The benefits of running nmap as root

When run as root nmap is able to perform several features not available to non-root users. The most obvious is being able to create custom packets useful for operating system detection. Another useful feature is the ability to listen for packets from hosts being scanned. Firewalls blocking TCP ports will commonly send back an ICMP notification that the port is closed instead of simply sending a RST as is usual for a closed port. Most TCP implementations don’t take this into account and continue waiting for a connection to be established, timing out instead. If nmap is able to listen for these ICMP packets then it will not waste time on those ports that it has been told are closed by the firewall, and it will tell you that the port if filtered.

Update: I wrote this a while ago. The ‘most TCP implementations’ thing might not be quite as true now.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s