- Nmap Network Scanning
- Chapter2.Obtaining, Compiling, Installing, and Removing Nmap
- Windows
Windows
While Nmap was once a Unix-only tool, a Windows version wasreleased in 2000 and has since become the second most popular Nmapplatform (behind Linux). Because of this popularity and the fact thatmany Windows users do not have a compiler, binary executables aredistributed for each major Nmap release. We support Nmap on Windows 7and newer, as well as Windows Server 2008 and newer. We also maintaina guide for userswho must run Nmap on earlier Windows releases. While it has improved dramatically, the Windows port is notquite as efficient as on Unix. Here are the known limitations:
Nmap only supports ethernet interfaces (including most802.11 wireless cards and many VPN clients) for raw packet scans.Unless you use the
-sT -Pn
options, RAS connections(such as PPP dialups) and certain VPN clients are not supported. Thissupport was dropped when Microsoft removed raw TCP/IP socket supportin Windows XP SP2. Now Nmap must send lower-level ethernet framesinstead.When using Nmap without Npcap, you cannotgenerally scan your own machine from itself (using aloopback IP such as 127.0.0.1 or any of itsregistered IP addresses). This is a Windows limitation that wehave worked around in Npcap, which is included in the Windows self-installer.Users stuck without a Npcap installation can use a TCPconnect scan without pinging (
-sT -Pn
) as that usesthe high level socket API rather than sending rawpackets.
Scan speeds on Windows are generally comparable to those onUnix, though the latter often has a slight performance edge. Oneexception to this is connect scan (-sT
), which isoften much slower on Windows because of deficiencies in the Windowsnetworking API. This is a shame, since that is the one TCP scan thatworks over all networking types (not just ethernet, like the raw packet scans).Connect scan performance can beimproved substantially by applying the Registry changes in thenmap_performance.reg
file included with Nmap. By default these changes are applied for you by the Nmap executable installer. This registry fileis in the nmap-
directory of the Windows binary zip file, and<version>
nmap-
in the source tarball (where <version>
/mswin32<version>
is theversion number of the specific release). These changes increasethe number of ephemeral ports reserved for user applications (such asNmap) and reduce the time delay before a closed connection canbe reused. Most people simply check the box to apply these changes in the executable Nmap installer, but you can also apply them by double-clicking onnmap_performance.reg
, or by running the commandregedt32 nmap_performance.reg. To make the changes by hand, add these three Registry DWORD values toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
:
- MaxUserPort
Set a large value such as 65534 (0x0000fffe). See MS KB 196271.
- TCPTimedWaitDelay
Set the minimum value (0x0000001e). See MS KB 149532.
- StrictTimeWaitSeqCheck
Set to 1 so TCPTimedWaitDelay is checked.
Windows users have three choices for installingNmap, all of which are available from thedownload page at https://nmap.org/download.html.
Windows Self-installer
Every Nmap release includes a Windowsself-installer namednmap-
(where <version>
-setup.exe<version>
is the version number of thespecific release). Most Nmap users choose this option since it is soeasy. Another advantage of the self-installer is that it provides the option to install the Zenmap GUI and other tools. Simply run the installer file and let it walk you throughpanels for choosing an install path and installing Npcap. Theinstaller was created with the open-source Nullsoft ScriptableInstall System. After it completes, read the section called “Executing Nmap on Windows” for instructions on executing Nmap on thecommand-line or through Zenmap.
Command-line Zip Binaries
Note | |
---|---|
Most users prefer installing Nmap with the self-installer discussed previously. |
Every stable Nmap release comes with Windowscommand-line binaries and associated files in a Zip archive. Nographical interface is included, so you need to runnmap.exe
from a DOS/command window. Or you candownload and install a superior command shell such as those includedwith the freeCygwinsystem available from https://www.cygwin.com
. Here are the step-by-step instructions for installing and executing the Nmap .zip binaries.
Installing the Nmap zip binaries
Download the .zip binaries from https://nmap.org/download.html.
Extract the zip file into the directory you wantNmap to reside in. An example would be
C:\ProgramFiles
. A directory callednmap-
should be created, which includesthe Nmap executable and data files.<version>
For improved performance, apply the Nmap Registrychanges discussed previously.
Nmap requires the free Npcap packet capture library.We include a recent Npcap installer which is available in the zip fileas
npcap-
,where<version>
.exe<version>
is the Npcap version ratherthan the Nmap version. Alternatively, you can obtain and installthe latest version fromhttps://npcap.com
.Due to the way Nmap is compiled, it requires theMicrosoft Visual C++ Redistributable Package of runtimecomponents. Many systems already have this installed from otherpackages, but you should run
VC_redist.x86.exe
from the zip file just in case you need it.Pass the/q
option to run these installers in quiet (non interactive) mode.Instructions for executing your compiled Nmap aregiven in the section called “Executing Nmap on Windows”.
