Nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There’s More Than One Way To Do It). This is the Perl slogan, but it is equally applicable to scanners. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can’t do all this with one scanning mode. And you don’t want to have 10 different scanners around, all with different interfaces and capabilities. Thus I incorporated virtually every scanning technique I know into nmap. Specifically, nmap supports:

• Vanilla TCP connect( ) scanning,

• TCP SYN (half open) scanning,

• TCP FIN, Xmas, or NULL (stealth) scanning,

• TCP ftp proxy (bounce attack) scanning

• SYN/FIN scanning using IP fragments (bypasses packet filters),

• UDP raw ICMP port unreachable scanning,

• ICMP scanning (ping-sweep)

• TCP Ping scanning

• Remote OS Identification by TCP/IP Fingerprinting

• Reverse-ident scanning

Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, and output to machine parsable or human readable log files.