Nmap - Welcome to the Matrix
key review info
- Application: Nmap 4.01
- Reviewed on:
- Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
- (5 more, see all...)
Nmap is a well known tool for security auditing. I am choosing to present this software because it installs very easy, it also has a frontend and with minimum effort gives the best result. Using Nmap in a black console with green fonts can make you look smart even though it is one of the easiest software available. Now let's see what it does!
Nmap was designed to rapidly scan large networks and for this reasons it is commonly used for security audits and for network inventory. Most of the time I use it on a single host. It allows me to see what types of services a host is using. You can imagine that when scanning a large network it is pretty impressive when all the host appear and for each one information like the OS that is running, services and the version of that service, what firewall is used, etc. Knowing this stuff is very important because some older services might have known security holes and bad crackers could harm that machine. Knowing this you can update to the latest version and the danger will decrees a lot. This is also applies to the OS version and the firewall type.
I'm not going to explain what ports are because if you read this review you should already know this. It's common sense Internet knowledge, similar to knowing why cars have wheels. In my opinion, the most interesting info is about ports. Detected ports are displayed in a table. For every detected port is listed the port number, the protocol, its state, the name of that service and its version. Let's talk a little about the state. It can be open, closed, filtered or unfiltered. Open means that the service on the server is listening for connections or packets on that port. Closed ports don't have a service that listens. Filtered means that on that machine there is a firewall that blocks Nmap and it can't decide if the port is opened or closed. Nmap classifies ports as unfiltered when they are responsive to Nmap's probes, it cannot determine whether they are open or closed. I have never encountered this in a real live situation. Usually the state of ports is opened or closed and sometimes filtered.
On the website it is stated that Nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses. I like that I can use it to find a MAC address and reverse DNS is really useful to me. When it comes to OS guesses all I can say is that it is as trustworthy as a gypsy that 'sees' in a globe. It's not just a problem of Nmap. Even expensive enterprise class software can't do it very good.
The console Nmap
Here is where all the magic happens. To first have a list of parameters just type nmap in a console. At the bottom of the mini-help there are some examples. If basic Nmap functionality is enough for you, type nmap followed by the name or IP of the host you want to scan. As I said before this software makes you look smart and the console interesting.
The frontend is useful if you are new with Nmap and if you don't like the console. You can easily use it to pass different pre-configured parameters to Nmap without remembering any command. The frontend really comes in help to newbies and it actually provides a very comprehensive set of options. One of the best things is that it highlights some of the info in colors to be read easier. If you don't like the default frontend, go to the insecure.org website and at projects related to Nmap are also some alternative frontends and some other cool stuff. A very different frontend is Knmap.
What more can you ask for?! I guess in console nothing else can be displayed.... but in the frontend a link to vulnerabilities available on that version would be nice! Expensive software has this feature, but hey, Nmap is free and small. I like good, free and small software.
I like Nmap because of many reasons. First of all it is powerful enough to satisfy most people's needs. It is easy to install and easy to use. I also like that it is one of the smallest software of its kind (0.6 MB) and can be easily deployed in mini distributions. Nmap is one of the best software for security auditing and it can definitely be a good starting point for people who want to dig a little into security.
I really can't think of something bad about Nmap. It is not bad. It is good, very good. It's Nmap. Maybe it lacks a very cool frontend to show its value.
The truth is that sometimes Nmap can really prevent disasters, but most of the time is just plain fun software to use. I guess you already realized that this is also one of the favorite tools of crackers. I hope you will also realize that is better to fight for the good side.