Compile from Source Code
Most Windows users prefer to use the Nmap binary self-installer,but compilation from source code is an option, particularly if you plan to help with Nmap development. Compilation requiresMicrosoft Visual C++ 2019, which is part of their commercial Visual Studiosuite. Any of the Visual Studio 2019 editions should work, including the freeVisual Studio 2019 Community.
Some of Nmap's dependencies on Windows are inconvenient to build. Forthis reason, precompiled binaries of the dependencies are stored inSubversion, in the directory /nmap-mswin32-aux
.When building from source, whether from a source code release or fromSubversion, check out /nmap-mswin32-aux
asdescribed below.
Compiling Nmap on Windows from Source
Download the Windows dependencies from Subversion with the commandsvn checkout https://svn.nmap.org/nmap-mswin32-aux.The build files are configured to look for dependencies in thischecked-out directory. If you want to build the dependencies yourselfinstead, you will have to reconfigure the Visual Studio project files topoint to the alternate directory.
Decide whether to obtain the Nmap source code by downloading the latest release from nmap.org, or using a Subversion client to retrieve even newer (but less tested) code from our repository. These instructions are for the web download approach, but using Subversion instead is straightforward (see the section called “Obtaining Nmap from the Subversion (SVN) Repository”).
Download the latest Nmap source distribution from https://nmap.org/download.html. It has the name
nmap-
or<version>
.tar.bz2nmap-
. Those are the same tar file compressed using bzip2 or gzip, respectively. The bzip2-compressed version is smaller.<version>
.tgzUncompress the source code file you just downloaded. Thesource code directory and the
nmap-mswin32-aux
mustbe in the same parent directory.Recent releases of the free Cygwin distribution can handle both the.tar.bz2
and.tgz
formats. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common WinZip application can decompress these files.Open Visual Studio and the Nmap solution file (
nmap-
).<version>
/mswin32/nmap.slnRight click on
Solution 'nmap'
in the Solution Explorer sidebar and choose “Configuration Manager”. Ensure that the active solution configuration isRelease
and then close the Configuration Manager.Build Nmap by pressing F7 or choosing “BuildSolution” from the GUI. Nmap should begin compiling, andend with the line “
-- Done --
” sayingthat all projects built successfully and there were zerofailures.The executable and data files can be found in
nmap-
. You can copy them to a preferred directory as long as they are all kept together.<version>
/mswin32/Release/Ensure that you have Npcap installed. You can obtain it byinstalling our binary self-installer or executing
npcap-
fromour zip package. Alternatively, you can obtain the official installer at<version>
.exehttps://npcap.com
.Instructions for executing your compiled Nmap aregiven in the next section.
If you wish to build an Nmap executable Windowsinstaller or Zenmap executable,see docs/win32-installer-zenmap-buildguide.txt in the Nmap SVN repository.
Many people have asked whether Nmap can be compiled with thegcc/g++ includedwith Cygwin or other compilers. Some users have reported success withthis, but we don't maintain instructions for building Nmap underCygwin.
Executing Nmap on Windows
Nmap releases now include theZenmap graphical user interface for Nmap.If you used the Nmap installer and left the Zenmap field checked,there should be a new Zenmap entry on your desktop and Start Menu.Click this to get started. Zenmap is fully documented inChapter12, Zenmap GUI Users' Guide. While many users love Zenmap, others preferthe traditional command-line approach to executing Nmap. Here aredetailed instructions for users who are unfamiliar with command-lineinterfaces:
Make sure the user you are logged in as hasadministrative privilegeson the computer (user should be a member of the
administrators
group).Open a command/DOS Window. Though it can be found inthe program menu tree, the simplest approach is to choose “Start” -> “Run” and type cmd<enter>. Opening a Cygwin window (if you installed it) by clicking on the Cygwin icon on the desktop works too, although the necessary commands differ slightly from those shown here.
Change to the directory you installed Nmap into. You can skip this step if Nmap is already in your command path (the Zenmap isntaller adds it there by default). Otherwise, type the following commands.
c:
cd "\Program Files (x86)\Nmap"
On Windows releases prior to Windows 7, specify
\Program Files\Nmap
instead. The directory will also be different if you chose to install Nmap in a non-default location.Execute nmap.exe. Figure2.1 is a screen shot showing a simple example.
Figure2.1.Executing Nmap from a Windows command shell
If you execute Nmap frequently, you can add the Nmap directory(c:\Program Files (x86)\Nmap
by default) to your command execution path:
Open the System Properties window to the Advanced tab by running
SystemPropertiesAdvanced.exe
.Click the “EnvironmentVariables” button.
Choose
Path
from theSystem variables
section, then hitedit.Add a semi-colon and then your Nmap directory (e.g.
c:\Program Files (x86)\Nmap
) to the end of the value.Open a new command prompt and you should be able to execute acommand such as nmap scanme.nmap.org from any directory.