Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


NMAP 5

I am generally loath to write anything about a specific version of a tool, simply because most tools change so quickly. But in this case I feel I have to make an exception. You see nmap (get it here) , the new version 5 of nmap is truly something worth writing about. For as long as I can remember nmap has been the way to do network scans, it is able to be tweaked, to be adapted to do whatever you wanted. So right now, why do I think it is worth writing about?
But even with all of that, what does it look like? Well, if you have used nmap before then the layout is fairly simple, but even if you have or have not used it before, nmap now has the -A option to make it easier..
-A: Enables OS detection and Version detection, Script scanning and Traceroute

Yep, and it works great..
#nmap -A --reason localhost

Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-04 04:39 BST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 999 closed ports
Reason: 999 resets
PORT   STATE SERVICE REASON  VERSION
22/tcp open  ssh     syn-ack OpenSSH 5.2 (protocol 2.0)
|  ssh-hostkey: 1024 dd:1f:55:e0:86:c3:5c:0b:10:dc:10:a6:49:e4:d6:f6 (DSA)
|_ 2048 b0:67:b3:b7:a8:5a:63:82:bf:92:98:34:43:d4:04:23 (RSA)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.15 - 2.6.27
Network Distance: 0 hops

Leaving aside any other options, with the new capabilities, speed-ups and reporting, using nmap to monitor your network is now exceptionally easy. Just schedule your scans across your network, use the -oX to store the results in XML and then use ndiff to see the differences. Personally I think that is great for monitoring a network baseline. And yes, there are many other ways to use it (for any number of hat colors) but I think this may be something everyone can benefit from. So go take a look, play around and be amazed.