Friday, April 27, 2012

Learning nmap


Original document from 1997 that describes why nmap was created:

http://nmap.org/nmap_doc.html
The Art of Port Scanning - by Fyodor

The above article is interesting because it illustrates some of the philosophical underpinnings of the innocuous network scanning tool and the background of where the tool came from. 

Then the main web site documentation is available here:

http://nmap.org/docs.html

Which goes into detail on how to use the tools and what the options are.

A good tutorial can be found here:

http://www.certforums.com/forums/computer-security/18698-nmap-tutorial-part-one.html


This documentation needs to be a _little_ more fleshed out.  I looked at a bug someone posted with output from the --packet-trace option whose output looks similar to this:

SENT (0.1281s) TCP 192.168.0.21:53940 > 74.207.254.18:443 S  ttl=59 id=23310 iplen=44 seq=3166348013 win=1024 <mss 1460>
RCVD (0.1440s) TCP 74.207.254.18:80 > 192.168.0.21:53940  R  ttl=53 id=0 iplen=40     seq=3166348013 win=0

And I could find nowhere an explanation of what the fields were representing.   I know a little about tcp/ip, so I know that ttl stands for time to live, iplen is the length of the ip packet, and sequence is the packet sequence number that is assigned to every packet by the sender of the packet. However I am not positive what is meant by id, win, or what the letters  'R', 'S', and 'A' represent.

If you are going to be doing much development on the software then you need to download the software and begin reading the code. 

Instructions for getting and compiling the code is here: http://nmap.org/book/install.html

For me on an Ubuntu box it is as simple as this:

svn co https://svn.nmap.org/nmap

cd nmap

./configure

make

I actually just downloaded the source tarball for the current and development versions and did the .configure;make on them and they compiled just fine.    The tarballs for source and compiled versions are available here: http://nmap.org/download.html  source is second section down.

If you are not part of the core team then you can't check changes back into the main branch.  The changes you make will just be for your own use.  If you would like you could post diffs to the main dev mailing lists for discussion and inclusion to the main code base. This nmap dev mailing list archive is here: http://seclists.org/nmap-dev/  And you can subscribe to the list here: 

And even if you were part of the core team it would probably be bad to check things in directly to the main branch without extensive testing and having things reviewed by others.

I am still in process of creating a branch to work in the main repository.   If I remember correctly creating a branch in svn is the same as making a low cost copy internally to a new location inside the svn database.   Which should be a command similar to this:

http://svnbook.red-bean.com/en/1.0/re07.html

svn copy SRC DST

Still working out exactly what the SRC and DST parts will be.  I'm thinking it will be this:


svn mkdir https://svn.nmap.org/nmap-exp/username

svn copy https://svn.nmap.org/nmap https://svn.nmap.org/nmap-exp/username/main -m "branching for username gsoc work"

and then I need to do a check out this way:

svn co https://svn.nmap.org/nmap-exp/username/main
 

I had a little scare when I created the svn directory, it defaulted to the user name on my system, I hit return and it then asked for username and password which it seems to have cached for that host, which is nice.  I had to install autoconf to get the compile to work as well.

A little page of basic svn commands is helpful: http://www.linuxfromscratch.org/blfs/edguide/chapter03.html

I am a little rusty on my source code patchs.. reading this to get re-familiarized: http://jungels.net/articles/diff-patch-ten-minutes.html

and of course man diff and man patch are your friends.

No comments:

Post a Comment