Damn! Getting Nmap to function flawlessly on WINDOWS
In Ten Simple Steps
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

For the past several weeks, I have been experimenting/testing/cursing with the Windows port of nmap, a “free open source utility for network exploration or security auditing.” (insecure.org/nmap) Nmap’s plethora of scanning options makes it the choice for network admins everywhere. But until recently, us unfortunate Windows users had to do without, as Fyodor had originally authored the program for Linux users only.

Now that the Windows port is out, managing its many functions truly becomes a task. Nmap has been known to default on Windows systems; personally, I experienced random reboots about half the time I used it to scan a remote system. This can be very frustrating. Using various methods, though, I was able to minimize errors and improve performance dramatically. I compiled a list of several suggestions that helped me run nmap flawlessly on XP.

NOTE: This may not work on all systems. I tested under XP, with WinPcap 3.0 installed, nmap v3.48. The Windows version of nmap will never perform better than the original, so if you care that much, try an operating system, not windows!

Tip 1: If you are experienced problems via the command-line, try installing cygwin, a Linux-like emulation for Windows. (http://www.cygwin.com/) I recommend you install ALL packages (may take several hundred MBs). After installation, locate the nmap executable (were still working with the W32 port of nmap), and try bashing/running/executing it there, via the cygwin line.

Tip 2: Don’t resolve IPs. This may seem needlessly arcane, but it can reduce scanning times DRAMATICALLY. The tag is “-n” (w/o quotes). You might also want to apply the performance registry patch that’s included in the .zip file.

Tip 3: Download and install the latest version of WinPcap. This is nmap’s lifeblood, so to speak. If you have the latest version, you will notice that BSODS/reboots occur less often. (http://winpcap.polito.it/) At the time of this writing, v3.01 alpha is out. I haven’t tried it, so if anyone has any experiences/flames about it, feel free to post them here.

NOTE: Are you getting the line: ‘Note: Host seems down. If it is really up, but blocking our ping probes, try -P0’? Reportedly, Dave Smith, who had the same problem, uninstalled WinPcap 3.0 and reinstalled the older 2.4 version. “I then tried the latest 3.0 drivers from winpcap and they still don't work so I went back to the 2.4.”

Tip 4: Verify that you have the latest drivers for your NIC. Don’t trust Windows Update entirely; check your vendor’s website for any new updates. If you still get a BSOD or random rebooting, try firing up Dr. Watson and examining what was running at the time (software and hardware, like NICs, protocols, services etc).From these clues, you should make out what is causing the problems.

Tip 5: Grab the latest Windows binary of nmap. At the time of this writing, 3.48 is out, featuring complex version scanning. Fyodor continues to refine nmap and resolve compatibility issues. http://download.insecure.org/nmap/di...3.48-win32.zip

Tip 6: Install the Network Monitor Driver. Control Panel>>Network Connections, then bring up the Properties of your active internet/network connection. Click “Install”, and from the list of component types, select “Protocol” then choose Network Monitor Driver. Install it, reboot, whatever. It was recommended on the nmap mailing list, and it seemed to improve functionality.

Tip 7: This is kind of a given, but make sure your firewall is disabled, as it can hinder packet transfer.

Tip 8: Our own TheHorse13 was able to hack the original Linux source code and run it on a cygwin shell, so if you’re a C guru, its definitely possible to modify the code to work on a Windows box, although it may be very difficult. Do him a favor and don’t ask him how, it’s a time-consuming process that’s only for the 31337. And don’t even THINK about asking me, I don’t even know how to comb my hair right. J

Tip 9: Frequent the nmap-dev mailing list. A LOT of good tips/suggestions/advice can be found, and some of the tips I have written about came directly from the list. Again, always check for the latest version.

Tip 10: Screw Windows and fire up your favorite Linux distro! At one point, I too was afraid of Linux, but after an almost flawless installation of RH9, I cant go back. PHLAK comes bundled with nmap (along with a whole plethora of security-tools) and can be found at http://www.phlak.org/

SOURCES: http://www.insecure.org/, http://www.google.com/ ,and a big thanks to TheHorse13 for helping me with everything life has to ask.

Well, that’s it folks. Feel free to add anything, and if I have made a blunder anywhere, do me a favor and PM me. Have fun and remember, don’t drink and drive.

-ST8K