You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The ultimate guide to Nmap<br />
Besides working on the new release of Nmap,<br />
Fyodor also took the time to write an allembracing<br />
book - "Nmap <strong>Net</strong>work Scanning:<br />
The Official Nmap Project Guide to <strong>Net</strong>work<br />
Discovery and <strong>Security</strong> Scanning."<br />
(bit.ly/11NNXu)<br />
From explaining port scanning basics for novices<br />
to detailing low-level packet crafting<br />
methods used by advanced hackers, this<br />
book suits all levels of security and networking<br />
professionals. It comes out at 468 pages<br />
and it's a no-brainer if you're serious about<br />
Nmap.<br />
A look to the future<br />
Since Nmap is one of those projects with a<br />
huge user-base and very dedicated developers,<br />
it's only natural for the community to constantly<br />
ask for new features and fixes. When<br />
talking about future versions, Fyodor noted:<br />
"We're already back at work developing new<br />
features and applications for the Nmap suite.<br />
These include a high speed network authentication<br />
cracker named Ncrack and a tool<br />
named Nping for exploring and troubleshooting<br />
networks by sending many types of raw<br />
packets and monitoring the responses. We're<br />
also expanding our Nmap Scripting Engine to<br />
inspect web servers more deeply and discover<br />
more vulnerabilities in them."<br />
Every now and then, someone wonders if there will be a commercial<br />
edition of Nmap somewhere down the line. This is especially<br />
important for government agencies, some enterprises<br />
and certain military groups that are prohibited from running<br />
free software.<br />
Every now and then, someone wonders if<br />
there will be a commercial edition of Nmap<br />
somewhere down the line. This is especially<br />
important for government agencies, some enterprises<br />
and certain military groups that are<br />
prohibited from running free software.<br />
Some are not excited with the idea, others<br />
would embrace it. Andrew Knapp, an Analyst<br />
with CGI says: "Commercial tools, while often<br />
easier to use and with better technical support,<br />
require more red-tape when adding features<br />
that you may find useful for your own<br />
uses and environment that the vendor might<br />
not find as important to include. I would<br />
probably just go out and find other tools that<br />
were open source with the features I was<br />
looking for."<br />
On the other hand, we have Ed Skoudis that<br />
has a different view of this hypothetical situation:<br />
"I'd certainly be open to a commercial<br />
version of Nmap, if it would provide me more<br />
or better support. I also think that a commercial<br />
Nmap would allow it to gain more use in-<br />
Mirko Zorz is the Editor in Chief of (IN)SECURE Magazine and <strong>Help</strong> <strong>Net</strong> <strong>Security</strong>.<br />
side of organizations that are forced to pay for<br />
their software."<br />
To make things official, when asked about this<br />
commercial possibility, Fyodor dispelled all<br />
myths for (IN)SECURE readers: "Nmap has<br />
been free and open source since I released it<br />
in 1997, and that isn't changing. The only<br />
companies who pay are those who can't comply<br />
with the GPL-based license and instead<br />
want to redistribute Nmap as part of their proprietary<br />
software or appliances." There you go<br />
- at least for the foreseeable future, Nmap will<br />
stay open source only, and Ed Skoudis<br />
added: "I think it is important, so that we can<br />
look under the hood and see how the tool<br />
does its work. Sometimes, when trying to<br />
glean a detailed understanding of how a given<br />
option actually functions, or to determine how<br />
a few different options may interwork in a way<br />
the documentation doesn't describe, it can be<br />
useful to review the code. Also, if there is a<br />
particular problem that causes Nmap or even<br />
a scan target to crash, having the ability to<br />
tweak the code is immensely helpful."<br />
www.insecuremag.com 23