Nmap was originally a command-line application for Unix, but a Windows version has been available since 2000. This tip looks at installing and configuring Nmap for Windows.
Although you can download and install Nmap from a zip file, the latest version requires the free WinPcap packet capture library to be installed as well. I suggest you opt for using the Nmap Windows installer, which handles WinPcap installation for you. This installer, nmap-4.01-setup.exe, can be downloaded from the insecure.org Web site at http://www.insecure.org/nmap/download.html. The installer doesn't add a shortcut to the Programs menu for Nmap as you need to run nmap.exe from a DOS command prompt, and although WinPcap does appear in the Add/Remove applet, you will need to run the uninstall program in the Nmap folder if you choose to remove Nmap at any time. The total space required for the complete installation is only 2.6Mb.
The default install directory is C:\Program Files\Nmap\ but because the installer adds Nmap to the computer's PATH environment variable, you can execute Nmap from any directory. So to run and test Nmap, open a Command Prompt window and type the following, which will scan the host scanme.insecure.org:
Nmap on Windows is not as efficient as on Unix. The connect scan (-sT) in particular is often much slower because of shortcomings in the Windows networking API. You can improve connect scan performance by double clicking the nmap_performance.reg file located in the Nmap directory, which will make three registry changes in order to increase the number of ephemeral ports reserved for applications such as Nmap, and decrease the amount of time before a closed connection can be reused. If you run in to problems running Nmap on Windows you should check for error messages in the Windows event log and then see if the problem is covered in the Nmap-dev list archives at http://seclists.org/#nmap-dev. There is also plenty of supporting documentation for Nmap at http://www.insecure.org/nmap/docs.html, and it is worthwhile subscribing to the Nmap-hackers mailing list, too.
The main advantage of Nmap being a command-line application is that it is easier to run from a script, and precise scans can be executed without having to set lots of different options. However, this can be intimidating for new and infrequent users. And although there are graphical user interfaces (GUI) available for Unix, as yet there are no stable GUIs for Windows. Fortunately, this is expected to change this year. There is no official release date, but the creator of Nmap, Fyodor, hopes to have a Windows-compatible version of NmapFE, the most popular GUI for Unix, out sometime this year. There are other cross-platform GUIs that are in development too, such as UMIT (http://umit.sourceforge.net/).
About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.
This is the second in a series of tips on how to use Nmap in an enterprise network environment. This tip originally appeared on SearchSecurity.com. This was first published in May 2006
This was first published in May 2006