Linux下有很多强大网络扫描工具,网络扫描工具可以分为:主机扫描、主机服务扫描、路由扫描等,nmap支持批量主机扫描和主机服务扫描。
检测安装:
[root@bier ~]# rpm -qa nmap nmap-5.51-4.el6.x86_64
如果没有安装就安装一下
nmap的安装直接使用:yum -y install nmap。
默认扫描开放的端口
---------------------------------------
[root@bier ~]# nmap 125.77.18.25 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http [root@bier ~]# nmap 125.77.18.25 -p 22 #通过p指定扫描的端口 Nmap scan report for 125.77.18.25 Host is up (0.000043s latency). PORT STATE SERVICE 22/tcp open ssh
nmap之ICMP扫描
--------------------------------------------------------------------------------
nmap可以使用ICMP协议来实现Ping的功能,支持批量主机扫描,用来检测主机存活状态。
使用ICMP相比TCP协议不需要建立三次握手,所以速度更快,但某些防火墙或运营商屏蔽了ICMP就扫描不到。
常用命令:
nmap -sP 192.168.1.1/24
[root@bier ~]# nmap -sP 192.168.1.138 ==>下面是通过ping检测主机存活 Nmap scan report for 192.168.1.1 Host is up (0.00098s latency). MAC Address: FC:D7:33:53:51:94 (Unknown) Nmap scan report for 192.168.1.100 Host is up (0.0067s latency). MAC Address: 10:2A:B3:13:BA:35 (Unknown) Nmap scan report for 192.168.1.101 Host is up (0.00064s latency). MAC Address: BC:5F:F4:C3:A7:F5 (Unknown) Nmap scan report for 192.168.1.102
nmap之TCP SYN扫描
--------------------------------------------------------------------------------
nmap可以通过发送TCP SYN数据包支持TCP半开放扫描,扫描 主机TCP端口 的开放状态。
SYN扫描相比与完成三次握手的全开放扫描速度更快,也不易被检测。
nmap默认会扫描1-1024端口和其他一些常用端口,如果要扫描其他端口可以用p选项来指定。
常用命令:
nmap -sS 192.168.1.138nmap -sS -p 0-30000 192.168.2.230-255
[root@bier ~]# nmap -sS 192.168.1.138 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http[root@bier ~]# nmap -sS -p 0-1024 192.168.1.138 Starting Nmap 5.51 ( http://nmap.org ) at 2016-07-07 17:39 CST Nmap scan report for 192.168.1.138 Host is up (0.0000020s latency). Not shown: 1023 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http
nmap之TCP Connect扫描
--------------------------------------------------------------------------------
nmap的Connect扫描是通过TCP完成三次握手来检测的,所以速度相对于SYN半开放扫描要慢,但【结果更可靠】。
默认扫描端口及端口的指定与SYN扫描相同。
常用命令:
nmap -sT 192.168.1.138nmap -sT 192.168.1.138-250nmap -sT -p 0-30000 192.168.1.138-250
nmap之UDP扫描
--------------------------------------------------------------------------------
nmap也支持UDP端口的扫描。
UDP相比于TCP协议被防火墙拦截的几率更小。
常用命令:
nmap -sU 125.77.18.25nmap -sU 125.77.18.25-125nmap -sU -p 0-30000 192.168.1.138-250[root@bier ~]# nmap -sU 125.77.18.25 Starting Nmap 5.51 ( http://nmap.org ) at 2016-07-07 17:27 CST Nmap scan report for 125.77.18.25 Host is up (0.016s latency). Not shown: 992 open|filtered ports PORT STATE SERVICE 111/udp closed rpcbind 161/udp closed snmp 177/udp closed xdmcp 500/udp closed isakmp 626/udp closed serialnumberd 2049/udp closed nfs 5351/udp closed nat-pmp 10080/udp closed amanda
总结:
nmap的常用参数有 -sP(ping检测),-sS(检测TCP端口),-sT(检测TCP端口,结果更加准确),-sU(检测UDP端口)
转载于:https://blog.51cto.com/chenshoubiao/1842568
读取内存地址并在C中打印其值)
 - How to use it in a guest)
