While Nmap was once a Unix-only tool, a Windows version was
released in 2000 and has since become the second most popular Nmap
platform (behind Linux). Because of this popularity and the fact that
many Windows users do not have a compiler, binary executables are
distributed for each major Nmap release. While it has improved
dramatically, the Windows port is not quite as efficient or stable as
on Unix. Here are some known limitations:
You cannot generally scan your own machine from itself (using a loopback IP such as 127.0.0.1 or any of its registered IP addresses). This is a Windows limitation that we haven't yet worked around. If you really want to do this, use a TCP connect scan without pinging (-sT -PN
) as that uses the high level socket API rather than sending raw packets.
Nmap only supports ethernet interfaces (including many 802.11 wireless cards) unless you use the -sT -PN
options. RAS connections (such as PPP dialups) are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead.
Version detection cannot use SSL scan-through
Scans speeds on Windows are generally comparable to those on
Unix, though the latter often has a slight performance edge. One
exception to this is connect scan (-sT
), which is
often much slower than on Unix because of deficiencies in the Windows
networking API. This is a shame, since that is the one TCP scan that
works against localhost and over all networking types (not just
ethernet, like the raw packet scans). Connect scan performance can be
improved substantially by applying the Registry changes in the
nmap_performance.reg
file included with Nmap. It
is in the nmap-version
directory of the Windows binary zip file, and
nmap-version
/mswin32
in the source tarball (where version
is the
version number of the specific release). These changes increase
the number of ephemeral ports reserved for user applications (such as
Nmap) and decreases the amount of time before a closed connection can
be reused. Apply the by double-clicking on
nmap_performance.reg
, or run the command
regedt32 nmap_performance.reg. Or you can make the
changes by hand. Simply add these three Registry DWORD values to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
:
- MaxUserPort
Set a large value such as 65534 (0x0000fffe). See MS KB Q196271
- TCPTimedWaitDelay
Set the minimum value (0000001e). See MS KB Q149532
- StrictTimeWaitSeqCheck
Set to 1 so TcpTimedWaitDelay is checked.
![[Note]](note.png) | Note |
---|
I would like to thank Ryan Permeh of eEye, Andy Lutomirski, and
Jens Vogt for their hard work on the Nmap Windows port. For many
years, Nmap was a Unix-only tool, and it would likely still be that
way if not for their efforts. |
Windows users have three choices for installing
Nmap, all of which are available from the
download page at http://nmap.org/download.html
Every major “stable” Nmap release comes with Windows
self-installer named
nmap-version
-setup.exe
(where version
is the version number of the
specific release). Most Nmap users choose this option since it is so
easy. Simply run the installer file and let it walk you through
panels for choosing an install path and installing WinPcap. The
installer was created with the open source Nullsoft Scriptable
Install System After it completes, read the section called “Executing Nmap on Windows” for instructions on executing Nmap on the
command-line.
Command-line Zip Binaries
![[Note]](note.png) | Note |
---|
Most users prefer installing Nmap with the self-installer discussed previously. |
Every stable Nmap release comes with Windows
command-line binaries and associated files in a Zip archive. No
graphical interface is included, so you need to run
nmap.exe
from a DOS/command window. Or you can
download and install a superior command shell such as those included
with the free Cygwin system available from http://www.cygwin.com Here are the step-by-step instructions for installing and executing the Nmap .zip binaries.
Installing the Nmap zip binaries
Download the .zip binaries from http://nmap.org/download.html
Uncompress the zip file into the directory you want
Nmap to reside in. An example would be C:\Program
Files
. A directory called
nmap-version
should be created, which includes
the Nmap executable and data files. Microsoft Windows XP and Vista
include zip extraction—just right-click on the file in
Explorer. If you do not have a Zip
decompression program, there is one (called unzip) in Cygwin described
above, or you can download the open source and free 7-zip utility Commercial
alternatives are Winzip and
PKZIP
For improved performance, apply the Nmap Registry
changes discussed previously.
Nmap requires the free WinPcap packet capture library.
Obtain and install the latest version from http://www.winpcap.org They distribute an executable
installer which makes this easy. You must have version 4 or
later.
Instructions for executing your compiled Nmap are
given in the section called “Executing Nmap on Windows” Take special note of the
WinPcap requirement.
Most Windows users prefer to use the Nmap binary self-installer,
but compilation from source code is an option, particularly if you plan to help with Nmap development. Compilation requires
Microsoft Visual C++ 2005, which is part of their commercial Visual Studio suite. Any of the VS editions should work.
Microsoft also distributes a free application named Visual C++ 2005
Express This works for Nmap compilation as long as you first install and configure the Platform SDK as described at http://msdn2.microsoft.com/en-us/express/aa700755.aspx
Compiling Nmap on Windows from Source
Download the latest Nmap source distribution from http://nmap.org/download.html It has the name nmap-version
.tar.bz2 or nmap-version
.tgz . Those are the same tar file compressed using gzip or bzip2, respectively. The bzip2-compressed version is smaller.
Uncompress the source code file you just downloaded. Recent releases of the free Cygwin distribution can handle both the .tar.bz2 and .tgz. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common Winzip application can decompress the .tgz version.
Open Visual Studio and the Nmap solution file ( nmap-version
/mswin32/nmap.sln
).
Choose “Build Solution” from the “Build Menu”. Nmap should begin compiling, and end with the line “-- Done --
” saying that all projects built successfully and there were 0 failures.
The executable and data files can be found in nmap-version
/mswin32/Release/
. You can copy them to a preferred directory as long as they are all kept together.
Instructions for executing your compiled Nmap are
given in the section called “Executing Nmap on Windows” Take special note of the
WinPcap requirement.
Many people have asked whether Nmap can be compiled with the
gcc/g++ included
with Cygwin or other compilers. Some users have reported success with
this, but we don't maintain instructions for building Nmap under
Cygwin.
Executing Nmap on Windows
Nmap releases now include the
Zenmap graphical user interface for Nmap. If
you used the Nmap installer and left the Zenmap field checked, there
should be a new Zenmap entry on your desktop and Start Menu. Click this
to get started. While many users love Zenmap, others prefer the
traditional command-line approach to executing Nmap. Here are
detailed instructions for users who are unfamiliar with command-line
interfaces:
Make sure the user you are logged in as has administrative privileges on the computer (user should be a member of the administrators
group).
Open a command/DOS Window. Though it can be found in
the program menu tree, the simplest approach is to choose “Start”
-> “Run” and type cmd<enter>. Opening a Cygwin window (if you installed it) by clicking on the Cygwin icon on the desktop works too, although the necessary commands differ slightly from those shown here.
Change to the directory you installed Nmap into. Assuming you used the default path, type the following commands.
c:
cd "\Program Files\Nmap"
Execute nmap.exe. Figure 2.1, “Executing Nmap from a Windows command shell” is a screen shot showing a simple example.
If you execute Nmap frequently, you can add the Nmap directory
(c:\Program Files\Nmap
in this case) to
your command execution path. The exact place to set this varies by
Windows platform. On my Windows XP box, I do the following:
From the desktop, right click on My
Computer
and then click “properties”.
In the System Properties window, click the
“Advanced” tab.
Click the “Environment
Variables” button.
Choose Path
from the
System variables
section, then hit
edit.
Add a semi-colon and then your Nmap directory (such as
c:\Program Files\Nmap
) to the end of the value.
Open a new DOS window and you should be able to execute a
command such as nmap scanme.nmap.org from any directory.