Full Disclosure mailing list archives
RE: nmap: the definitive guide
From: "y0himba" <y0himba () technolounge org>
Date: Wed, 12 Oct 2005 10:35:17 -0400
Seconded. If we get a third we can shoot him. Now, weapon of choice? -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of phased Sent: Wednesday, October 12, 2005 10:27 AM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] nmap: the definitive guide ARG HTML SHOOT HIM -----Original Message----- From: hasklej () aol com To: full-disclosure () lists grok org uk Date: Wed, 12 Oct 2005 10:06:24 -0400 Subject: [Full-disclosure] nmap: the definitive guide
the next fyodor's book is for sale come on #seksonline at irc.gigachat.net here the sommaire of th book ! <HTML<HEAD <TITLE Nmap Security Scanner: The Definitive Guide</TITLE <METANAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="NEXT" TITLE="Preface" HREF="preface.html"></HEAD<BODYCLASS="book" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF"<!--#include virtual="/templates/standard_body_top.html" --><DIVCLASS="BOOK"<ANAME="nmapguide"</A <DIVCLASS="TITLEPAGE"<H1CLASS="title"<ANAME="nmapguide"</A Nmap Security Scanner: The Definitive Guide</H1 <H3CLASS="author"<ANAME="AEN7"</A Fyodor </H3 <H4CLASS="EDITEDBY"Edited by</H4 <H3CLASS="editor"</H3 <HR></DIV <DIVCLASS="TOC"<DL <DT <B Table of Contents</B </DT <DT <AHREF="preface.html"Preface</A </DT <DD <DL <DT <AHREF="preface.html#foreword"Foreword</A </DT <DT <AHREF="whats-inside.html"What's Inside</A </DT <DT <AHREF="style-conventions.html"Style Conventions</A </DT <DT <AHREF="preface-examples.html"Examples</A </DT <DT <AHREF="preface-comments.html"Comments and Questions</A </DT <DT <AHREF="acknowledgements.html"Acknowledgments</A </DT </DL </DD <DT 1. <AHREF="nmap-demos.html"Getting Started with Nmap</A </DT <DD <DL <DT <AHREF="nmap-demos.html#AEN51"Introduction</A </DT <DT <AHREF="nmap-overview-and-demos.html"Nmap overview and demonstration</A </DT <DD <DL <DT <AHREF="nmap-overview-and-demos.html#AEN68"Avatar Online</A </DT <DT <AHREF="nmap-overview-and-demos.html#AEN181"Saving the Human Race</A </DT <DT <AHREF="nmap-overview-and-demos.html#madhat-story"MadHat in Wonderland</A </DT </DL </DD <DT <AHREF="legal-issues.html"Legal issues</A </DT <DD <DL <DT <AHREF="legal-issues.html#AEN242"Is unauthorized port scanning a crime?</A </DT <DT <AHREF="legal-issues.html#AEN318"Can port scanning crash the target computer/networks?</A </DT <DT <AHREF="legal-issues.html#AEN340"Misc: Copyright, license, (lack of) warranty, export controlinformation</A</DT </DL </DD </DL </DD <DT 2. <AHREF="nmap-install.html"Obtaining, Installing, and Removing Nmap</A </DT <DD <DL <DT <AHREF="nmap-install.html#AEN379"Introduction</A </DT <DD <DL <DT <AHREF="nmap-install.html#AEN382"Testing whether Nmap is already installed</A </DT <DT <AHREF="nmap-install.html#AEN400"Verifying the integrity of Nmap downloads</A </DT <DT <AHREF="nmap-install.html#nmap-interfaces"Command-line and graphical interfaces</A </DT </DL </DD <DT <AHREF="install-source.html"UNIX Compilation andinstallation from source code</A</DT <DD <DL <DT <AHREF="install-source.html#AEN475"Configure directives</A </DT <DT <AHREF="install-source.html#AEN546"If you encounter compilation problems</A </DT </DL </DD <DT <AHREF="install-linux.html"Linux Distributions</A </DT <DD <DL <DT <AHREF="install-linux.html#AEN582"RPM-based distributions (Red Hat, Mandrake, Suse, Fedora)</A </DT <DT <AHREF="install-linux.html#AEN605"Debian Linux</A </DT <DT <AHREF="install-linux.html#AEN611"Gentoo Linux</A </DT <DT <AHREF="install-linux.html#AEN615"Other Linux distributions</A </DT </DL </DD <DT <AHREF="install-windows.html"Windows</A </DT <DD <DL <DT <AHREF="install-windows.html#AEN635"Command line .zip binaries</A </DT <DT <AHREF="install-windows.html#nmap-intro-nmapwin"Nmapwin</A </DT <DT <AHREF="install-windows.html#AEN713"Compile from source code</A </DT </DL </DD <DT <AHREF="install-solaris.html"Sun Solaris</A </DT <DT <AHREF="install-macosx.html"Apple Mac OS X</A </DT <DT <AHREF="install-bsd.html"FreeBSD / OpenBSD / NetBSD</A </DT <DD <DL <DT <AHREF="install-bsd.html#AEN804"OpenBSD binary packages and source ports instructions</A </DT <DT <AHREF="install-bsd.html#AEN832"FreeBSD binary package and source ports instructions</A </DT <DT <AHREF="install-bsd.html#AEN852"NetBSD binary package instructions</A </DT </DL </DD <DT <AHREF="install-other-platforms.html"Amiga, HP-UX, IRIX, and Other Platforms</A </DT <DT <AHREF="install-zaurus-pda.html"[RECIPE] Installing Nmap on a PDA</A </DT <DD <DL <DT <AHREF="install-zaurus-pda.html#AEN902"Installing Nmap on the Zaurus</A </DT <DT <AHREF="install-zaurus-pda.html#AEN947"Using Nmap and NmapFE on the Zaurus</A </DT </DL </DD <DT <AHREF="removing-nmap.html"Removing Nmap</A </DT </DL </DD <DT 3. <AHREF="host-enumeration.html"Host Enumeration ("Ping Scanning")</A </DT <DD <DL <DT <AHREF="host-enumeration.html#host-enumeration-intro"Introduction</A </DT <DT <AHREF="host-enumeration-specify-targets.html"Specifying Target Hosts and Networks</A </DT <DT <AHREF="host-enumeration-controls.html"Host Enumeration Controls</A </DT <DD <DL <DT <AHREF="host-enumeration-controls.html#AEN1005"List Scan (<TTCLASS="option"-sL</TT )</A </DT <DT <AHREF="host-enumeration-controls.html#AEN1021"Ping Scan (<TTCLASS="option"-sP</TT )</A </DT <DT <AHREF="host-enumeration-controls.html#host-enum-p0"Disable Ping (<TTCLASS="option"-P0</TT )</A </DT </DL </DD <DT <AHREF="host-enumeration-techniques.html"Host EnumerationTechniques</A</DT <DD <DL <DT <AHREF="host-enumeration-techniques.html#AEN1060"TCP SYN Ping (<TTCLASS="option"-PS[portlist]</TT )</A </DT <DT <AHREF="host-enumeration-techniques.html#AEN1077"TCP ACK Ping (<TTCLASS="option"-PA[portlist]</TT )</A </DT <DT <AHREF="host-enumeration-techniques.html#AEN1101"UDP Ping (<TTCLASS="option"-PU[portlist]</TT )</A </DT <DT <AHREF="host-enumeration-techniques.html#AEN1111"ICMP Ping Types (<TTCLASS="option"-PE</TT , <TTCLASS="option"-PP</TT , and <TTCLASS="option"-PM</TT )</A </DT <DT <AHREF="host-enumeration-techniques.html#AEN1124"Default Combination (<TTCLASS="option"-PB</TT )</A </DT <DT <AHREF="host-enumeration-techniques.html#AEN1131"ARP Scan (<TTCLASS="option"-P?</TT )</A </DT </DL </DD <DT <AHREF="host-enumeration-strategies.html"Putting it All Together: Host Enumeration Strategies</A </DT <DD <DL <DT <AHREF="host-enumeration-strategies.html#AEN1138"Related Options</A </DT <DT <AHREF="host-enumeration-strategies.html#AEN1225"Choosing and Combining Ping Options</A </DT </DL </DD <DT <AHREF="host-enumeration-find-ips.html"Finding an Organization's IP addresses to Scan</A </DT <DT <AHREF="host-enumeration-algorithms.html"Host Enumeration Code Algorithms</A </DT </DL </DD <DT 4. <AHREF="port-scanning.html"Port Scanning Overview</A </DT <DD <DL <DT <AHREF="port-scanning.html#port-scanning-intro"Introduction to Port Scanning</A </DT <DD <DL <DT <AHREF="port-scanning.html#port-scanning-port-intro"What exactly is a port?</A </DT <DT <AHREF="port-scanning.html#port-scanning-what-is-it"What is port scanning?</A </DT <DT <AHREF="port-scanning.html#port-scanning-why"Why scan ports?</A </DT </DL </DD <DT <AHREF="port-scanning-tutorial.html"A Quick Port Scanning Tutorial</A </DT <DT <AHREF="port-scanning-options.html"Command-line flags</A </DT <DD <DL <DT <AHREF="port-scanning-options.html#port-scanning-options-scantypes"Selecting scan techniques</A </DT <DT <AHREF="port-scanning-options.html#port-scanning-options-ports"Selecting ports to scan</A </DT <DT <AHREF="port-scanning-options.html#port-scanning-options-timing"Timing-related options</A </DT <DT <AHREF="port-scanning-options.html#port-scanning-options-output"Output format and verbosity options</A </DT <DT <AHREF="port-scanning-options.html#port-scanning-options-firewall-ids-ev asi on"Firewall and IDS evasion options</A </DT <DT <AHREF="port-scanning-options.html#port-scanning-options-targets"Specifying targets</A </DT <DT <AHREF="port-scanning-options.html#port-scanning-options-misc"Miscellaneous options</A </DT </DL </DD <DT <AHREF="port-scanning-ipv6.html"IPv6 Scanning [<TTCLASS="option"-6</TT ]</A </DT <DT <AHREF="recipe-find-open-port.html"[RECIPE] Scanning a large network for a certain open TCP port</A </DT <DD <DL <DT <AHREF="recipe-find-open-port.html#AEN1811"Problem</A </DT <DT <AHREF="recipe-find-open-port.html#AEN1814"Solution</A </DT <DT <AHREF="recipe-find-open-port.html#AEN1836"Discussion</A </DT <DT <AHREF="recipe-find-open-port.html#AEN1899"See Also</A </DT </DL </DD </DL </DD <DT 5. <AHREF="scan-methods.html"Port Scanning Techniques and Algorithms</A </DT <DD <DL <DT <AHREF="scan-methods.html#scan-methods-intro"Introduction</A </DT <DT <AHREF="scan-methods-syn-scan.html"TCP SYN (Stealth) Scan</A </DT <DT <AHREF="scan-methods-connect-scan.html"TCP Connect() Scan</A </DT <DT <AHREF="scan-methods-udp-scan.html"UDP Scan</A </DT <DD <DL <DT <AHREF="scan-methods-udp-scan.html#AEN2130"Disambiguating open from filtered UDP ports</A </DT <DT <AHREF="scan-methods-udp-scan.html#scan-methods-udp-optimizing"Speeding up UDP