Nmap in the Enterprise
Your Guide to Network ScanningBy
- Angela Orebaugh, Washington, D.C. Senior Scientist in the Advanced Technology Research Center, Sytex, Inc., Washington, DC, USA
- Becky Pinkard
Nmap, or Network Mapper, is a free, open source tool that is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals to scan corporate networks, looking for live hosts, specific services, or specific operating systems. Part of the beauty of Nmap is its ability to create IP packets from scratch and send them out utilizing unique methodologies to perform the above-mentioned types of scans and more. This book provides comprehensive coverage of all Nmap features, including detailed, real-world case studies.
Network administrators, security professionals, penetration testers, and digital forensic investigators
Paperback, 264 Pages
Published: February 2008
- Chapter 1: Introducing Network Scanning. This chapter will cover the fundamentals of network scanning and how it works and why it is used. It will also include the necessary TCP/IP and networking background for a beginning user.Chapter 2: Introducing Nmap. This chapter will provide an overview of the nmap tool including the main features, basic functionality, history, and other resources. This chapter will also cover the uses of nmap such as security auditing, policy compliance testing, network inventory, and asset management.Chapter 3: Using Nmap. This chapter will cover downloading and installing nmap and cover its basic usage including command line options for scanning techniques, ping options, OS fingerprinting, logging, and other options. It should also include a section on Windows only options.Chapter 4: Fingerprinting with Nmap. This chapter will cover the fundamentals of operating system fingerprinting and version detection. It will provide details on how nmap performs fingerprinting. This chapter will also include related tools such as IP Personality and Morph that are used to defeat nmap fingerprinting.Chapter 5: Detection and Evasion with Nmap. This chapter will provide an overview of the methods used to detect nmap scans, such as Snort signatures. It will also cover Nmap evasion techniques that are used to evade detection.Chapter 6: Scanning in the Real World. This chapter will provide several examples of nmap scanning and the results of the scan. It will be written so the user can follow along as if he/she is performing the scan, thus mimicking a real life scenario or lab work. A good example to include would be using nmap to audit a firewall.Chapter 7: Tooling Around with Nmap. This chapter will cover a variety of tools that either use nmap or work with nmap to perform various network and security-related functionality. Tools may include Remote nmap (Rnmap), Bilbo, NDiff, nlog, Sawmill, and Nmap-Parser.