Fwd: Nmap Book - Comments

[Tom Sellers <nmap () fadedcode net>]

Just noticed that I sent this to Fyodor, but not to the list.


I have attached a few comments and suggestions for the book below.
I did not adopt a chapter because did not want someone more
knowledgeable than I to skip a chapter thinking that it had already
been taken care of.

Some of the comments are pretty trivial while others are not.



******************************************************************
Chapter 2. Obtaining, Compiling, Installing, and Removing Nmap

http://nmap.org/book/install.html

3rd line of section "Testing Whether Nmap is Already Installed"

... try executing the command nmap --version.


This instructs the reader to use a program argument that is not in
the usage output from the command line.  Also, the pages that discuss
how to deal with misidentified services and hosts and removing Nmap
instruct the reader to use nmap -V.  Perhaps the entry in this page
and the images on this page should be changed to use nmap -V for
consistency.

******************************************************************
Chapter 2. Obtaining, Compiling, Installing, and Removing Nmap

Windows
http://nmap.org/book/inst-windows.html

Second bullet:
Nmap only supports ethernet interfaces (including many 802.11 wireless cards)
unless you use the -sT -PN options. RAS connections (such as PPP dialups) are
not supported. This support was dropped when Microsoft removed raw TCP/IP socket
support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead.


I don't know if it is worth mentioning in this section, but
Nmap does work over Cisco's VPN client in both wired and
wireless environment.

******************************************************************
Chapter 2. Obtaining, Compiling, Installing, and Removing Nmap

OpenBSD Binary Packages and Source Ports Instructions
http://nmap.org/book/inst-bsd.html

Section: Installation using the source ports tree
        
Step 1. ....via CVS using instructions at http://www.openbsd.org/faq/faq8.html#CVS.

I could not find the information about updating ports via CVS at the anchor
specified or page specified.  I think this information has been moved here:

http://www.openbsd.org/anoncvs.html#using

The URL above was found on the FAQ 15 page here:

http://www.openbsd.org/faq/faq15.html#PortsFetch



******************************************************************
Chapter 2. Obtaining, Compiling, Installing, and Removing Nmap

Executing Nmap on Windows
http://nmap.org/book/inst-windows.html

Pathing in Figure 2.1 does not match text.  Image indicates
E:\nmap while text uses C:\Program Files\Nmap


******************************************************************
Chapter 7. Service and Application Version Detection

Usage and Examples
http://nmap.org/book/vscan-examples.html


Bottom of the page, below Example 7.3:

... column is empty. determine the service name via its probing, but was not able to determine anything else.

Perhaps this should be:

... column is empty. Nmap was able to determine the service name via its probing, but was not able to determine 
anything else.

******************************************************************
Chapter 8. Remote OS Detection

Fingerprinting Methods Avoided by Nmap
http://nmap.org/book/osdetect-other-methods.html

Bottom of the page, 5th line from the bottom of the main text:

... OS detection resultds discovered ...

Perhaps this should be:


... OS detection results discovered ...


******************************************************************
Chapter 13. Nmap Output Formats

Output formats supported by Nmap
http://nmap.org/book/output-formats-commandline-flags.html

Section:  Normal output (-oN)

You may want to indicate that this output file format also captures
debugging output generated by the -d argument. If you decide this is
appropriate, you may also want to mention it here as well:

http://nmap.org/book/output-formats-normal-output.html

******************************************************************
Chapter 13. Nmap Output Formats

Output formats supported by Nmap
http://nmap.org/book/output-formats-commandline-flags.html

In 4.51 beta Kris added support for adding symbolic placeholders
in names so that dates and times could be dynamically added to
output file names.

Here is the change log entry:

4.51BETA [2007-12-21]

...

o Nmap's output options (-oA, -oX, etc.) now support strftime()-like
   conversions in the filename.  %H, %M, %S, %m, %d, %y, and %Y are
   all the same as in strftime().  %T is the same as %H%M%S, %R is the
   same as %H%M, and %D is the same as %m%d%y.  A % followed by any
   other character just yields that character (%% yields a %).  This
   means that "-oX 'scan-%T-%D.xml'" uses an XML file in the form of
   "scan-144840-121307.xml". [Kris

This change is not included in Nmap's usage output or in any of the
reference documentation that I am aware of.  If this is intended to
be a supported feature, would your book be a good time to include
documentation?  If so, the man section of the book would probably need
to include this information as well.

******************************************************************
Chapter 15. Nmap Reference Guide

Bugs
http://nmap.org/book/man-bugs.html

3rd line down:

... Try searching for the error message on our search page at ??? or at Google.

8th line down:

... and get through more quickly. Subscribe at ???.

These appear to be references that were meant to be populated later.

Perhaps the first entry should be modified so that the ??? are replaced
with "http://insecure.org/search.html";

Perhaps the second entry should be modified so that the ??? are replaced
with "http://cgi.insecure.org/mailman/listinfo/nmap-dev";


******************************************************************


Thanks,

Tom


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org