Chris DiBona shows you how to use the tool to scan your system for network vulnerabilities.

NMAP is a fabulous little tool that scans computers for open ports. Some of you probably think NMAP sounds like a hacker's tool. It can be used that way, but NMAP is also useful for finding out which of your ports are accessible and thus vulnerable to attacks.

Getting NMAP

Like most tools I talk about on "The Screen Savers," NMAP is shipped as part of any Red Hat installation. It can be invoked via terminal by typing in the following as root. (Note: Don't type the "[root@localhost chris]#" part. That's the prompt.)



    [root@localhost chris]# nmap 127.0.0.1


    When I run NMAP against my laptop, I get a reading that looks like this. 



    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

    Interesting ports on localhost.localdomain (127.0.0.1):

    (The 1594 ports scanned but not shown below are in state: closed)

    Port       State       Service

    22/tcp     open        ssh

    23/tcp     open        telnet

    111/tcp    open        sunrpc

    512/tcp    open        exec

    513/tcp    open        login

    514/tcp    open        shell

    6000/tcp   open        X11

    

    Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds



    I turned on some insecure ports to demonstrate the program. I'd never run with some of these things open, but if you notice, there are six ports that don't need to be open at all (telnet, login, shell, exec and sunrpc). Most people don't run with X11 exposed either.

    I would then use this information to shut down these open ports. In the case of telnet, I would disable the open port in the xinetd.d/telnet file "telnet" by setting disabled to "yes." After doing this and restarting the xinetd.d service by typing in /etc/init.d/xinetd restart, I get the following from NMAP. 



    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

    Interesting ports on localhost.localdomain (127.0.0.1):

    (The 1594 ports scanned but not shown below are in state: closed)

    Port       State       Service

    22/tcp     open        ssh

    111/tcp    open        sunrpc

    512/tcp    open        exec

    513/tcp    open        login

    514/tcp    open        shell

    6000/tcp   open        X11

    

    Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds



    As you can see, no telnet service is exposed, and we are thus more secure. With a bit more work, we can get every port shut down in short order.

    Running NMAP against computers on your network is a great way to see which programs are listening to outside traffic, so it's a terrific security tool for anyone to use.

    One note: Pointing NMAP at machines other than your own is a very bad idea. Most people will think it is a prelude to an attempt to crack their machines. That can invite some trouble into your life, so don't do it.

    Chris DiBona is the co-founder of Damage Studios, a San Francisco-based game company. Damage Studios is working on Rekonstruction, which is billed as "the next-generation massively multiplayer online game." DiBona was formerly an editor for slashdot.org and the co-editor of Open Sources: Voices From the Open Source Revolution.