June 04, 2014, 2:50 PM — You have to love nmap. No other tool is set up to give you as quick a view of your network and at so little cost. The name stands for "network mapper" and it can tell you a lot about the network you are managing, including what systems are on it, what's running on those systems, and quite a bit of services you might need to worry about. It's a very basic tool in some ways. You hand it a few command line parameters and it runs around your network making connections and reporting on what it is able to discover. Plus, it's surprisingly efficient (unless you inadvertently ask for too much information) and is easy to install and to use.
For example, you can use nmap to profile your systems -- to get an idea what's running on them, what operating system they have installed, and what vulnerabilities they might have (e.g., when you're running services that you might not want to support). While hackers often use tools like nmap in their fact finding missions -- laying out your network and looking for ways to attack your systems, you would likely use it to get an up-to-date view of what systems you might need to patch or protect, what services you are running that might require your attention (or to be shut down).
Here's an example of a "fast scan" run on a single system. Note that the scan took .164 seconds. That certainly qualifies as
$ nmap -F 192.168.0.6 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2014-06-03 19:56 EDT Interesting ports on boson (192.168.0.6): Not shown: 1229 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 143/tcp open imap 888/tcp open accessbuilder 993/tcp open imaps 995/tcp open pop3s Nmap finished: 1 IP address (1 host up) scanned in 0.164 seconds
Another scan took a little longer but, again, provides some important clues as to the nature of the system being queried.
# nmap -F 10.3.2.77 Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-04 14:05 EDT Nmap scan report for 10.3.4.5 Host is up (0.00048s latency). Not shown: 86 closed ports PORT STATE SERVICE 7/tcp open echo 9/tcp open discard 13/tcp open daytime 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 37/tcp open time 79/tcp open finger 111/tcp open rpcbind 513/tcp open login 514/tcp open shell 515/tcp open printer 587/tcp open submission 2049/tcp open nfs Nmap done: 1 IP address (1 host up) scanned in 2.33 seconds
If you work on a complex network on which the systems and the applications and services that they provide frequently change, nmap is a great tool for getting an up-to-date picture of each of your subnets. It's surprising how much can change in a month!
What you don't want to do is scan every system and every possible port. There are, after all, as many as 65,536 ports on your systems.
flickr / Karoly Czifra