Windows

While Nmap was once a Unix-only tool, a Windows version was released in 2000 and has since become the second most popular Nmap platform (behind Linux). Because of this popularity and the fact that many Windows users do not have a compiler, binary executables are distributed for each major Nmap release. While it has improved dramatically, the Windows port is not quite as efficient or stable as on Unix. Here are some known limitations:

You cannot generally scan your own machine from itself (using a loopback IP such as 127.0.0.1 or any of its registered IP addresses). This is a Windows limitation that we haven't yet worked around. If you really want to do this, use a TCP connect scan without pinging (-sT -PN) as that uses the high level socket API rather than sending raw packets.
Nmap only supports ethernet interfaces (including most 802.11 wireless cards and many VPN clients) for raw packet scans. Unless you use the -sT -PN options, RAS connections (such as PPP dialups) and certain VPN clients are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames instead.

Scans speeds on Windows are generally comparable to those on Unix, though the latter often has a slight performance edge. One exception to this is connect scan (-sT), which is often much slower on Windows because of deficiencies in the Windows networking API. This is a shame, since that is the one TCP scan that works against localhost and over all networking types (not just ethernet, like the raw packet scans). Connect scan performance can be improved substantially by applying the Registry changes in the nmap_performance.reg file included with Nmap. By default these changes are applied for you by the Nmap executable installer. This registry file is in the nmap-<version> directory of the Windows binary zip file, and nmap-<version>/mswin32 in the source tarball (where <version> is the version number of the specific release). These changes increase the number of ephemeral ports reserved for user applications (such as Nmap) and reduce the time delay before a closed connection can be reused. Most people simply check the box to apply these changes in the executable Nmap installer, but you can also apply them by double-clicking on nmap_performance.reg, or by running the command regedt32 nmap_performance.reg. To make the changes by hand, add these three Registry DWORD values to the CurrentControlSet\Services\Tcpip\Parameters entry under HKEY_LOCAL_MACHINE\SYSTEM:

MaxUserPort: Set a large value such as 65534 (0x0000fffe). See MS KB Q196271.
TCPTimedWaitDelay: Set the minimum value (0x0000001e). See MS KB Q149532.
StrictTimeWaitSeqCheck: Set to 1 so TCPTimedWaitDelay is checked.

	Note
	I would like to thank Ryan Permeh of eEye, Andy Lutomirski, and Jens Vogt for their hard work on the Nmap Windows port. For many years, Nmap was a Unix-only tool, and it would likely still be that way if not for their efforts.

Windows users have three choices for installing Nmap, all of which are available from the download page at http://nmap.org/download.html.

Windows Self-installer

Every Nmap release includes a Windows self-installer named nmap-<version>-setup.exe (where <version> is the version number of the specific release). Most Nmap users choose this option since it is so easy. Another advantage of the self-installer is that it provides the option to install the Zenmap GUI. Simply run the installer file and let it walk you through panels for choosing an install path and installing WinPcap. The installer was created with the open-source Nullsoft Scriptable Install System. After it completes, read the section called “Executing Nmap on Windows” for instructions on executing Nmap on the command-line or through Zenmap.

Command-line Zip Binaries

	Note
	Most users prefer installing Nmap with the self-installer discussed previously.

Every stable Nmap release comes with Windows command-line binaries and associated files in a Zip archive. No graphical interface is included, so you need to run nmap.exe from a DOS/command window. Or you can download and install a superior command shell such as those included with the free Cygwin system available from http://www.cygwin.com. Here are the step-by-step instructions for installing and executing the Nmap .zip binaries.