scans</A </DT </DL </DD <DT <AHREF="scan-methods-null-fin-xmas-scan.html"TCP Null, FIN, and Xmas Scans</A </DT <DT <AHREF="scan-methods-custom-scanflags.html"Custom scan types with <TTCLASS="option"--scanflags</TT </A </DT <DD <DL <DT <AHREF="scan-methods-custom-scanflags.html#scan-methods-custom-synfin"Custom SYN/FIN scan</A </DT <DT <AHREF="scan-methods-custom-scanflags.html#scan-methods-custom-psh"PSH scan</A </DT </DL </DD <DT <AHREF="scan-methods-ack-scan.html"TCP ACK Scan</A </DT <DT <AHREF="scan-methods-window-scan.html"TCP Window Scan</A </DT <DT <AHREF="scan-methods-maimon-scan.html"TCP Maimon Scan</A </DT <DT <AHREF="scan-methods-idle-scan.html"TCP Idle Scan</A </DT <DD <DL <DT <AHREF="scan-methods-idle-scan.html#scan-methods-idle-scan-finding-zombies"Finding a working idle scan zombie host</A </DT <DT <AHREF="scan-methods-idle-scan.html#scan-methods-idle-scan-execution"Executing an Idle scan</A </DT <DT <AHREF="scan-methods-idle-scan.html#scan-methods-idle-scan-algorithms"Idle scan implementation algorithms</A </DT </DL </DD <DT <AHREF="scan-methods-ip-protocol-scan.html"IP Protocol Scan</A </DT <DT <AHREF="scan-methods-ftp-bounce-scan.html"TCP FTP Bounce Scan</A </DT <DT <AHREF="port-scanning-algorithms.html"Scan Code and Algorithms</A </DT <DD <DL <DT <AHREF="port-scanning-algorithms.html#AEN2636"Network condition monitoring</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2639"Host and port parallelization</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2648"Round trip time estimation</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2669"Congestion control</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2674"Port scan pings</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2678"Inferred neighbor times</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2682"Adaptive retransmission</A </DT <DT <AHREF="port-scanning-algorithms.html#AEN2685"Scan delay</A </DT </DL </DD </DL </DD <DT 6. <AHREF="scan-performance.html"Optimizing Nmap Performance</A </DT <DT 7. <AHREF="version-scan.html"Service and Application Version Detection</A </DT <DD <DL <DT <AHREF="version-scan.html#version-scan-intro"Introduction</A </DT <DT <AHREF="version-scan-examples.html"Usage/Examples</A </DT <DT <AHREF="version-scan-technique.html"Technique Described</A </DT <DT <AHREF="version-scan-technique-demo.html"Technique Demonstrated</A </DT <DT <AHREF="version-scan-post-processors.html"Post-processors</A </DT <DD <DL <DT <AHREF="version-scan-post-processors.html#version-detection-rpc"RPC Grinding</A </DT <DT <AHREF="version-scan-post-processors.html#AEN2888"SSL Post-processor notes</A </DT </DL </DD <DT <AHREF="version-scan-fileformat.html"<TTCLASS="filename"nmap-service-probes</TT File Format</A </DT <DD <DL <DT <AHREF="version-scan-fileformat.html#AEN2918"The <TTCLASS="literal"Probe</TT directive</A </DT <DT <AHREF="version-scan-fileformat.html#AEN2959"The <TTCLASS="literal"match</TT directive</A </DT <DT <AHREF="version-scan-fileformat.html#AEN3006"The <TTCLASS="literal"softmatch</TT directive</A </DT <DT <AHREF="version-scan-fileformat.html#AEN3022"The <TTCLASS="literal"ports</TT and <TTCLASS="literal"sslports</TT directives</A </DT <DT <AHREF="version-scan-fileformat.html#AEN3049"The <TTCLASS="literal"totalwaitms</TT directive</A </DT <DT <AHREF="version-scan-fileformat.html#version-scan-fileformat-example"Putting it all together</A </DT </DL </DD <DT <AHREF="version-scan-community.html"Community Contributions</A </DT <DT <AHREF="version-detection-find-service-fast.html"[RECIPE] Find all servers running an insecure or nonstandard versionof an application</A</DT <DT <AHREF="version-detection-hack-it.html"[RECIPE] Hack version detection to suit custom needs, such as openproxy detection</A</DT </DL </DD <DT 8. <AHREF="os-fingerprinting.html"OS Fingerprinting</A </DT <DT 9. <AHREF="defeating-firewalls-ids.html"Detecting and Subverting Firewalls and Intrusion Detection Systems</A </DT <DD <DL <DT <AHREF="defeating-firewalls-ids.html#firewalls-ids-intro"Introduction</A </DT <DT <AHREF="firewalls-ids-justification.html"Why would whitehats ever do this?