Professor Messer’s Nmap Secrets Training Course

This Nmap Secrets Training Course has been retired.
This page will remain for future reference.




How safe is your network?

Are you tired of finding security holes
AFTER the systems have been attacked?

Have you ever wondered what the bad guys see
when they hunt around on your network?

Have you always wanted to use Nmap to its full capabilities,
but didn’t know where to start?




The Biggest Problems are Those You Can’t See

I used to wade through pages of security log files and reports in the hopes of keeping my network safe and my systems secure. But even after all of my analysis, I still wasn’t completely sure that my systems were really protected. I was testing my systems with well-known security tools that checked for vulnerabilities, and I was spending a large part of my day reading through log files that told me a lot of details about what happened AFTER the security breaches had already occurred. I was missing important reconnaissance that would have shown me exactly what the bad guys were seeing.

I knew Nmap could help, but I wasn’t sure if I was taking advantage of everything it had to offer. Although it was simple to run the default Nmap scan, I wasn’t completely certain what the output really meant and the hundreds of additional scan methods and options were almost overwhelming. I found many web sites that gave me pieces of what I needed, but detailed instructions and tutorials didn’t seem to be available anywhere.

To get a complete picture of Nmap’s operation, I broke down every Nmap scan and every option to gain an understanding of exactly what was happening over the network. Through my research, I’ve made thousands of Nmap scans and sifted through millions of network packets. I’ve created documentation that will help you understand exactly how Nmap interacts with the devices across the network. This Professor Messer “Nmap Secrets” training course is the result of this extensive research.



“I had heard about the power of Nmap, but I never had anyone or any course material help channel that knowledge – until now. This material has been a great addition to my library, and I am now using Nmap on a daily basis.”

– Sean McClanahan, West Des Moines, Iowa


Protect your important information

and critical systems with Nmap

Nmap is arguably the most popular security software in the world, with thousands of downloads every day. It’s used in the biggest corporate networks in the world, governments use Nmap to protect their systems, and it’s even seen in the Hollywood blockbuster “The Matrix Reloaded.” Best of all, Nmap is free software that’s well supported through an active open source community of developers.

Nmap didn’t become this popular because of clever onscreen product placements. It’s used so prominently because it’s a powerful piece of security software that can tell you more about your systems than most people realize.

Nmap can automatically detect nearly invisible nuances in network communications to determine open ports, operating systems, and even the version numbers of your critical services – all without ever logging in or authenticating to the remote device! Nmap’s scanning methods allow for reconnaissance of devices through firewalls, around gateways, or even through encrypted tunnels.


Have you Tapped Into the Power of Nmap?

Unfortunately, most of Nmap’s usefulness is never realized by the majority of security professionals. Many Nmap users run the default scan with the default options, never realizing the potential that exists just underneath the surface. It’s like owning a high-performance racecar and never leaving your driveway!

It’s time to change all of that. We’ve created “Nmap Secrets,” a video-based training course designed to fit the needs of the beginning security manager as well as the seasoned professional. If you want to learn about the most popular Nmap features (and a few you might have never have heard of), then our “Nmap Secrets” training course is a perfect fit!


Nmap Secrets Training Course

The Industry’s Only Nmap Training Course


  • Structured, Video-Based Training Modules – “Nmap Secrets” consists of eleven training modules, with over 3 and 1/2 hours of Nmap-focused lectures and on-screen demonstrations. Each module builds on the previous training content, and the video-based training allows you to learn at your own pace.

  • Watch Real-Time Screencasts – After the lectures provide you with a knowlegable foundation, we provide reinforcement of the concepts with on-screen demonstrations. “Nmap Secrets” contains OVER THIRTY live demonstrations with audio narration and video annotations. Important lecture points are reinforced immediately through video screencasts that you can pause, rewind, and watch over and over again. You’re in complete control!

  • Read Every Word – Here’s a feature that you won’t find in most IT training curriculum; every lecture and every screencast is completely transcribed. If you work in an environment where it’s difficult to hear your computer or you need assistance to hear, you’ll be able to read along with every on-screen activity. The video lecture, training slides, screencast demonstrations, and transcriptions can all be visible onscreen simultaneously, and our course transcription will never get in the way of your training materials. You can even search through the text in a module to find any topic quickly!

  • It’s Not Over ‘Till It’s Over – Every module includes review guides that highlight the most important points and provide additional information on details that weren’t covered in the lecture audio. This review guide also consolidates useful web site and download links into a single point of reference for each “Nmap Secrets” module.



