* Added ACK scanning. This scan technique is great for testing firewall
rulesets. It can NOT find open ports, but it can distinguish between
filtered/unfilterd by sending an ACK packet to each port and waiting for
a RST to come back. Filtered ports will not send back a RST (or will
send ICMP unreachables). This scan type is activated with -sA .
* Documented the Window scan (-sW)
* "Protocol" field in output eliminated. It is now printed right
next to the number (/etc/services style). Like "22/tcp".
* Added --resume option to continue a large network scan where you left off.
It also allows you to start and stop for policy reasons
* Added "firewall mode" timing optimizations which can decrease the
amount of time neccessary to SYN or connect scan some heavily filtered
hosts.
* Changed "TCP Ping" to use a random ACK value rather than 0 (an IDS
called Snort was using this to detect Nmap TCP pings).
* better FDDI support
* changes which should lead to tremendous speedups against some firewalled
hosts.
* Added sophisticated timing controls to give the user much more control
over Nmap's speed. This allows you to make Nmap much more aggressive to
scan hosts faster, or you can make Nmap more "polite" -- slower but less
likely to wreak havoc on your Network. You can even enforce large delays
between sending packets to sneak under IDS thresholds and prevent
detection. See the new "Timing Options" section of the Nmap man page for
more information on using this.
* New "Window scan" that does fun things with ACK packets. -sW activates
this scan type. It is mostly effective against BSD, AIX, Digital UNIX, and
various older HP/UX, SunOS, and VAX.
Sometimes you need speed, other times you may need stealth. In some cases,
bypassing firewalls may be required. Not to mention the fact that you may
want to scan different protocols (UDP, TCP, ICMP, etc.).
You just can't do all this with one scanning mode. Thus nmap
incorporats virtually every scanning technique known of.
See the nmap homepage at http://www.insecure.org/nmap/index.html