You'll find a complete description of the command-line switches in the manual (man) page for Nmap. (Nmap's UNIX man page covers the Win32 version adequately.) In addition, the Phrack Magazine article "The Art of Port Scanning," by Fyodor, September 1, 1997, offers an excellent description of the port-scanning techniques and features that Nmap uses. For these references and additional detailed information about how to use Nmap effectively, go to http://www.insecure.org/nmap/nmap_documentation.html. For a description of a sample port-scanning process, see the Web-exclusive sidebar "Basic Port Scanning in Action." (To read this sidebar, go to http://www.secadministrator.com and enter InstantDoc ID 23688.)
Getting Started with Nmap
Even if you've used port scanners before, I recommend using Nmap on a system you know to get a feel for the tool. Then, broaden the types of systems you scan as you become more comfortable with the tool's output. First, scan a few machines on your internal network to gauge how the tool reports your environment. Second, from an external IP address, scan your external network. Note how your firewall, Intrusion Detection System (IDS), and other network tools respond to your port scanning. For example, the TCP connect() scan tells Nmap to use the TCP connect() function for the scan. Most IDSs will log that function, but they won't necessarily log the half-connect TCP SYN scan function in a TCP SYN scan. Catalog the information that Nmap provides about your network for future reference. . . .
Register
