Nmap and history of Nmap

You are here: SecurityOwned Home » Penetration Testing Toolkit » Nmap » Nmap and history of Nmap

1Jun/090

Nmap, or Network Mapper, is a free, open source tool that is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals to scan enterprise networks, looking for live hosts, specific services, or specific operating systems.

Part of the beauty of Nmap is its ability to create IP packets from scratch and send them out utilizing unique methodologies to perform the above-mentioned types of scans and more. In addition, Nmap comes with command-line or GUI functionality and is easily installed on everything from Unix and Windows to Mac OS X. Installation requirements are dependent on the Nmap version you are installing and consist mainly of network library dependencies specific to that version.

In the grand scheme of things, Nmap is a relative newcomer to the world at the tender young age of 10 years old. However, in Internet-parlance, Nmap is practically a great-grandfather. The application was originally released to the world in September of 1997 via an article Fyodor posted in Phrack article. His article included the entire source code for the application, including all his code comments, interesting variables, and error messages:

/* gawd, my next project will be in c++ so I don't have to deal with this crap ...simple linked list implementation */

to:

struct in_addr bullshit, bullshit2;

and:

if (gethostname(myname, MAXHOSTNAMELEN) || !(myhostent = gethostbyname(myname))) fatal("Your system is fucked up.n");

and:

if (portarray[i] > 1023) { fprintf(stderr, "Your ftp bounce server sucks, it won't let us feed bogus ports!n");
exit(1);

As Nmap gained followers and began drawing more and more interest, Fyodor was launched into geek fame, developer-style. The proof of Nmap's fame was enforced by the use of Fyodor's application in one of the most innovative movies of all times: The Matrix. In the sequel, The Matrix Reloaded, one of the main characters whips out a laptop, executes a perfect example of an Nmap port scan, and then proceeds to follow it up with an SSH-based exploit.

nmap on the martix

Nmap on the matrix

Nmap was created with thoughts of firewall subversion and has always been very good at staying abreast of network and operating systems updates that impact the scanning capabilities of the tool. Fyodor has actually come under verbal attack from many administrators for continuing to refine and include evasive measures in the application In Nmap's defense, Fyodor's stance has always been in support of the administrator. In documentation and forum postings submitted by Fyodor, he describes the necessity for administrators to stay one step ahead of attackers. His opinion is that an attacker will find a way to scan your network, so why shouldn't you? As an example of trying to stay ahead of the challenges, halfway through 2004 Microsoft introduced certain changes to their XP operating system with Service Pack (SP) 2 that impacted the way raw sockets could be constructed. Since Nmap requires the ability to create and manipulate raw sockets to produce and send packets, this created a huge impact for the Windows XP version of the tool. Fyodor and developers working with him on Nmap reported on all the changes and then promptly began coding an XP SP2-specific release of Nmap in order to work around the constraints imposed by Microsoft. This type of response had been previously duplicated when Fyodor discovered that many IDS tools started creating signatures to detect Nmap scans based on timing and patterns utilized by the various scan types. In order to defeat this, he introduced new timing capabilities and types of scans, including the capability to fragment packets, spoof source addresses, and craft packet options.