You are previewing Nmap in the Enterprise Your Guide to Network Scanning.
O'Reilly logo
Nmap in the Enterprise Your Guide to Network Scanning

Book Description

Nmap, or Network Mapper, is a free, open source tool that is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals to scan corporate networks, looking for live hosts, specific services, or specific operating systems. Part of the beauty of Nmap is its ability to create IP packets from scratch and send them out utilizing unique methodologies to perform the above-mentioned types of scans and more. This book provides comprehensive coverage of all Nmap features, including detailed, real-world case studies.

. Understand Network Scanning
Master networking and protocol fundamentals, network scanning techniques, common network scanning tools, along with network scanning and policies.
. Get Inside Nmap
Use Nmap in the enterprise, secure Nmap, optimize Nmap, and master advanced Nmap scanning techniques.
. Install, Configure, and Optimize Nmap
Deploy Nmap on Windows, Linux, Mac OS X, and install from source.
. Take Control of Nmap with the Zenmap GUI
Run Zenmap, manage Zenmap scans, build commands with the Zenmap command wizard, manage Zenmap profiles, and manage Zenmap results.
. Run Nmap in the Enterprise
Start Nmap scanning, discover hosts, port scan, detecting operating systems, and detect service and application versions
. Raise those Fingerprints
Understand the mechanics of Nmap OS fingerprinting, Nmap OS fingerprint scan as an administrative tool, and detect and evade the OS fingerprint scan.
. "Tool" around with Nmap
Learn about Nmap add-on and helper tools: NDiff--Nmap diff, RNmap--Remote Nmap, Bilbo, Nmap-parser.
. Analyze Real-World Nmap Scans
Follow along with the authors to analyze real-world Nmap scans.
. Master Advanced Nmap Scanning Techniques
Torque Nmap for TCP scan flags customization, packet fragmentation, IP and MAC address spoofing, adding decoy scan source IP addresses, add random data to sent packets, manipulate time-to-live fields, and send packets with bogus TCP or UDP checksums.

