Nmap (Network Mapper) security scanner is a free and open source utility for network exploration or security auditing. Nmap can determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap is a favorite hacker tool to scan for open ports. Best of all, most operating systems are supported by Nmap, including Microsoft Windows.

Nmap was originally a command-line tool for Unix only. Since 2000, a Windows version was released and has since become the second most popular Nmap platform (behind Linux). Although it’s popular, Windows port is still not as stable or as efficient as Nmap on Unix. And Nmap on Windows has some limitations, including it’s not possible to scan host machine (where Nmap is running) by using loopback IP address or registered IP address, only Ethernet network interface is supported (although it includes support for 802.11 wireless network), version detection cannot use SSL scan-through and network scans initiated from Windows often slower than scan initiated from Unix, especially TCP connect scan (-sT) because of shortcomings in the Windows networking API.

There are two ways to install Nmap in Windows operating system environment, both of which are available from the download page at https://nmap.org/download.html. Nmap requires the free WinPcap packet capture library which can be obtained from WinPcap. Download and install the latest version of WinPcap (version 3.1 or later). There is an executable installer which automates the installation process.

Command Line Zip Binaries

If you download latest version of Nmap in a zip file format, uncompress the zip-file into the directory you want Nmap to reside in (e.g. “C:\Program Files\”) by using any compression utility such as 7-zip, WinZip and PKZip. A directory called nmap-VERSION will be created, and Nmap executable and data files will be extracted to the folder.

After installing, optionally you may apply the Nmap registry changes for Windows for improved performance by double clicking the nmap_performance.reg file located in the Nmap directory, which will make three registry changes in order to increase the number of ephemeral ports reserved for applications such as Nmap, and decrease the amount of time before a closed connection can be reused.

To use Nmap, just go to the installation folder and execute Nmap. To access Nmap from any directory, add the path to Nmap installation directory to Windows PATH environment variables.

Executable Windows installer

There is also an executable Windows installer for Nmap which is recommended way to install Nmap on Windows machine. The installer can handle WinPcap installation, perform registry performance tweaks, and decompressing the executable and data files into your preferred location, making the installation very easy.

The installer doesn’t add Nmap shortcut to the Programs menu as nmap.exe needed to be run from a DOS command prompt. Only WinPcap appears in the Add/Remove applet in Control Panel. To uninstall and remove Nmap, run the uninstall program in the Nmap folder.

Note: Nmap now has Zenmap as the graphical front end.

The default install directory is C:\Program Files\Nmap but because the installer adds Nmap to the Windows’s PATH environment variable, Nmap can be called and executed from any directory. So to run and test Nmap, open a Command Prompt window and type the following, which will scan the host scanme.insecure.org:

nmap -A -T4 scanme.insecure.org

The A and T4 options enable OS and version detection, and set the timing template to “aggressive.” There are more than a hundred command-line options for Nmap. Note that the command options are case-sensitive.

All error messages when running Nmap on Windows will be wrote into Windows event log for troubleshooting.