After scanning, Nmap’s output is displayed. This output will be
familiar to Nmap users. Apart from Zenmap’s output highlighting
it doesn’t offer any advantages over running Nmap in a terminal.
However, other parts of Zenmap’s interface interpret and
aggregate the terminal output in a way that aims to make the scan
results easy to understand and use.
Within each scan tab, there are four sub-tabs that display
different aspects of the scan results. They are: “Ports /
Hosts”, “Nmap Output”, “Host
Details”, and “Scan Details”. Each of
these will be discussed.
The Ports / Hosts tab’s display is
different depending on whether a host or a service is currently
selected. When a host is selected, it shows all the interesting
ports on a certain host, along with version information if
available. For how to select a host, see
the section called “Sorting by host”
When a service is selected, the Ports / Hosts tab shows all the
hosts which have that port open or filtered. This is a good way to
quickly answer the question “What computers are running
HTTP?” For how to select a service, see
the section called “Sorting by service”
The Nmap Output tab is the one displayed by
default when a scan is run. It shows the familiar Nmap terminal
output. The output is refreshed from the running Nmap every few
seconds but if you are impatient you can click the
“Refresh” button to do it more frequently. The display
highlights parts of the output according to their meaning; for
example, open and closed ports are displayed in different colors.
The highlighting can be turned on and off by toggling the
“Enable Nmap output highlight” check box. Near
the bottom of the display, there is a
“Preferences” button, which when clicked opens
a dialog that shows what parts of the output are highlighted and
allows the highlighting to be customized. Custom highlights are
stored in zenmap.conf
; see the section called “Description of zenmap.conf
”
The Host Details tab breaks all the
information about a single host into a hierarchical display. Shown
are the host’s names and addresses, its state (up or down),
and the number and status of scanned ports. The host’s uptime,
operating system, its OS icon (see Table 12.2, “OS icons”), and other associated details are shown
if they are available. (If no exact OS match was found there will be
a display showing the closest matches.) There is an icon that gives
a rough estimate of the host’s “vulnerability”,
which is based solely on the number of open ports. The icons are
shown in Table 12.1, “Vulnerability icons” There is also
a collapsible text field for storing a comment about the host which
will be saved when the scan is saved to a file (see the section called “Saving and loading scan results”).
Table 12.1. Vulnerability icons
|
0–3 open ports.
|
|
4–5 open ports.
|
|
6–7 open ports.
|
|
8–9 open ports.
|
|
10 or more open ports.
|
The Scan Details tab gives miscellaneous
information about the scan as a whole (it is not host-specific).
Among other things, this tab shows the Nmap command that was run,
the version of Nmap used, start and end times for the scan, and a
list of ports or protocols that were scanned.
On the left side of a scan tab is a column headed by two buttons
labeled “Hosts” and
“Services”. Clicking the
“Hosts” button will bring up a list of all
hosts that were scanned, as in Figure 12.5, “Host selection” Commonly this will be just a
single host, but it could be thousands in a large scan. The host
list can be sorted by OS or host name/IP address by clicking the
headers at the top of the list.
Each host is labeled with its host name or IP address and has an
icon indicating the operating system that was detected for that
host. The icon is meaningful only if operating system detection
was performed using the -O
option. Otherwise, the
icon will be a default one indicating that the OS is unknown.
Table 12.2, “OS icons” shows what icons are possible.
Note that Nmap’s OS detection cannot always provide the level
of specificity implied by the icons; often a Red Hat Linux host will
be displayed with the generic Linux icon.
Table 12.2. OS icons
OS detection not performed
|
FreeBSD
|
Irix
|
Linux
|
Mac OS
|
OpenBSD
|
Red Hat Linux
|
Solaris or OpenSolaris
|
Ubuntu Linux
|
Microsoft Windows
|
Other (no specific icon)
| |
Selecting a host will cause the “Ports / Hosts”
tab to display the interesting ports on that host.
Above the same list that contains all the scanned hosts is a button
labeled “Services”. Clicking that will change the
list into a list of all ports that are open
,
filtered
, or open|filtered
on
any of the targets, as in
Figure 12.6, “Service selection” The ports are
identified by service name (http
,
ftp
, etc.). The list can be sorted by clicking
the header of the list.
Selecting a host will cause the “Ports / Hosts”
tab to display all the hosts that have that service open or
filtered.