Nmap relies for port scanning and other operations on six data
files, all of which have names beginning with
nmap-
. One example is
nmap-services
, a registry of port names to their
corresponding port number and protocol. The others, which this chapter
describes one by one, are
nmap-service-probes
(version detection probe database),
nmap-rpc
(SunRPC program name to number database
for direct RPC scanning),
nmap-os-db
(OS detection database),
nmap-mac-prefixes
(ethernet MAC address prefix
(OUI) to vendor lookup table),
and nmap-protocols
(list of IP protocols for
protocol scan).
The source distribution installs
these files in /usr/local/share/nmap/
and the
official Linux RPMs put them in /usr/share/nmap/
.
Other distributions may install them elsewhere.
The latest versions of these files are kept at http://nmap.org/data/, though it is strongly
recommended that users upgrade to the most recent Nmap version rather
than grabbing newer data files à la carte. There are no guarantees
that newer files will work with older versions of Nmap (though they
almost always do), and the resulting Frankenstein versions of Nmap can
confuse the operating system and service fingerprint submission
process.
Most users never change the data files, but it can be handy for
advanced users who might want to add a version fingerprint or port
assignment for a custom daemon running at their company. This section
provides a description of each file and how they are commonly changed.
The general mechanism for replacing Nmap data files with custom
versions is then discussed. A couple of the files don't relate to
port scanning directly, but they are all discussed here for
convenience.