Nmap

In this lesson, we will look at Nmap and how it can be used to take an inventory of the network.

We’ll start our discussion of network inventorying with Nmap. This is the simplest, easiest-to-install option we have. Nmap is a versatile open-source network-scanning tool. We’ll just cover the basics of using it for putting together a network inventory.

Nmap can be installed on Linux or Mac by using the standard package managers. The Nmap maintainers also provide Windows binaries. The Nmap website provides detailed installation and usage instructions, and it tells you where you can buy the printed Nmap book.

Nmap uses unauthenticated scans to give us a coarse-grained picture of what’s on our network. We’ll use Nmap to detect three things about our network:

  1. What machines are on our network
  2. What ports are open on those machines
  3. What operating systems are running on those machines

The first two are fairly obvious. If a computer is on our network, it will generally respond to pings and the like. If a machine is listening on a given port, it will respond to SYN packets.

Detecting the operating system is less straightforward. Nmap can make some guesses about what operating system is running on another computer based on how that computer responds to specially crafted, nonstandard network traffic. It’s only a guess, not a guarantee. But even guesses can be useful while we’re trying to put together a network ...