NMap,即Network Mapper,网络扫描和嗅探工具包。检测主机在线、操作系统,扫描端口。
安装nmap,安装光盘的rpm包所在目录就有,比如centos:
[root@searu ~]# cd /media/CentOS_5.5_Final/CentOS
[root@searu CentOS]# ls | grep nmap
[root@searu CentOS]# rpm -i nmap-4.11-1.1.i386.rpm
探测主机在线状况,ping。
[root@searu CentOS]# nmap -sP 192.168.1.1-111
[root@searu CentOS]# nmap -sP 192.168.1.0/24
使用UDP协议探测主机,ping。
[root@searu ~]# nmap -PU 192.168.1.0/24
探测目标主机端口。
[root@searu ~]# nmap -PS 192.168.1.111
[root@searu ~]# nmap -PS 192.168.1.111
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-07-18 22:04 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns_servers
Interesting ports on 192.168.1.111:
Not shown: 1676 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
912/tcp open unknown
MAC Address: 90:FB:A6:3F:BC:6C (Unknown)
Nmap finished: 1 IP address (1 host up) scanned in 1.569 seconds
[root@searu ~]#
TCP扫描。
[root@searu ~]# nmap -sT 192.168.1.0/24
TCP的SYN扫描,半握手。
[root@searu ~]# nmap -sS 192.168.1.0/24
UDP扫描。
[root@searu ~]# nmap -sU 192.168.1.0/24
探测目标机支持的IP协议。
[root@searu ~]# nmap -sO 192.168.1.111
[root@searu ~]# nmap -sO 192.168.1.111
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-07-18 22:21 CST
Interesting protocols on 192.168.1.111:
Not shown: 248 closed protocols
PROTOCOL STATE SERVICE
1 open icmp
2 open|filtered igmp
4 open|filtered ip
6 open tcp
17 filtered udp
41 open|filtered ipv6
50 open|filtered esp
51 open|filtered ah
MAC Address: 90:FB:A6:3F:BC:6C (Unknown)
Nmap finished: 1 IP address (1 host up) scanned in 45.440 seconds
[root@searu ~]#
探测目标主机的操作系统。
[root@searu ~]# nmap -O 192.168.1.1
[root@searu ~]# nmap -O 192.168.1.1
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-07-18 22:27 CST
Interesting ports on 192.168.1.1:
Not shown: 1678 closed ports
PORT STATE SERVICE
80/tcp open http
1900/tcp open UPnP
MAC Address: 74:EA:3A:1E:A7:D6 (Unknown)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.5 – 2.6.11
Uptime 0.447 days (since Mon Jul 18 11:43:29 2011)
Nmap finished: 1 IP address (1 host up) scanned in 2.733 seconds
[root@searu ~]#
获取远程主机的端口信息和识别主机操作系统。
[root@searu ~]# nmap -sS -P0 -sV -O <target>
<target>可以是独立IP,主机名,或一个子网
寻找一个给定子网中未使用的ip地址。
[root@searu ~]# nmap -T4 -sP 192.168.1.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp
获取网络中所有存活的主机。
[root@searu ~]# nmap -sP 192.168.1.*
[root@searu ~]# nmap -sP 192.168.1.0/24
发表回复