Table of Contents

  1. Copyright
  2. Authors
  3. Technical Editor
  4. 1. Introducing Network Scanning
    1. Introduction
    2. What is Network Scanning?
    3. Networking and Protocol Fundamentals
      1. Explaining Ethernet
      2. Understanding the Open Systems Interconnection Model
        1. Layer 1: Physical
        2. Layer 2: Data Link
        3. Layer 3: Network
        4. Layer 4: Transport
        5. Layer 5: Session
        6. Layer 6: Presentation
        7. Layer 7: Application
      3. Carrier Sense Multiple Access/Collision Detection (CSMA/CD)
      4. The Major Protocols: IP, TCP, UDP, and ICMP
        1. IP
        2. Internet Control Message Protocol
        3. TCP
          1. The TCP Handshake
          2. TCP Sequence
        4. UDP
    4. Network Scanning Techniques
      1. Host Discovery
      2. Port and Service Scanning
      3. OS Detection
      4. Optimization
      5. Evasion and Spoofing
    5. Common Network Scanning Tools
    6. Who Uses Network Scanning?
    7. Detecting and Protecting
    8. Network Scanning and Policy
    9. Summary
    10. Solutions Fast Track
      1. What is Network Scanning?
      2. Networking and Protocol Fundamentals
      3. Network Scanning Techniques
      4. Common Network Scanning Tools
      5. Who Uses Network Scanning?
      6. Detecting and Protecting
      7. Network Scanning and Policy
    11. Frequently Asked Questions
  5. 2. Introducing Nmap
    1. Introduction
    2. What is Nmap?
      1. History of Nmap
      2. Nmap Features
      3. Nmap’s User Interface
      4. Additional Nmap Resources
    3. Using Nmap in the Enterprise
      1. Using Nmap for Compliance Testing
      2. Using Nmap for Inventory and Asset Management
      3. Using Nmap for Security Auditing
      4. Using Nmap for System Administration
    4. Securing Nmap
      1. Executable and End-User Requirements
      2. System Environment
      3. Security of scan results
    5. Optimizing Nmap
    6. Advanced Nmap Scanning Techniques
    7. Summary
    8. Solutions Fast Track
      1. What is Nmap?
      2. Using Nmap in the Enterprise
      3. Securing Nmap
      4. Optimizing Nmap
      5. Advanced Nmap Scanning Techniques
    9. Frequently Asked Questions
  6. 3. Getting and Installing Nmap
    1. Introduction
    2. Getting Nmap
      1. Platforms and System Requirements
    3. Installing Nmap on Windows
      1. Installing Nmap from Windows Self-Installer
      2. Installing Nmap from the Command-line Zip files
    4. Installing Nmap on Linux
      1. Installing Nmap from the RPMs
      2. Installing Nmap RPMs Using YUM
    5. Installing Nmap on Mac OS X
      1. Installing Nmap on Mac OS X from Source
      2. Installing Nmap on Mac OS X Using MacPorts
      3. Installing Nmap on Mac OS X Using Fink
    6. Installing Nmap from Source
      1. Using the configure Script
    7. Summary
    8. Solutions Fast Track
      1. Getting Nmap
      2. Installing Nmap on Windows
      3. Installing Nmap on Linux
      4. Installing Nmap on Mac OS X
      5. Installing Nmap from Source
    9. Frequently Asked Questions
  7. 4. Using Nmap
    1. Introduction
    2. Starting Nmap Scanning
      1. Target Specification
    3. Discovering Hosts
    4. Port Scanning
      1. Basic Port Scanning
      2. Advanced Port Scanning
      3. Specifying Ports
    5. Detecting Operating Systems
    6. Detecting Service and Application Versions
    7. Other Scanning Options
      1. Nmap Scripting Engine
      2. Performance and Optimization
      3. Evasion and Spoofing
      4. Output Logging
      5. Miscellaneous
    8. Summary
    9. Solutions Fast Track
      1. Starting Nmap Scanning
      2. Discovering Hosts
      3. Port Scanning
      4. Detecting Operating Systems
      5. Detecting Service and Application Versions
      6. Other Scanning Options
    10. Frequently Asked Questions
  8. 5. Using Zenmap
    1. Introduction
    2. Running Zenmap
    3. Managing Zenmap Scans
    4. Building Commands with the Zenmap Command Wizard
    5. Managing Zenmap Profiles
    6. Managing Zenmap Results
    7. Summary
    8. Solutions Fast Track
      1. Running Zenmap
      2. Managing Zenmap Scans
      3. Building Commands with the Zenmap Command Wizard
      4. Managing Zenmap Profiles
      5. Managing Zenmap Results
    9. Frequently Asked Questions
  9. 6. Nmap OS Fingerprinting
    1. Introduction
    2. What is OS fingerprinting?
    3. The Mechanics of Nmap OS Fingerprinting
    4. Nmap OS Fingerprint Scan as an Administrative Tool
      1. Nmap to the Rescue! Tool for Crisis?
      2. Saving Hard Money with the Nmap OSFS
      3. Security Audits and Inventory
      4. H4x0rz, Tigers and Bears...Oh MY!
      5. Detecting and Evading the OS Fingerprint Scan
        1. Morph and IP Personality
        2. Honey Pots
    5. Summary
    6. Solutions Fast Track
      1. What is OS Fingerprinting?
      2. The Mechanics of Nmap OS Fingerprinting
      3. Nmap OSFS as an Administrative Tool
      4. Detecting and Evading the OS Fingerprinting Scan
    7. Frequently Asked Questions
  10. 7. Tooling Around with Nmap
    1. Introduction
    2. NDiff–Nmap Diff
      1. Source and Install
      2. Example Usage
    3. RNmap–Remote Nmap
      1. Source and Install
      2. Example Usage
    4. Bilbo
      1. Source and Install
      2. Example Usage
    5. Nmap-Parser
      1. Source and Install
      2. Example Usage
    6. Summary
    7. Solutions Fast Track
      1. NDiff–Nmap Diff
      2. RNmap–Remote Nmap
      3. Bilbo
      4. Nmap-Parser
    8. Frequently Asked Questions
  11. 8. Nmap Scanning in the Real World
    1. Introduction
    2. Detecting Nmap on your Network
      1. TCP Connect Scan
      2. SYN Scan
      3. XMAS Scan
      4. Null Scan
    3. Discovering Stealthy Scanning Techniques
      1. Nmap Fragment Scan
      2. Nmap Decoys
      3. Detecting Nmap Fragment Scans
    4. Discovering Unauthorized Applications and Services
    5. Testing Incident Response and Managed Services Alerting
      1. Scanning to Test Alert Procedures
      2. Targeted Reconnaissance with Nmap
    6. Summary
    7. Solutions Fast Track
      1. Detecting Nmap on your Network
      2. Discovering Stealthy Scanning Techniques
      3. Discovering Unauthorized Applications and Services
      4. Testing Incident Response and Managed Services Alerting
    8. Frequently Asked Questions