</A </DT <DT <AHREF="determining-firewall-rules.html"Determining Firewall Rules</A </DT <DD <DL <DT <AHREF="determining-firewall-rules.html#AEN3144"Standard SYN scan</A </DT <DT <AHREF="determining-firewall-rules.html#defeating-firewalls-ids-ackscan"ACK scan</A </DT <DT <AHREF="determining-firewall-rules.html#defeating-firewalls-ipid-tricks"IPID tricks</A </DT <DT <AHREF="determining-firewall-rules.html#AEN3228"UDP version scanning</A </DT </DL </DD <DT <AHREF="firewall-subversion.html"Bypassing Firewall Rules</A </DT <DD <DL <DT <AHREF="firewall-subversion.html#AEN3247"Exotic scan flags</A </DT <DT <AHREF="firewall-subversion.html#defeating-firewalls-source-port"Source port manipulation</A </DT <DT <AHREF="firewall-subversion.html#defeating-firewalls-ipv6"IPv6 attacks</A </DT <DT <AHREF="firewall-subversion.html#AEN3285"IPID Idle Scanning</A </DT <DT <AHREF="firewall-subversion.html#AEN3289"Multiple ping probes</A </DT <DT <AHREF="firewall-subversion.html#defeating-firewalls-fragmentation"Fragmentation</A </DT <DT <AHREF="firewall-subversion.html#AEN3299"Proxies</A </DT <DT <AHREF="firewall-subversion.html#AEN3306"Source routing</A </DT <DT <AHREF="firewall-subversion.html#AEN3311"FTP Bounce Scan</A </DT <DT <AHREF="firewall-subversion.html#AEN3319"Take an alternative path</A </DT </DL </DD <DT <AHREF="subvert-ids.html"Subverting Intrusion Detection Systems</A </DT <DD <DL <DT <AHREF="subvert-ids.html#AEN3326"Intrusion detection system detection</A </DT <DT <AHREF="subvert-ids.html#AEN3363"Avoiding intrusion detection systems</A </DT <DT <AHREF="subvert-ids.html#AEN3433"Misleading intrusion detection systems</A </DT <DT <AHREF="subvert-ids.html#AEN3468"Exploiting intrusion detection systems</A </DT <DT <AHREF="subvert-ids.html#AEN3472"Ignoring intrusion detection systems</A </DT </DL </DD <DT <AHREF="firewall-ids-packet-forgery.html"Detecting packet forgery by firewall and intrusion detection systems</A </DT <DD <DL <DT <AHREF="firewall-ids-packet-forgery.html#AEN3484"Look for TTL consistency</A </DT <DT <AHREF="firewall-ids-packet-forgery.html#AEN3502"Look for IPID and sequence number consistency</A </DT <DT <AHREF="firewall-ids-packet-forgery.html#AEN3521"The Bogus Checksum trick</A </DT <DT <AHREF="firewall-ids-packet-forgery.html#AEN3525"Close Analysis of packet headers and contents</A </DT <DT <AHREF="firewall-ids-packet-forgery.html#AEN3528"Unusual network uniformity</A </DT </DL </DD </DL </DD <DT 10. <AHREF="defending-against-nmap.html"Defenses against Nmap</A </DT <DD <DL <DT <AHREF="defending-against-nmap.html#nmap-defenses-intro"Introduction</A </DT <DT <AHREF="nmap-defenses-proactive-scanning.html"Proactive Scanning</A </DT <DT <AHREF="nmap-defenses-firewalls.html"Blocking and Slowing Nmap with Firewalls</A </DT <DT <AHREF="nmap-defenses-detection.html"Detecting Nmap Scans</A </DT <DT <AHREF="nmap-defenses-trickery.html"Clever Trickery</A </DT <DD <DL <DT <AHREF="nmap-defenses-trickery.html#AEN3573"Hiding Services on Obscure Ports</A </DT <DT <AHREF="nmap-defenses-trickery.html#AEN3582"Port knocking</A </DT <DT <AHREF="nmap-defenses-trickery.html#AEN3597"Honeypots and Honeynets</A </DT <DT <AHREF="nmap-defenses-trickery.html#AEN3601"OS Spoofing</A </DT <DT <AHREF="nmap-defenses-trickery.html#AEN3624"Tar pits</A </DT <DT <AHREF="nmap-defenses-trickery.html#nmap-defense-reactive-port-sentry"Reactive port scan detection</A </DT <DT <AHREF="nmap-defenses-trickery.html#AEN3632"Escalating arms race</A </DT </DL </DD </DL </DD <DT 11. <AHREF="output-formats.html"Nmap Output Formats</A </DT <DD <DL <DT <AHREF="output-formats.html#output-formats-intro"Introduction</A </DT <DT <AHREF="output-formats-commandline-flags.html"Command-line flags</A </DT <DD <DL <DT <AHREF="output-formats-commandline-flags.html#output-formats-flags-type"Controlling output type</A </DT <DT <AHREF="output-formats-commandline-flags.html#output-formats-flags-verbo sit y"Controlling verbosity of output</A </DT <DT <AHREF="output-formats-commandline-flags.html#output-formats-flags-debug gin g"Enabling debugging output</A </DT <DT <AHREF="output-formats-commandline-flags.html#output-formats-flags-packe t-t race"Enabling packet tracing</A </DT <DT <AHREF="output-formats-commandline-flags.html#output-formats-flags-resume"Resuming canceled scans</A </DT </DL </DD <DT <AHREF="output-formats-interactive.html"Interactive output</A </DT <DT <AHREF="output-formats-normal-output.html"Normal output (<TTCLASS="option"-oN</TT )</A </DT <DT <AHREF="output-formats-script-kiddie.html"$crIpT kIddI3 0uTPut (<TTCLASS="option"-oS</TT )</A </DT <DT <AHREF="output-formats-xml-output.html"XML output (<TTCLASS="option"-oX</TT )</A </DT <DD <DL <DT <AHREF="output-formats-xml-output.html#output-formats-xml-usage"Using XML Output</A </DT </DL </DD <DT <AHREF="output-formats-xml-with-perl.html"Manipulating XML output with Perl</A </DT <DT <AHREF="output-formats-output-to-database.html"Output to a database</A </DT <DT <AHREF="output-formats-output-to-html.html"Creating HTML reports</A </DT <DT <AHREF="output-formats-grepable-output.html"Grepable output (<TTCLASS="option"-oG</TT )</A </DT <DD <DL <DT <AHREF="output-formats-grepable-output.html#output-formats-grepable-fields"Grepable output fields</A </DT <DT <AHREF="output-formats-grepable-output.html#output-formats-grepable-comm and line-parsing"Parsing grepable output on the command line</A </DT </DL </DD </DL </DD <DT 12. <AHREF="data-files.html"Understanding and Customizing Nmap Data Files</A </DT <DD <DL <DT <AHREF="data-files.html#data-files-intro"Introduction</A </DT <DT <AHREF="nmap-services.html"<TTCLASS="filename"nmap-services</TT </A </DT <DT <AHREF="nmap-service-probes.html"<TTCLASS="filename"nmap-service-probes</TT </A </DT <DT <AHREF="nmap-rpc.html"<TTCLASS="filename"nmap-rpc</TT </A </DT <DT <AHREF="nmap-os-fingerprints.html"<TTCLASS="filename"nmap-os-fingerprints</TT </A </DT <DT <AHREF="nmap-mac-prefixes.html"<TTCLASS="filename"nmap-mac-prefixes</TT </A </DT <DT <AHREF="nmap-protocols.html"<TTCLASS="filename"nmap-protocols</TT </A </DT <DT <AHREF="data-files-replacing-data-files.html"<TTCLASS="filename"UsingCustomized Data Files</TT</A </DT </DL </DD <DT 13. <AHREF="cookbook.html"Nmap Cookbook</A </DT <DT 14. <AHREF="nmap-history-future.html"The History and Future of Nmap</A </DT <DT 15. <AHREF="reference-guide.html"Nmap Reference Guide</A </DT <DT A. <AHREF="app-nmap-dtd.html"Nmap XML Output DTD</A </DT <DD <DL <DT <AHREF="app-nmap-dtd.html#AEN4302"</A </DT </DL </DD <DT B. <AHREF="complementary-tools.html"Appendix A: Complementary Tools</A </DT </DL </DIV <DIVCLASS="LOT"<DLCLASS="LOT"<DT <B List of Tables</B </DT <DT 2-1. <AHREF="install-zaurus-pda.html#AEN868"The Sharp Zaurus is an excellent platform for highly mobilesecurity applications</A</DT <DT 3-1. <AHREF="host-enumeration-strategies.html#host-enumeration-tbl-popular-tc p-p orts"Valuable TCPprobe ports, in descending order of accessibility.</A</DT <DT 5-1. <AHREF="scan-methods.html#scan-methods-tbl-icmp-unreachable-codes"ICMP destination unreachable (type 3) code values</A </DT <DT 5-2. <AHREF="scan-methods-syn-scan.html#scan-methods-tbl-syn-scan-responses"How Nmap interprets responses to a SYN probe</A </DT <DT 5-3. <AHREF="scan-methods-udp-scan.html#scan-methods-tbl-udp-scan-responses"How Nmap interprets responses to a UDP probe</A </DT <DT 5-4. <AHREF="scan-methods-null-fin-xmas-scan.html#scan-methods-tbl-nullfinxma s-s can-responses"How Nmap interprets responses to a Null, FIN, or Xmas scan probe</A </DT <DT 5-5. <AHREF="scan-methods-ack-scan.html#scan-methods-tbl-ack-scan-responses"How Nmap interprets responses to an ACK scan probe</A </DT <DT 5-6. <AHREF="scan-methods-window-scan.html#scan-methods-tbl-window-scan-respo nse s"How Nmap interprets responses to a Window scan ACK probe</A </DT <DT 5-7. <AHREF="scan-methods-maimon-scan.html#scan-methods-tbl-maimon-scan-response s"How Nmap interprets responses to a Maimon scan probe</A </DT <DT 5-8. <AHREF="scan-methods-ip-protocol-scan.html#scan-methods-tbl-protocol-scan-r esponses"How Nmap interprets responses to an IP protocol probe</A </DT </DL </DIV <DIVCLASS="LOT"<DLCLASS="LOT"<DT <B List of Figures</B </DT <DT 1-1. <AHREF="nmap-overview-and-demos.html#AEN183"Trinity begins her assault</A </DT <DT 1-2. <AHREF="nmap-overview-and-demos.html#AEN197"Trinity Scans the Matrix</A </DT <DT 1-3. <AHREF="nmap-overview-and-demos.html#AEN202"Terminal-view of the hack</A </DT <DT 1-4. <AHREF="legal-issues.html#AEN248"Strong opinions on port scanning legality and morality</A </DT <DT 2-1. <AHREF="nmap-install.html#fig-nmapfe-demo"NmapFE presents a simple graphical interface to Nmap</A </DT <DT 2-2. <AHREF="install-windows.html#fig-windows-cmdshell-exec"Executing Nmap from a Windows command shell</A </DT <DT 2-3. <AHREF="install-windows.html#fig-nmapwin-demo"NmapWin provides a slick Windows interface to Nmap</A </DT <DT 2-4. <AHREF="install-zaurus-pda.html#fig-nmap-install-zaurus-slc760"The Sharp Zaurus SL-C760 PDA</A </DT <DT 2-5. <AHREF="install-zaurus-pda.html#fig-nmap-install-zaurus-slc760-running-nmap "The SL-C760 executing Nmap in a terminal window</A </DT <DT 4-1. <AHREF="port-scanning.html#fig-ip-header"IPv4 Header Layout</A </DT <DT 4-2. <AHREF="port-scanning.html#fig-tcp-header"TCP Header Layout</A </DT <DT 4-3. <AHREF="port-scanning.html#fig-udp-header"UDP Header Layout</A </DT <DT 5-1. <AHREF="scan-methods.html#scan-methods-fig-icmp-unreachable-header"ICMPv4 Destination Unreachable Header Layout</A </DT <DT 5-2. <AHREF="scan-methods-syn-scan.html#scan-methods-fig-syn-scan-open"SYN scan of open port 22</A </DT <DT 5-3. <AHREF="scan-methods-syn-scan.html#scan-methods-fig-syn-scan-closed"SYN scan of closed port 113</A </DT <DT 5-4. <AHREF="scan-methods-syn-scan.html#scan-methods-fig-syn-scan-filtered"SYN scan of filtered port 139</A </DT <DT 5-5. <AHREF="scan-methods-connect-scan.html#scan-methods-fig-connect-scan-open"Connect scan of open port 22 (<BCLASS="command"nmap -sT -p22 scanme.nmap.org</B )</A </DT <DT 5-6. <AHREF="scan-methods-idle-scan.html#scan-methods-fig-idle-scan"Idle Scan Technique (Simplified)</A </DT <DT 9-1. <AHREF="subvert-ids.html#fig-blackice-your-mother"BlackIce discovers an unusual intruder</A </DT <DT 9-2. <AHREF="subvert-ids.html#fig-blackice-decoys"An attacker masked by dozens of decoys</A </DT <DT 11-1. <AHREF="output-formats-xml-output.html#output-formats-fig-xml-browser"Reading XML in a web browser</A </DT </DL </DIV <DIVCLASS="LOT"<DLCLASS="LOT"<DT <B List of Examples</B </DT <DT 1-1. <AHREF="nmap-overview-and-demos.html#ex-felix-list-scan"Nmap list scan against Avatar Online IP addresses</A </DT <DT 1-2. <AHREF="nmap-overview-and-demos.html#ex-felix-scan1"Nmap results against an AO firewall</A </DT <DT 1-3. <AHREF="nmap-overview-and-demos.html#ex-felix-scan2"Another interesting AO machine</A </DT <DT 1-4. <AHREF="nmap-overview-and-demos.html#ex-madhat-nmap-diff"Nmap-diff typical output</A </DT <DT 1-5. <AHREF="nmap-overview-and-demos.html#ex-madhat-nmap-report"Nmap-report execution</A </DT <DT 2-1. <AHREF="nmap-install.html#ex-checking-for-nmap"Checking for Nmap and determining its version number</A </DT <DT 2-2. <AHREF="nmap-install.html#ex-verify-nmap-checksum"Verifying the Nmap download checksum</A </DT <DT 2-3. <AHREF="install-linux.html#ex-nmap-install-from-rpms"Installing Nmap from binary RPMs</A </DT <DT 2-4. <AHREF="install-linux.html#ex-nmap-install-from-srpms"Building and installing Nmap from source RPMs</A </DT <DT 3-1. <AHREF="host-enumeration-controls.html#host-enumeration-ex-listscan"Enumerating hosts surrounding WWW.Stanford.Edu with list scan</A </DT <DT 3-2. <AHREF="host-enumeration-techniques.html#host-enumeration-ex-ping2"Attempts to ping popularInternet hosts</A</DT <DT 3-3. <AHREF="host-enumeration-techniques.html#host-enumeration-ex-synping"Retry Host Enumeration using port 80 SYN probes</A </DT <DT 3-4. <AHREF="host-enumeration-techniques.html#host-enumeration-ex-msackping"Attempted ACK ping against Microsoft</A </DT <DT 3-5. <AHREF="host-enumeration-strategies.html#host-enumeration-ex-defaultrandomp ing"Generating 50,000 IP Addresses, then ping scanning with defaultoptions</A</DT <DT 3-6. <AHREF="host-enumeration-strategies.html#host-enumeration-ex-extensiverando mping"Repeatingping scan with extra probes</A</DT <DT 4-1. <AHREF="port-scanning.html#port-scanning-change-ephemeral-range"Viewing and increasing the ephemeral port range on Linux</A </DT <DT 4-2. <AHREF="port-scanning-tutorial.html#port-scanning-tutorial-nmap1"Simple scan: nmap scanme.nmap.org</A </DT <DT 4-3. <AHREF="port-scanning-tutorial.html#port-scanning-tutorial-nmap2"More complex: nmap -p0- -v -A -T4 scanme.nmap.org</A </DT <DT 4-4. <AHREF="port-scanning-ipv6.html#port-scanning-ex-ipv6"A simple IPv6 scan</A </DT <DT 4-5. <AHREF="recipe-find-open-port.html#port-scanning-ex-whois-playboy"Discovering Playboy's IP space</A </DT <DT 4-6. <AHREF="recipe-find-open-port.html#port-scanning-ex-www-playboy-ping"Pinging Playboy's Web Server for a Latency Estimate</A </DT <DT 4-7. <AHREF="recipe-find-open-port.html#port-scanning-ex-www-playboy-dig"Digging through Playboy's DNS records</A </DT <DT 4-8. <AHREF="recipe-find-open-port.html#port-scanning-ex-www-playboy-mxping"Pinging the MX servers</A </DT <DT 4-9. <AHREF="recipe-find-open-port.html#port-scanning-ex-playboy-mxping-tcp"TCP Pinging the MX servers</A </DT <DT 4-10. <AHREF="recipe-find-open-port.html#port-scanning-ex-playboy-port80-scan"Launching the scan</A </DT <DT 4-11. <AHREF="recipe-find-open-port.html#port-scanning-ex-playboy-port80-grep"Egrep for open ports</A </DT <DT 5-1. <AHREF="scan-methods-syn-scan.html#scan-methods-ex-syn-scan"A SYN Scan showing three port states</A </DT <DT 5-2. <AHREF="scan-methods-syn-scan.html#scan-methods-ex-synscan-packettrace"Using <TTCLASS="option"--packet_trace</TT to understand a SYN scan</A </DT <DT 5-3. <AHREF="scan-methods-connect-scan.html#scan-methods-ex-connectscan-scanme"Connect scan example</A </DT <DT 5-4. <AHREF="scan-methods-udp-scan.html#scan-methods-ex-udpscan-felix"UDP