Get the LinuxSecurity news you want faster with RSS
Powered By
Open Source Tool of February: Nmap!
Posted by Ryan Berens
This February, the team at Linuxsecurity.com has chosen NMAP as the Open Source Security Tool of the Month!
In January, we chose GnuPG in part because it had just celebrated its 10th anniversary. Well, it wasn't alone. As of this past December Nmap ("Network Mapper"), the free and open source utility for network exploration and auditing, celebrated its 10th Anniversary as well! And because of its popularity, chances are very good that you've already used NMAP for quite some time. Even if you have, it's always good to take a look at how it all got started and what it's all about...
What has really made NMAP such a staple of network security configuration is that its capability was the result such a strong communal need. As is the case with so many open source projects, NMAP followed a path that really mimics "necessity is the mother of invention."
As huge networks began to take shape, as the Internet took its hold within businesses and schools, and as users everywhere started to understand and protect their network, a similar story kept popping up: 'I need to know the information is passing between my network and the Internet and I have to track X ports on X machines to do it.' So how many is X? A number that screams "I need something heavy-duty and automated."
And so it was in 1997, while fulfilling the role of TA at Johns Hopkins University, that its creator Fyodor was presented with a dorm room, access to a large network and some insufficient tools. Some of them did one job. Some did another. And yet, even after modifications, none of them (Strobe, Reflscan or UDP) really seemed to do what was needed. So, during the summer of that year he hacked together a robust scanning tool and that September, the first official version of NMAP was released. It was gloriously received by users around the world; which, by community standards, equates to a huge influx of bug fixes, ideas and suggestions on how you should take your code and start again. (Of course, this is what the community is all about – people coming together to make things better).
(Visit Searchsecurity.com for a recent interview Fyodor did regarding the anniversary).
As a result, NMAP has grown to become the equivalent of a hammer in the tool belt of the average administrator and developer. So we can't say enough about the utility of this tool and what's more, how much it has evolved from just a simple port scanner.
Its capability has grown to provide not only scanning for active and passive services on a variety of hosts but can now define the type of OS, device type, uptime, software product used to run a service, exact version number of the product, presence of firewall techniques and even the vendor of the remote network(LAN). It's also been written for use on nearly every operating system including Linux, Windows, Mac, Free/Open BSD, Solaris and many others.
Some of the newest enhancements for version 4.5 also include a new traceroute feature, a new OS fingerprinting engine, the addition of the ZeNmap GUI, the new port disposition explanations, a new scripting engine and a whole lot more. If you're curious, here's a very useful video tutorial of NMAP, so if you want to learn more, check it out:
For the month of February, make sure to look out for howto's and articles on other great resources on one of the open source community's most useful security tools: Nmap!
