Nmap Network Scanning
The Official Nmap Project Guide to Network Discovery and Security Scanning
Written by Nmap's own author, this is both a gentle introduction to port scanning and the definitive reference for every flag, timing knob, and NSE script the tool ships with.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Gordon Fyodor Lyon
- Published
- 2009
- Publisher
- Nmap Project
- Pages
- 468
- Language
- English
Prerequisites
Basic TCP/IP literacy. You should know what a port, a packet, and a three-way handshake are before chapter three earns its keep.
Read this if
Anyone who runs Nmap regularly and wants to actually understand its output, and pentesters or admins who need the authoritative explanation of scan types and timing.
Skip this if
Readers wanting a modern, broad recon toolkit. Skip this if you want coverage of cloud-era discovery; it is deep on one tool, not a survey.
Key takeaways
- The difference between scan types (SYN, connect, ACK, idle) is about what the network tells you, not just speed.
- Timing and performance tuning is where real-world scanning succeeds or gets you blocked, and the book treats it as a first-class topic.
- The Nmap Scripting Engine turns the scanner into a lightweight vulnerability and discovery framework, and the reference chapters are the best documentation that exists for it.
Notes
Still the single best book on Nmap because the author wrote both the tool and the prose, and the explanations of why each scan behaves as it does have aged perfectly. What has aged is the surrounding world: it predates the NSE script explosion of the 2010s and says nothing about cloud or containerized targets, so read it as the canonical reference for the engine, not a current recon playbook.
What to read before
What to read before Nmap Network Scanning →Beginner · 2014
Penetration Testing
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.
Beginner · 2017
Practical Packet Analysis
Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.
Intermediate · 2020
Black Hat Go
Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.
What to read next
What to read after Nmap Network Scanning →Intermediate · 2020
Black Hat Go
Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.
Intermediate · 2021
Black Hat Python
Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.
Intermediate · 2011
The IDA Pro Book
Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.
Explore similar books
Alternatives to Nmap Network Scanning →Intermediate · 2021
Black Hat Python
Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.
Intermediate · 2020
Black Hat Go
Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.
Advanced · 2005
Silence on the Wire
Michal Zalewski's classic on the indirect attack surface: timing channels, protocol-stack fingerprinting, and the often-overlooked side data leaked by every layer of a stack.