3. INTRODUCTION
Nmap is a security scanner originally written by Gordon Lyon
used discover hosts and sevices on a computer network thus
creating a “map” of the network.
To accomplish its goals , Nmap sends specially crafted packets to
the target host and then analyzes the responses.
Nmap(“Network Mapper”) is a free and open source utility for
network exploration and security auditing.
Nmap uses raw IP packets in novel ways to determine what hosts
are available on the network, what services those services are
offering, what operating systems they are running.
4. HISTORY
Nmap was first published in September 1997, as an article in Phrack
Magazine with source code included.
With help and contributions of computer security community,
development continued.
Enhancements included operating system fingerprinting, service
fingerprinting, code rewrites, additional scan types, protocol support and
new programs that complement Nmap’s core features.
12 December 1998, Nmap 2.00 is released, including Operating System
fingerprinting.
After that, many versions of Nmap was released.
5. FEATURES
Host discovery - Identifying hosts on a network.
Port scanning – Enumerating the open ports on target hosts.
Version detection – Interrogating network services on remote devices to
determine application name and version number.
OS detection – Determine the operating system and hardware
characteristics of network devices.
Scriptable interaction with the target – using Nmap Scripting Engine and
Lua programming language.
Nmap can provide further information on targets, including reverse DNS
names, device types, and MAC addresses.
6. USES OF NMAP
Auditing the security of a device or firewall by identifying the network
connections which can be made to, or through it.
Identifying open ports on a target host in preparation for auditing.
Network inventory, network mapping, maintenance and asset
management.
Auditing the security of a network by identifying new servers.
Generating the traffic to hosts on a network.
Find and exploit vulnerabilities in a network.
7. FUTURE AND ETHICAL ISSUES
10 years plan is up in the air, nmap do have plans and guiding priorities
for the next several years. Few of them are :
o Nmap Scripting Engine
o Scanning web sites
o Web infrastructure improvements
o Online scanning web service
Nmap is a tool that can be used to discover services running on Internet
connected systems. Like any tool it could potentially be used for black hat
hacking, as a precursor to attempts to gain unauthorized access to computer
systems. Nmap is more often used by security and systems administration to
assess networks for vulnerabilities. In some jurisdictions, unauthorized port
scanning is illegal.