scan example</A </DT <DT 5-5. <AHREF="scan-methods-udp-scan.html#scan-methods-ex-udpscan-scanme"UDP scan example</A </DT <DT 5-6. <AHREF="scan-methods-udp-scan.html#scan-methods-ex-udpscan-felix2"Improving Felix's UDP scan results with version detection</A </DT <DT 5-7. <AHREF="scan-methods-udp-scan.html#scan-methods-ex-udpscan-scanme2"Improving Scanme's UDP scan results with version detection</A </DT <DT 5-8. <AHREF="scan-methods-udp-scan.html#scan-methods-ex-rtt-trick"Attempting to disambiguate UDP ports with TTL discrepancies</A </DT <DT 5-9. <AHREF="scan-methods-null-fin-xmas-scan.html#scan-methods-ex-fin-xmas-scan"Example FIN and Xmas scans</A </DT <DT 5-10. <AHREF="scan-methods-null-fin-xmas-scan.html#scan-methods-ex-sco-syn-scan"SYN scan of docsrv.caldera.com</A </DT <DT 5-11. <AHREF="scan-methods-null-fin-xmas-scan.html#scan-methods-ex-sco-fin-scan"FIN scan of docsrv.caldera.com</A </DT <DT 5-12. <AHREF="scan-methods-custom-scanflags.html#scan-methods-ex-custom-synfin-sc an"A SYN/FIN scan of Google</A </DT <DT 5-13. <AHREF="scan-methods-custom-scanflags.html#scan-methods-ex-custom-psh-scan"A custom PSH scan</A </DT <DT 5-14. <AHREF="scan-methods-ack-scan.html#scan-methods-ex-ack-scan"A Typical ACK Scan</A </DT <DT 5-15. <AHREF="scan-methods-ack-scan.html#scan-methods-ex-sco-ack-scan"An ACK scan of Docsrv</A </DT <DT 5-16. <AHREF="scan-methods-window-scan.html#scan-methods-ex-sco-window-scan"Window scan of docsrv.caldera.com</A </DT <DT 5-17. <AHREF="scan-methods-maimon-scan.html#scan-methods-ex-maimon-scan"A failed Maimon scan</A </DT <DT 5-18. <AHREF="scan-methods-idle-scan.html#scan-methods-ex-idle-scan"An Idle scan against the RIAA</A </DT <DT 5-19. <AHREF="scan-methods-idle-scan.html#scan-methods-ex-ipid-trace"IPID scan packet trace</A </DT <DT 5-20. <AHREF="scan-methods-ip-protocol-scan.html#scan-methods-ex-protocol-scanme"IP protocol scan of a router and a typical Linux 2.4 box</A </DT <DT 5-21. <AHREF="scan-methods-ftp-bounce-scan.html#scan-methods-ex-ftp-bounce-fixed"Attempting an FTP bounce scan</A </DT <DT 5-22. <AHREF="scan-methods-ftp-bounce-scan.html#scan-methods-ftp-bounce-working"Successful FTP bounce scan</A </DT <DT 7-1. <AHREF="version-scan.html#ex-version-detection-scan1"Simple usage of version detection</A </DT <DT 7-2. <AHREF="version-scan-examples.html#ex-version-detection-scan2"Version detection against WWW.Microsoft.Com</A </DT <DT 7-3. <AHREF="version-scan-examples.html#ex-version-detection-scan3"Complex version detection</A </DT <DT 7-4. <AHREF="version-scan-technique-demo.html#ex-version-detection-trace"Detailed trace of version detection</A </DT <DT 7-5. <AHREF="version-scan-post-processors.html#ex-version-detection-rpcinfo"Enumerating RPC services with rpcinfo</A </DT <DT 7-6. <AHREF="version-scan-post-processors.html#ex-version-detection-rpcscan"<SPANCLASS="application"Nmap</SPAN direct RPC scan</A </DT <DT 7-7. <AHREF="version-scan-post-processors.html#ex-version-detection-ssl"Version scanning through SSL</A </DT <DT 9-1. <AHREF="determining-firewall-rules.html#defeating-firewalls-ids-standardsyn "Detection of closed and filtered TCP ports</A </DT <DT 9-2. <AHREF="determining-firewall-rules.html#defeating-firewalls-ids-ackscan-sca nme"ACK scan against Scanme</A </DT <DT 9-3. <AHREF="determining-firewall-rules.html#defeating-firewalls-ids-scans-para"Contrasting SYN and ACK scans against Para</A </DT <DT 9-4. <AHREF="determining-firewall-rules.html#defeating-firewalls-udp-scan"UDP scan against firewalled host</A </DT <DT 9-5. <AHREF="determining-firewall-rules.html#defeating-firewalls-udp-version-sca n"UDP version scan against firewalled host</A </DT <DT 9-6. <AHREF="firewall-subversion.html#defeating-firewalls-fin-scan"FIN scan against stateless firewall</A </DT <DT 9-7. <AHREF="firewall-subversion.html#defeating-firewalls-sourceport88"Bypassing Windows IPsec filter using source port 88</A </DT <DT 9-8. <AHREF="firewall-subversion.html#defeating-firewalls-ex-ipv6"Comparing IPv4 and IPv6 scans</A </DT <DT 9-9. <AHREF="firewall-subversion.html#defeating-firewalls-ftpbounce-working"Exploitinga printer with the FTP bounce scan</A</DT <DT 9-10. <AHREF="subvert-ids.html#defeating-ids-bugzilla-secfocus"Host names can be deceiving</A </DT <DT 9-11. <AHREF="subvert-ids.html#ex-traceroute-jump"Noting TTL gaps with traceroute</A </DT <DT 9-12. <AHREF="subvert-ids.html#defeating-ids-slow-nmap-scan"Slow scan tobypass the default Snort 2.2.0 Flow-portscan fixed time scan detection method</A</DT <DT 