Help for Windows (--win_help)
The --win_help option provides an on-screen display of the following Windows-related nmap commands:
Windows-specific options:

 --win_list_interfaces : list all network interfaces
 --win_norawsock       : disable raw socket support
 --win_forcerawsock    : try raw sockets even on non-W2K systems
 --win_nopcap          : disable winpcap support
 --win_nt4route        : test nt4 route code
 --win_noiphlpapi      : test response to lack of iphlpapi.dll
 --win_trace           : trace through raw IP initialization


The --win_help option isn't mentioned in the nmap man page, but it does appear on Windows operating systems in the online help screen (-h).


List All Network Interfaces (--win_list_interfaces)
Windows doesn't have an easy naming convention for its interfaces, so this options lists the network interfaces with names that nmap recognizes:
Available interfaces:

Name        Raw mode  IP
loopback0   SOCK_RAW  127.0.0.1
eth0        winpcap   192.168.0.5
This option is useful when the nmap interface option (-e) needs to reference the Windows interface name, or information from nmap's --debug output needs to be correlated back to a physical network interface.


Disable Raw Socket Support (--win_norawsock)
Some Windows configurations can experience problems running certain nmap scans when raw sockets are used. For example, Windows 2000 with no service pack could blue-screen-of-death (BSoD) if an IP protocol scan (-sO) was requested. Fortunately, nmap already identifies a Windows 2000 system with this exposure and disables raw sockets automatically if an IP protocol scan is selected.

The disable raw socket support option (--win_norawsock) will administratively disable all raw socket support for the duration of the nmap scan. This option is probably not necessary in Windows NT and Windows 98, since those operating systems never supported raw sockets.

This option can help to get around raw sockets problems in any Windows version. If this option is used, nmap will default to using WinPcap as the communications mechanism.


Try Raw Sockets Even on non-W2K Systems (--win_forcerawsock)
Nmap will automatically identify the Windows operating system on which it runs, and it will make changes to its communications methods based on these differences in Windows versions. In the cases where nmap has automatically disabled raw sockets, it may be helpful to force the use of raw sockets for troubleshooting purposes.

Forcing nmap to use raw sockets doesn't necessarily mean that Windows will use raw sockets exclusively. For example, there are some Windows XP-related nmap functions that will only work properly with WinPcap. In these situations, both raw sockets and WinPcap are available and nmap can choose which function to use. If WinPcap should be disabled, the --win_nopcap option should be used.