3 Comments for Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

• 1. Zuriel  |  October 28th, 2009 at 8:30 am

  Earlier this year Fyodor sent me a pre-publication review copy of his new self-published book, Nmap Network Scanning (NNS). I had heard of Fyodor’s book when I wrote my 3 star review of Nmap in the Enterprise in June, but I wasn’t consciously considering what could be in Fyodor’s version compared to the Syngress title. Although the copy I read was labelled “Pre-Release Beta Version,” I was very impressed by this book. Now that I have the final copy (available from Amazon) in my hands, I am really pleased with the product. In short, if you are looking for *the* book on Nmap, the search is over: NNS is a winner.

  I’ve reviewed dedicated “tool” books before, including titles about Snort, Nessus, and Nagios. NNS dives into the internals of Nmap unlike any other title I’ve read. Without Nmap author Fyodor as the author, I think any competitor would need to have thoroughly read the source code of the application to have a chance at duplicating the level of detail Fyodor includes in NNS.

  Instead of just describing how to use Nmap, Fyodor explains how Nmap works. Going even further, he describes the algorithms used to implement various tests, and why he chose those approaches. The “Idle Scan Implementation Algorithsm” section in Ch 5 is a great example of this sort of material. I will probably just refer students of my TCP/IP Weapons School class to this part of NNS when we discuss the technique!

  One of the best parts of NNS, mentioned but explained in no other text, is the Nmap Scripting Engine (NSE). Ch 9 is all about NSE, with a brief intro to Lua and excellent documentation of using and building upon NSE. Beyond this groundbreaking material readers will find many examples of Nmap case studies from users. This and other sections help make NNS a practical book, showing how people use Nmap in their environments for a variety of purposes.

  If you use Nmap, for any reason, you should buy this book. Everyone (except author Fyodor) will learn something about network reconnaissance from this text.

• 2. Yue yan  |  October 28th, 2009 at 8:57 am

  Having the privilege of reviewing draft copies of this book over the past couple years, I think it will quickly become required reading for network engineers, system administrators, and anyone working in the computer security arena.

  Fyodor, the developer of nmap, is the obvious choice to author a book on his project. This book, however, goes well beyond an expanded “man page” for the premier port scanning tool. Fyodor gives an insightful overview of TCP/IP (including some really beautiful graphs of IP headers). He also shows how to use nmap for network monitoring, to gain a better understanding of networks, and to test firewalls.

  Consider this book a Rorschach test of sorts. If you want to learn how to inventory your network gear, this book has an answer. If you want to learn how to bypass firewalls and IDS, this book will help. If you need to test network security, this book will be required reading.
  I have been using nmap for nearly a decade and there were still some great tips and tricks that I found for the first time in these pages.

  Thanks for the effort Fyodor.

• 3. Avis  |  October 28th, 2009 at 11:05 am

  Lyon’s book is not for the casual nmap user. By that I refer to perhaps a sysadmin wondering if any of her systems are secure and just needs a quick run with nmap [and other tools] across her network. Instead, the book is an extensive discussion about the full capabilities of nmap. Since Lyon is the author of nmap, this book should be taken as authoritative. It goes far beyond the user manuals and guides that you might find on the net.

  The book also has comparative assessments of other network diagnostic tools, like scanrand. One of the merits of the text is this analysis. Usually, if not invariably, the remarks point up deficiencies in those tools, vis a vis nmap. I don’t know enough about the tools and nmap to tell if these are accurate. But the arguments do appear logical enough. Typically, most tool guides describe only the tool itself. Rarely do they compare it to other alternatives. Leaving the hapless sysadmin to assess from scratch, or to surf the web looking for reliable commentary that has comparisons.

  Another reason for getting this book is if you intend to improve nmap or improve on it with another product. Sure, nmap is open source. But studying the innards of a large code package can be difficult. The nmap user manuals are at the user level, and not for programmers who want to understand the actual workings of source code. This book has detailed explanations of crucial algorithms used by nmap. You can use these to better follow the code.

Leave a Comment for Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Trackback this post  |  Subscribe to the comments via RSS Feed