33 + “customs”) on this book when the nmap reference guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. In addition, the web site for the book notes that about half of the content is available in the free online edition. So for those that are cash strapped, the free reference guide is the way to go.
The most useful information is in the book though, in chapters exclusive to the print edition, which includes detecting and subverting firewalls and intrusion detection systems, optimizing nmap performance, port scanning techniques and algorithms, host discovery, and troubleshooting.
The main benefit of buying the book is that it has the collected wisdom of fyodor’s, in addition to numerous
real-world scenarios, and nmap commands not documented elsewhere. At over 420 pages, the book’s 15 chapters provide the reader with everything they need to know about using nmap to its fullest potential. You don’t need to buy it, you could also rent it from the bluekaizen library like me and i will also make one Arabic version available soon.
Let’s take a walk through the book’s chapters Chapter one starts with an overview of the history of nmap and how it came to be. As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it’s best to avoid isp abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter one provides a number of practical suggestions on just how to do that.
Chapter two explains how to get and install the nmap package, including its status of various platforms, the zenmap graphical user interface, and finding updates to both the package and important data files.
Chapter three describes the first and an important concept “if you want to scan something you need to confirm it exists”, this will be interesting for you because you will start to use nmap to discover hosts and learn a lot of techniques which will help you later.
Chapter four discusses port scanning and explains the broad strokes of scanning tcp and udp ports, lists the most common types of scans, and describes how nmap distinguishes between open, closed, filtered, and ambiguous ports.
Chapter five covers nmap’s port scanning techniques in detail. It describes the basic tcp and udp scans.
Chapter six is a discussion of optimizing nmap scan performance, centered on how to select the right scanning technique, the right scanning target, and the right timing options. Nmap scans can take a very long time if the wrong parameters are chosen, so mastering the options is a valuable skill.
Chapter seven looks at the next step beyond port scanning: service and version detection, by which nmap can determine what applications are running on open ports.
Chapter eight looks at operating system detection, which nmap performs by sending a complex series of tests to the target machine, then comparing the resulting “fingerprint” to a database of known profiles.
Chapter nine describes one of nmap’s newest features, the nmap scripting engine (nme). Nme is a lua-based engine that allows constructing more complex scans and queries that the nmap core can perform on its own.
Chapter ten explores how to use nmap to perform two higher-level tasks: mapping out and bypassing firewall rules, and evading or defeating intrusion detection systems (idss).
Chapter eleven explores the other side of the coin, how to defend against nmap scans, including detecting scans, blocking or slowing down scans, and misleading service and os detection.
Chapter twelve talks about “zenmap”: if you don’t like to use terminal you can simply use a graphical user interface tool which is the official nmap “gui” and you learn how to use it and how to get the command from it to write it later in terminals, whichever suits you best.
Chapter thirteen describes the output of nmap and teaches you how to control the output format, enable packet tracing, and grep something from the output.
Chapter fourteen describes nmap’s data files, including the version and os detection databases. Chapter fifteen is a comprehensive reference guide for nmap.
Finally, i surely recommend buying or renting the book, in my opinion it is totally worth it.
About The Author
Ahmed Mohamed, Hacking15 Founder, Curriculum Developer @ Free Schools Egypt