Review by JP Bourget, CISSP, MCSE, MS

Once again, my company had acquired some new networks for us to take over, and of course, the documentation was from 3 years ago. As part of our due diligence, I had to quickly and accurately figure out everything on the network. How did I accomplish this? With a network mapping utility; and the de facto standard in this area is Nmap! Nmap by Gordon Lyon AKA Fyodor not only saves you time, but, if you really know how to unleash it’s power, it can be your friend for network audit’s, discovering new devices, and even part of the network reconnaissance phase of a Pen Test. Another cool use I just learned from the Fyodor /. Interview was that the Chinese use it to scan for open proxies to bypass the Great Firewall of China. With that kind of flexibility, it is clearly the right tool for this job and many others. But what’s the quickest way to get that power working in my favor?


         
The obvious choice would be an in-depth tome from the author himself, but, after over 10 years in use around the globe, such a book didn’t exist. But after seeing Fyodor’s talk at Defcon 16 in August of 2008 and seeing an actual pre-release copy of his forthcoming book, I couldn’t wait to get my hands on it. Fast forward to January of 2009 when Fyodor sent me a review copy of what is one of the most well written reference books I have had the chance to use to date. Before you even get to chapter one, you get a comprehensive table of contents followed by a list of tables and examples. Every book should do this! It’s also important to note that this book is filled with out-of-the-box command line examples that should be in any pen tester’s toolkit.