Monitoring network integrity with Nmap
The best tool for network scanning, also known as port scanning, is the open-source Nmap. Because of the sensitive nature of this tool -- improper use can shut down entire networks -- I recommend against downloading a binary distribution of this tool unless absolutely necessary. The source code is very clean, and if you've never compiled anything before, it's a good utility to start with.
Nmap performs all sorts of network scans, from simple ping scans to see what hosts on a network are "alive" to more advanced scans by protocol and packet type. It's even possible to distribute scans across multiple hosts to hide your true identity. Nmap is clearly designed to enable rapid pinpointing of hosts vulnerable to attack, and that's exactly its strength -- and the source of much criticism in the security community.
By James Ervin at Cert Cities.
[ Read more ]
- Software: Nmap
- Article: Analysis of Remote Active Operating System Fingerprinting Tools (4 June 2003)
- Article: A practical approach for defeating Nmap OS-Fingerprinting (11 March 2003)
- Article: Host Discovery with nmap (12 November 2002)