9-13. <AHREF="subvert-ids.html#defeating-ids-snortrules"Default Snort rules referencing Nmap</A </DT <DT 9-14. <AHREF="firewall-ids-packet-forgery.html#defeating-firewalls-ids-customtrac eroute"Detection of closed and filtered TCP ports</A </DT <DT 9-15. <AHREF="firewall-ids-packet-forgery.html#defeating-firewalls-ids-ipid-ms"Testing IPID sequence number consistency</A </DT <DT 10-1. <AHREF="nmap-defenses-trickery.html#ex-defending-against-nmap-obscureports"An all-tcp-port version scan</A </DT <DT 10-2. <AHREF="nmap-defenses-trickery.html#ex-defending-against-nmap-ippersonality "Deceiving Nmap with IP Personality</A </DT <DT 11-1. <AHREF="output-formats.html#output-formats-ex-scanrand"Scanrand output against a local network</A </DT <DT 11-2. <AHREF="output-formats-commandline-flags.html#output-formats-ex-grep-verbos e"Greping for verbosity conditionals</A </DT <DT 11-3. <AHREF="output-formats-commandline-flags.html#output-formats-ex-verbose"A comparison of interactive output with and without verbosityenabled.</A</DT <DT 11-4. <AHREF="output-formats-commandline-flags.html#output-formats-ex-sample-debu gging"Some representative debugging lines</A </DT <DT 11-5. <AHREF="output-formats-commandline-flags.html#output-formats-ex-packettrace "Using <TTCLASS="option"--packet_trace</TT to detail a ping scan of Scanme</A </DT <DT 11-6. <AHREF="output-formats-normal-output.html#output-formats-ex-normal"A typical example of normal output</A </DT <DT 11-7. <AHREF="output-formats-script-kiddie.html#output-formats-ex-script-kiddie"A typical example of $crIpt KiDDi3 0utPut</A </DT <DT 11-8. <AHREF="output-formats-xml-output.html#output-formats-xml"An example of Nmap XML output</A </DT <DT 11-9. <AHREF="output-formats-xml-output.html#output-formats-xml-port-elements"Nmap XML port elements</A </DT <DT 11-10. <AHREF="output-formats-xml-with-perl.html#output-formats-ex-nmap-parser"Nmap::Parser sample code</A </DT <DT 11-11. <AHREF="output-formats-xml-with-perl.html#output-formats-ex-nmap-scanner"Nmap::Scanner sample code</A </DT <DT 11-12. <AHREF="output-formats-grepable-output.html#output-formats-ex-grepable-scan me"A typical example of grepable output</A </DT <DT 11-13. <AHREF="output-formats-grepable-output.html#output-formats-ex-grepable-prot ocol-scanme"Grepable output for IP protocol scan</A </DT <DT 11-14. <AHREF="output-formats-grepable-output.html#output-formats-ex-grepable-ping scan"Ping scan grepable output</A </DT <DT 11-15. <AHREF="output-formats-grepable-output.html#output-formats-ex-grepable-list scan"List scan grepable output</A </DT <DT 11-16. <AHREF="output-formats-grepable-output.html#output-formats-ex-grepable-comm andline"Parsing grepable output on the command line</A </DT <DT 12-1. <AHREF="nmap-services.html#data-files-nmap-services-file"Excerpt from <TTCLASS="filename"nmap-services</TT </A </DT <DT 12-2. <AHREF="nmap-service-probes.html#data-files-nmap-service-probes-file"Excerpt from <TTCLASS="filename"nmap-service-probes</TT </A </DT <DT 12-3. <AHREF="nmap-rpc.html#data-files-nmap-rpc-file"Excerpt from <TTCLASS="filename"nmap-rpc</TT </A </DT <DT 12-4. <AHREF="nmap-os-fingerprints.html#data-files-nmap-os-fingerprints-file"Excerpt from <TTCLASS="filename"nmap-os-fingerprints</TT </A </DT <DT 12-5. <AHREF="nmap-mac-prefixes.html#data-files-nmap-mac-prefixes-file"Excerpt from <TTCLASS="filename"nmap-mac-prefixes</TT </A </DT <DT 12-6. <AHREF="nmap-protocols.html#data-files-nmap-protocols-file"Excerpt from <TTCLASS="filename"nmap-protocols</TT </A </DT </DL </DIV </DIV <DIVCLASS="NAVFOOTER"<HRALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0"<TR <TDWIDTH="33%" ALIGN="left" VALIGN="top" </TD <TDWIDTH="34%" ALIGN="center" VALIGN="top" </TD <TDWIDTH="33%" ALIGN="right" VALIGN="top"<AHREF="preface.html" ACCESSKEY="N"<IMGSRC="../book-icons/next.gif" BORDER="0" ALT="Next"></A</TD </TR <TR <TDWIDTH="33%" ALIGN="left" VALIGN="top" </TD <TDWIDTH="34%" ALIGN="center" VALIGN="top" </TD <TDWIDTH="33%" ALIGN="right" VALIGN="top"Preface</TD </TR </TABLE </DIV <!--#include virtual="/templates/standard_body_bottom.html" --></BODY </HTML_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nmap: the definitive guide hasklej (Oct 12)
- Re: nmap: the definitive guide phased (Oct 12)
- RE: nmap: the definitive guide y0himba (Oct 12)
- Re: nmap: the definitive guide Joachim Schipper (Oct 12)
- RE: nmap: the definitive guide y0himba (Oct 12)
- RE: nmap: the definitive guide y0himba (Oct 12)
- Re: nmap: the definitive guide phased (Oct 12)
- Re: nmap: the definitive guide Thierry Zoller (Oct 12)