Chapter 9: Windows-only Nmap Options
Many Microsoft Windows systems (especially Windows XP Service Pack 2) are hindered with networking restrictions that limit nmap's effectiveness. Even with these technical challenges, nmap still performs admirably in most Windows environments. Because of the large number of Windows-based installations, nmap will undoubtedly be operated from a Windows desktop for the foreseeable future. As these Windows-only options show, there are a number of workarounds and tests that can be used in a Windows environment to optimize nmap's efficiency.

WinPcap and Raw Socket Options
For nmap to work in Windows, it requires the installation of WinPcap 3.14 beta 4 or later. The WinPcap packet capture library is well supported in the open source community, and it has become one of the most popular libraries for Windows-based operating systems.

Nmap's reliance on WinPcap is partly based on the changes that Microsoft has made to the raw sockets functionality on Windows XP Service Pack 2. Microsoft has effectively removed any embedded raw sockets capability in Windows XP SP2, and nmap's architecture changed so that these limitations could be circumvented.

In the past, nmap used Windows built-in raw sockets functions to communicate at the packet level. With the removal of raw sockets, nmap had to find other methods of communicating to the network through Windows. Fortunately, the WinPcap library provides packet-level communication without requiring the Windows XP raw socket functionality.

Other Windows Challenges
Networking in Windows-based operating systems has been a moving target through the years. Early versions of Windows didn't provide any built-in TCP/IP networking, and users that needed a TCP/IP stack were required to use add-on protocol stacks from 3rd party companies. As successive Windows versions integrated additional networking functionality, the internal workings of the Windows operating system changed. Internal networking functions in early versions of Windows were completely rewritten or removed in later versions. This has created challenges for developers, since they must support many different networking techniques to accomplish the same functionality across different Windows versions.

For example, simply gathering a list of the network interfaces on a Windows-based system varies dramatically between different OS versions. Nmap queries the specific Windows version and can react accordingly based on the operating system version in use.

In some cases, nmap even has different methods of obtaining information within the same operating system version.