Want to see what you’ll get?

Watch a free sample from the actual Nmap Secrets training course!


Nmap Secrets Screenshot

Try it Now!
Low Bandwidth Video OverviewHigh Bandwidth Video Overview



Nmap Secrets Module Overview

Do you know these Nmap Secrets?

Module 1 – Getting Started with Nmap

Module One will provide you with an overview of the entire course, along with a sneak peek of the secrets that we’ll uncover along the way.

Module One

  • Nmap’s features go well beyond port scanning, to include a v_______ i________, o___________ s______ f______________, and i____ s________.
  • If always having the latest Nmap features is important, then you may want to consider using _____ as your primary Nmap operating system.
  • Although Nmap’s Linux installation process is very flexible, it does require a ___ ________.
  • If you’re going to run Nmap from a Live CD distribution, we recommend _____ _______ _________ ________, ___, or ___.



Module 2 – Nmap Basics

Module Two provides an overview of network protocols, the Nmap scan process, and we’ll learn the secrets for increasing the speed of this process. We’ll also run our first Nmap scan and analyze the results.

Module Two

  • The protocols __, ___, ___ and ____ are the foundation of IP networking, and they’re also the protocols that Nmap uses to perform its magic.
  • _____________ ________ _______ is the most used IP-based protocol on the Internet.
  • The ____ protocol doesn’t transfer any application data at all.
  • Although the Nmap scan process occurs quickly and seamlessly, Nmap usually performs ____ steps each time a scan is executed.
  • By default, Nmap won’t scan a remote device unless it can confirm that the device _________ _______.



Module 3 – Scans for Every Occasion

Module Three introduces four of the most popular, most useful, and most versatile Nmap scanning methods. Even if you learn of no other scanning methods, these four scan types will get your through the vast majority of Nmap scanning situations. The TCP SYN scan, TCP connect() scan, Ping scan, and UDP scan provide different information for use in different situations. By the end of this module, you’ll be very familiar with these scans, and you’ll have a perfect understanding of when to use each scan. You may never run Nmap with just the default options ever again!

Module Three



  • If you’re the Administrator in Windows or running at root in Linux, you’ve probably run the ___ ___ scan by default and not even realized it!
  • _________ will usually delay a scan due to the number of retransmissions that Nmap performs in an attempt to get a packet through the network.
  • The SYN scan greatly increases the number of ___ frames sent across the network.
  • If you don’t have privileged access, a good option to the TCP SYN scan is the ___ ________ scan.
  • Other than the TCP connect() scan, the only other Nmap scan that identifies TCP ports but doesn’t require privileged access is the ___ ______ ______.
  • The ____ scan is one of the quickest scans that Nmap performs.



Module 4 – “Back Pocket” Scans

Sometimes, you’ll run into a situation where a normal Nmap scan isn’t providing you with all of the information you need. This may be a situation where remote devices aren’t responding, or perhaps you aren’t able to identify any available ports on a remote device – even though you can easily connect to its web server! In these situations, it’s useful to have a few tricks in your back pocket.

Module Four



  • From a security perspective, a “_____________ server is a serious concern and you don’t want to find one on a production network. However, if one happens to be available, it’s extremely useful for gathering information about remote devices.
  • The ___ ______ _______ is useful because of the extensive scanning you can do “through” a firewall.
  • The _________ is quite stealthy, since the target device never knows the IP address of the Nmap station performing the scan.
  • Nmap’s idlescan is only useful if you can find a ______ _______ with predictable _____.


Module 5 – Useful Scanning Options

In module five, we’ll concentrate on some useful scanning options that will assist you with building Nmap scan sessions that are effective and efficient. First, we’ll show you the secrets to easily excluding or including target addresses for your Nmap scans. We’ll discover how to exclude from the command line, and we’ll also show you how building a file of IP addresses or names can integrate the Nmap scan process with other network utilities. During a scan, we’ll often want to know the status of a particular port. With Nmap’s port number options, we can limit our scans to specific applications and focus our efforts on identifying the systems that interest us the most.

Module Five



  • One of the easiest ways to exclude target systems is on the ____ ________ ____.
  • With a single command line option of _____________, we can control exactly which remote devices will be scanned and which will not.
  • Nmap is very flexible when specifying IP addresses. You can use h_______, C____-b______ a________, or use an a________.
  • Scanning for small groups of ports on the command line is easy with the ___ parameter.



