New developments in Nmap
Audio (about 24 minutes):
Ogg Vorbis (5.2 MB),
MP3 (8.3 MB).
This is a talk I gave on October 12, 2007 at the
Front Range Information Security
Conference at the University of Denver in Denver, Colorado. It's a
summary and demonstration of some new developments in Nmap, mainly those
coming out of the 2007 Google
Summer of Code.
This is the handout I distributed with the talk. It gives sample
commands to run to try out the new features.
I edited out about one minute right before the first example (at about
4:00) where I had to fix my network connection. Here's the
giant unedited FLAC (55 MB) if
you want to hear it.
- The third audience comment at about 2:08 is something like "When I
forget computer's IP address, I can just find the open ports."
- I was wrong about the Skype protocol. Looking at the script, I see
that it first returns a 404, then with the second probe it returns
- At 19:55, an audience member asks, "Out of curiosity, could you
click on BBC Research?" He was asking because he had to do with the
BBC unkeyed jam
resistance algorithm. BBC Research, one of the Summer of Code mentoring
organizations, has to do with the British Broadcasting Corporation. A
few seconds later, someone says something like, "Is that a trademark
- At about 21:28, the question is, "What does Umit stand for?"
- I said The Matrix Revolutions, but it was The Matrix Reloaded. See
- I should have said that I haven't handled service fingerprints and
corrections, only OS.
- A network security engineer at DU was in attendance, and afterward
he told me that he was the one who installed the filter that blocked the
two ports I found!
Also see Fun with Nmap and free software development.