7.15 Using Nmap 229
Chapter 7
problems. Further, as network resources increase in size and as more users
consume network resources and abuse the network in various ways, virus
infiltration and spread, worms, and other network contaminants that
would negatively affect the performance of the network and the systems on
it become an all-too-real probability.
Some computing sites, due to the nature of their business, require con-
tinual network monitoring. Other sites require network security monitor-
ing due to information access reporting laws, audit requirements,
guarantees of access (ensuring that only the proper entity is accessing the
proper items), protection of competitive information, laws requiring the
guarantee of restricted access to personal information, general electronic
security (e.g., e-mail access, document transfer), electronic funds exchange,
monitoring of exchange or transaction data volume between systems, and
many other items related to the security issue. Regardless of the purpose for
such monitoring needs, it all begins at the perimeter (i.e., routers and fire-
walls). Now, let’s take a look at what is necessary in an audit of a router. For
our purposes, we will be discussing the use of Cisco™ routers.
7.15 Using Nmap
Nmap (“Network Mapper”) is an open source utility for network explora-
tion or security auditing. It was designed to rapidly scan large networks,
although it works fine against single hosts. Nmap uses raw IP packets in
novel ways to determine what hosts are available on the network, what ser-
vices (ports) they are offering, what operating system (and OS version)
they are running, what type of packet filters/firewalls are in use, and doz-
ens of other characteristics. Nmap runs on most types of computers, and
both console and graphical versions are available. Nmap is free software,
available with full source code under the terms of the GNU General Public
License (GPL).
7.15.1 What Is NLog?
NLog is a set of scripts written in the PERL scripting language for manag-
ing and analyzing Nmap log files (Nmap Version 2.0 and above). NLog
allows one to keep all of their scan logs in a searchable database. The CGI
interface for viewing your scan logs is completely customizable and easy to
modify and improve. The core CGI script allows you to add your own
extension scripts for different services, so all hosts with a certain service run-
ning will have a hyperlink to the extension script.