Module 6 – Nmap “Pings” – The Search for Hosts

There’s a lot to Nmap’s ping process, and we’ll start with defining a ping. From there, we’ll move to Nmap’s default pings – the ARP ping and the ICMP and TCP ACK ping combo. To really make the most of Nmap’s pings, we’ll also investigate the details of the TCP SYN ping and the UDP ping. And then, after spending all of that time and effort learning about Nmap’s ping process, we’ll show you how to turn it off. Why would you want to do that? Don’t worry, we’ll show you all of the secrets!

Module Six


  • The Nmap ping is considered successful even if it gets an _____ _______ from a remote device.
  • __________ the ping process can add enormous time to your scan if you are scanning a range of IP addresses and a number of IP addresses aren’t active.
  • As Nmap pings go, the ___ ping is extremely reliable.
  • If an Nmap ____ ____ ________ returns a response, you can be relatively sure that most other protocols will also pass without filtering.



Module 7 – Recon Scanning

In this module, we’ll investigate the secrets of network reconnaissance, and we’ll take you through the details of two major Nmap features – operating system fingerprinting and version detection. After this module is complete, you’ll understand the power behind the recon scans and know exactly why Nmap is one of the most impressive security tools available!

Module Seven



  • Nmap can determine the operating system of a remote device without ______________ ____ the system or opening an ___________ _______.
  • For an operating system scan to operate at peak effectiveness, Nmap must have identified at least one ____ ____ and one _______ ____.
  • Without logging in, Nmap is smart enough to determine the ____, _____, and ________ of an active service.
  • In the version detection scan, Nmap really doesn’t care what _____ ___ _______.



Module 8 – Ninja Scanning

In this module we’ll introduce you to Nmap’s art of invisibility. You’ll learn all of the secrets of using Nmap on a network in stealth mode, where you can come and go like the wind.

Module Eight



  • By default, Nmap will ____ every device on every scan, regardless of the scan type.
  • To be the most invisible network ninja, you’ll want to disable the ____ _______.
  • For the best possible ninja scanning, always run as a __________ ____.
  • If multiple timing options are used on the command line, Nmap will use the last _______ as the priority.
  • The ______ ______ ________ option disregards any host exclusions, so if there are devices that should never be scanned this may not be the best option to use.
  • With Nmap’s _____ ______ _______ s________ option, a network ninja could anonymously scan any device on a local IP subnet.



Module 9 – Output Options

Nmap includes a number of output options, and this module takes us through them all. We’ll show you the differences in the output options, including how to convert Nmap’s XML output into some great HTML-based reports. You won’t want to miss this!


Module Nine


  • Nmap’s “_______” output format works well for printing or for use in a document.
  • If you need to search through a large quantity of Nmap output, the ________ output format is a perfect choice.
  • If you use the ___ output format, you can get an HTML version of Nmap’s output automatically in any modern web browser.
  • When resuming an Nmap scan, it’s important to understand exactly when a scan to a host has ________ ___________.



Module 10 – Windows and Nmap

In this module, we’ll learn about the history of Nmap and Windows – both the good, and the bad. Although there have been some significant operational issues with Windows, the few Windows-related issues that exist today are easy to work around, and we’ll show you how. Although Windows handles Nmap well, it’s still not perfect. There are a few downsides to using Nmap in Windows, so we’ll walk you through the good with the bad.

Module Ten


  • All Nmap-specific registry changes and required software drivers are included with Nmap’s _________ ________.
  • It’s impossible to run Nmap on a third-party Windows computer that doesn’t have _______ installed.
  • The slowest part of the Nmap scanner in Windows is the ___ _______ scan!



Module 11 – Real-World Nmap Scanning

In this module we’ll discuss six Nmap scanning techniques that can get you through some pretty nasty security problems. First, we’ll look at identifying the remnants of a virus outbreak or spyware infestation. These situations often leave some residuals traces, and we’ll show you the secrets to finding all of the shrapnel. Then, we’ll move to a more traditional use of Nmap – vulnerability assessments. Once we’re sure our systems are secure, we’ll have a look at ongoing testing with some security policy compliance testing. Our administrative tasks then turn to asset management and keeping track of all of those systems throughout the network. Another great technique of Nmap is the ability to audit firewall configurations. Can Nmap make it through your barriers? We’ll find out! And finally, we’ll learn the secrets behind keeping your network safe every day of the year with perpetual network auditing techniques.