Installing the Nmap zip binaries

Download the .zip binaries from http://nmap.org/download.html.
Uncompress the zip file into the directory you want Nmap to reside in. An example would be C:\Program Files. A directory called nmap-version should be created, which includes the Nmap executable and data files. Microsoft Windows XP and Vista include zip extraction—just right-click on the file in Explorer. If you do not have a Zip decompression program, there is one (called unzip) in Cygwin described above, or you can download the open-source and free 7-zip utility. Commercial alternatives are WinZip and PKZIP.
For improved performance, apply the Nmap Registry changes discussed previously.
Nmap requires the free WinPcap packet capture library. We build our own WinPcap installer which is available in the zip file as winpcap-nmap-<version>.exe, where <version> is the Nmap version rather than the WinPcap version. Alternatively, you can obtain and install the latest version from http://www.winpcap.org. You must install version 4 or later.
Due to the way Nmap is compiled, it requires the Microsoft Visual C++ 2008 Redistributable Package of runtime components. Many systems already have this installed from othher packages, but you should run vcredist_x86.exe from the zip file just in case you need it.
Instructions for executing your compiled Nmap are given in the section called “Executing Nmap on Windows”.

Compile from Source Code

Most Windows users prefer to use the Nmap binary self-installer, but compilation from source code is an option, particularly if you plan to help with Nmap development. Compilation requires Microsoft Visual C++ 2008, which is part of their commercial Visual Studio suite. Any of the Visual Studio editions should wor, including the free Visual C++ 2008 Express.

Compiling Nmap on Windows from Source

Download the latest Nmap source distribution from http://nmap.org/download.html. It has the name nmap-<version>.tar.bz2 or nmap-<version>.tgz. Those are the same tar file compressed using gzip or bzip2, respectively. The bzip2-compressed version is smaller.
Uncompress the source code file you just downloaded. Recent releases of the free Cygwin distribution can handle both the .tar.bz2 and .tgz formats. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common WinZip application can decompress the .tgz version.
Open Visual Studio and the Nmap solution file ( nmap-<version>/mswin32/nmap.sln).
Choose “Build Solution” from the “Build Menu”. Nmap should begin compiling, and end with the line “-- Done --” saying that all projects built successfully and there were 0 failures.
The executable and data files can be found in nmap-<version>/mswin32/Release/. You can copy them to a preferred directory as long as they are all kept together.
Ensure that you have WinPcap installed. You can obtain it by installing our binary self-installer or executing winpcap-nmap-<version>.exe from our zip package. Alternatively, you can obtain the official installer at http://www.winpcap.org.
Instructions for executing your compiled Nmap are given in the next section.

Many people have asked whether Nmap can be compiled with the gcc/g++ included with Cygwin or other compilers. Some users have reported success with this, but we don't maintain instructions for building Nmap under Cygwin.

Executing Nmap on Windows

Nmap releases now include the Zenmap graphical user interface for Nmap. If you used the Nmap installer and left the Zenmap field checked, there should be a new Zenmap entry on your desktop and Start Menu. Click this to get started. Zenmap is fully documented in Chapter 12, Zenmap GUI Users' Guide. While many users love Zenmap, others prefer the traditional command-line approach to executing Nmap. Here are detailed instructions for users who are unfamiliar with command-line interfaces:

Make sure the user you are logged in as has administrative privileges on the computer (user should be a member of the administrators group).
Open a command/DOS Window. Though it can be found in the program menu tree, the simplest approach is to choose “Start” -> “Run” and type cmd<enter>. Opening a Cygwin window (if you installed it) by clicking on the Cygwin icon on the desktop works too, although the necessary commands differ slightly from those shown here.
Change to the directory you installed Nmap into. Assuming you used the default path, type the following commands.
```
c:
cd "\Program Files\Nmap"
```
Execute nmap.exe. Figure 2.1 is a screen shot showing a simple example.

Figure 2.1. Executing Nmap from a Windows command shell

If you execute Nmap frequently, you can add the Nmap directory (c:\Program Files\Nmap by default) to your command execution path. The exact place to set this varies by Windows platform. On my Windows XP box, I do the following:

From the desktop, right click on My Computer and then click “properties”.
In the System Properties window, click the “Advanced” tab.
Click the “Environment Variables” button.
Choose Path from the System variables section, then hit edit.
Add a semi-colon and then your Nmap directory (c:\Program Files\Nmap by default) to the end of the value.
Open a new DOS window and you should be able to execute a command such as nmap scanme.nmap.org from any directory.