Module Eleven



  • On a network with many devices, the __ option can provide a dramatic speed increase over the huge number of ports in a default scan.
  • By using the _____ option, we can tell the network team that there’s no possible way for our security scans to interfere with production traffic traversing the WAN.
  • ____ ________ is one of the slowest parts of any scan. Disabling this feature with the __ option may provide some significant speed increases.
  • When auditing firewalls, the Nmap ___ scan is a perfect solution for determining what’s filtered and not filtered.
  • The ___ scan is very passive, and it’s very unusual to have this scan cause any type of harm to a network service.

Why Computer-Based Training?

IT professionals everywhere are taking advantage computer based training, and why wouldn’t they? Look at these benefits:

  • No travel – Flights and lodging to an off-site training course can be a major expense. With Nmap Secrets, you can do all of your training from home or work!
  • Geographically Independent – Learn the secrets of Nmap from anywhere in the world.

  • Immediately Available – Nmap Secrets is available immediately, with no delivery delays, no shipping costs, and no waiting.

  • Always Online – Nmap Secrets is provided online, so you can learn Nmap in the middle of the night or on the weekend. You can train whenever you want!

  • You Can’t Misplace It – There’s no CD or DVD to lose, and your training materials will never become damaged or broken.

  • Modular Training – You can learn what you need now and come back months later to build on your knowledge.

  • Standard Delivery Method – We’ve built “Nmap Secrets” to be available on most operating systems, including Windows, Linux, and MacOS.

It Doesn’t Cost a Fortune to

Learn All of These “Nmap Secrets!”

Here is what’s included with your “Nmap Secrets” investment:

  • Over three and one-half hours of Nmap video training, including
    thirty screencast demonstrations

  • Full transcriptions of every lecture and every demonstration

  • Eleven online training module review guides

  • High-bandwidth and low-bandwidth versions of every module

“I have played around with Nmap for several years without really getting my head under the hood. The Nmap course along with Professor Messer’s book and charts opened my eyes to a lot of new ways of implementing this powerful tool. “

– Brian T. O’Hara, Tech Defenders, Inc., Fort Wayne and Indianapolis, Indiana



Don’t Miss These FREE BONUSES!

As if the ELEVEN “Nmap Secrets” videos weren’t enough,
we’re also including these special bonuses!

BONUS #1
The “Nmap Secrets” Trace File Library

A $27 value, yours FREE!

Trace File Library

These TWENTY downloadable trace files allow you to follow along with our demonstration screencasts. These are the traces I use in the videos, so you can dive into the details to get as much information as you need.



BONUS #2
The Nmap Quick Reference Guide

A $27 value, yours FREE!

Nmap Quick Reference Guide 

Our popular Nmap Quick Reference Guide was included with the first edition of our Nmap book, and this new guide has been updated and enhanced. This colorful digital guide can be downloaded and printed to provide a handy reference of every Nmap option.



BONUS #3
Customized Nmap Coloring Rules for Wireshark

A $27 value, your FREE!

Customized Wireshark Coloring Rules

We’ve customized a set of Wireshark protocol decode colors to match Nmap’s scanning techniques, and they’re included with this training course. Once you download and install these coloring rules into your copy of Wireshark, you’ll be amazed at how your Nmap scans come to life!



BONUS #4
Lifetime Access to the Professor Messer Security Insider Ezine

A $97 value, yours FREE!

Professor Messer Security Insider Ezine

Our Ezine contains contains the latest security news, strategies for dealing with critical security issues, and you’ll occasionally receive a new movie or MP3 presentation to help with your ongoing education.

Nmap Secrets Delivery and Format

Since all of these products are digital, the product graphics on this page are for illustrative purposes only.

Once your payment is authorized, The “Nmap Secrets” training course and all product bonuses will be delivered to you digitally via instant online access to a secure area of this website.

Due to bandwidth requirements,
it is highly recommended that you have high-speed Internet access.

NOTE: The videos will be provided to you online in streaming Adobe Flash format. You’ll also need Acrobat Reader to view the Adobe PDF-formatted bonus content. You can use these links to update or install the latest versions for Flash and Acrobat Reader (a new window will open).

“Something like this is long overdue!”

– Mike O., San Jose, California


Nmap is a trademark of Insecure.Com LLC.