nmap

時間 2019-11-24

標籤 nmap 简体版

原文原文鏈接

我將用兩個不一樣的部分來涵蓋大部分NMAP的使用方法，在下面的設置中，我使用兩臺已關閉防火牆的服務器來測試Nmap命令的工做狀況。mysql

192.168.0.100 – server1.tecmint.com linux

192.168.0.101 – server2.tecmint.com sql

如何在Linux下安裝NMAP服務器

如今大部分Linux的發行版本像Red Hat，CentOS，Fedoro，Debian和Ubuntu在其默認的軟件包管理庫（即Yum 和 APT）中都自帶了Nmap，這兩種工具都用於安裝和管理軟件包和更新。在發行版上安裝Nmap具體使用以下命令。網絡

yum install -y nmap [on Red Hat based systems] app

# apt-get install nmap [on Debian based systems] dom

一旦你安裝了最新的nmap應用程序，你就能夠按照本文中提供的示例說明來操做。ssh

NMAP命令用法tcp

# nmap [Scan Type(s)] [Options] {target specification} ide

1. 用主機名和IP地址掃描系統

Nmap工具提供各類方法來掃描系統。在這個例子中，我使用server2.tecmint.com主機名來掃描系統找出該系統上全部開放的端口，服務和MAC地址。

使用主機名掃描

[root@server1 ~]# nmap server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds

使用IP地址掃描

[root@server1 ~]# nmap 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

958/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds

2.掃描使用「-v」選項

你能夠看到下面的命令使用「 -v 「選項後給出了遠程機器更詳細的信息。

[root@server1 ~]# nmap -v server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST

Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43

The ARP Ping Scan took 0.01s to scan 1 total hosts.

Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43

Discovered open port 22/tcp on 192.168.0.101

Discovered open port 80/tcp on 192.168.0.101

Discovered open port 8888/tcp on 192.168.0.101

Discovered open port 111/tcp on 192.168.0.101

Discovered open port 3306/tcp on 192.168.0.101

Discovered open port 957/tcp on 192.168.0.101

The SYN Stealth Scan took 0.30s to scan 1680 total ports.

Host server2.tecmint.com (192.168.0.101) appears to be up ... good.

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds

Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)

3.掃描多臺主機

你能夠簡單的在Nmap命令後加上多個IP地址或主機名來掃描多臺主機。

[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds

4.掃描整個子網

你能夠使用*通配符來掃描整個子網或某個範圍的IP地址。

[root@server1 ~]# nmap 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST

Interesting ports on server1.tecmint.com (192.168.0.100):

Not shown: 1677 closed ports

PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

851/tcp open unknown

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds

從上面的輸出能夠看到，nmap掃描了整個子網，給出了網絡中當前網絡中在線主機的信息。

5.使用IP地址的最後一個字節掃描多臺服務器

你能夠簡單的指定IP地址的最後一個字節來對多個IP地址進行掃描。例如，我在下面執行中掃描了IP地址192.168.0.101，192.168.0.102和192.168.0.103。

[root@server1 ~]# nmap 192.168.0.101,102,103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds

6. 從一個文件中掃描主機列表

若是你有多臺主機須要掃描且全部主機信息都寫在一個文件中，那麼你能夠直接讓nmap讀取該文件來執行掃描，讓咱們來看看如何作到這一點。

建立一個名爲「nmaptest.txt 」的文本文件，並定義全部你想要掃描的服務器IP地址或主機名。

[root@server1 ~]# cat > nmaptest.txt

localhost

server2.tecmint.com

192.168.0.101

接下來運行帶「iL」選項的nmap命令來掃描文件中列出的全部IP地址。

[root@server1 ~]# nmap -iL nmaptest.txt

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST

Interesting ports on localhost.localdomain (127.0.0.1):

Not shown: 1675 closed ports

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

111/tcp open rpcbind

631/tcp open ipp

857/tcp open unknown

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

958/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

958/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds

7.掃描一個IP地址範圍

你能夠在nmap執行掃描時指定IP範圍。

[root@server1 ~]# nmap 192.168.0.101-110

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds

8.排除一些遠程主機後再掃描

在執行全網掃描或用通配符掃描時你能夠使用「-exclude」選項來排除某些你不想要掃描的主機。

[root@server1 ~]# nmap 192.168.0.* --exclude 192.168.0.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds

9.掃描操做系統信息和路由跟蹤

使用Nmap，你能夠檢測遠程主機上運行的操做系統和版本。爲了啓用操做系統和版本檢測，腳本掃描和路由跟蹤功能，咱們能夠使用NMAP的「-A「選項。

[root@server1 ~]# nmap -A 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.3 (protocol 2.0)

80/tcp open http Apache httpd 2.2.3 ((CentOS))

111/tcp open rpcbind 2 (rpc #100000)

957/tcp open status 1 (rpc #100024)

3306/tcp open mysql MySQL (unauthorized)

8888/tcp open http lighttpd 1.4.32

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).

TCP/IP fingerprint:

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)

TSeq(Class=TR%IPID=Z%TS=1000HZ)

T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T2(Resp=N)

T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.169 days (since Mon Nov 11 12:22:15 2013)

Nmap finished: 1 IP address (1 host up) scanned in 22.271 seconds

從上面的輸出你能夠看到，Nmap顯示出了遠程主機操做系統的TCP / IP協議指紋，而且更加具體的顯示出遠程主機上的端口和服務。

10.啓用Nmap的操做系統探測功能

使用選項「-O」和「-osscan-guess」也幫助探測操做系統信息。

[root@server1 ~]# nmap -O server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).

TCP/IP fingerprint:

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)

TSeq(Class=TR%IPID=Z%TS=1000HZ)

T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T2(Resp=N)

T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OS

R%Ops=)

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.221 days (since Mon Nov 11 12:22:16 2013)

Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds

11.掃描主機偵測防火牆

下面的命令將掃描遠程主機以探測該主機是否使用了包過濾器或防火牆。

[root@server1 ~]# nmap -sA 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST

All 1680 scanned ports on server2.tecmint.com (192.168.0.101) are UNfiltered

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds

12.掃描主機檢測是否有防火牆保護

掃描主機檢測其是否受到數據包過濾軟件或防火牆的保護。

[root@server1 ~]# nmap -PN 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds

13.找出網絡中的在線主機

使用「-sP」選項，咱們能夠簡單的檢測網絡中有哪些在線主機，該選項會跳過端口掃描和其餘一些檢測。

[root@server1 ~]# nmap -sP 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST

Host server1.tecmint.com (192.168.0.100) appears to be up.

Host server2.tecmint.com (192.168.0.101) appears to be up.

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds

14.執行快速掃描

你能夠使用「-F」選項執行一次快速掃描，僅掃描列在nmap-services文件中的端口而避開全部其它的端口。

[root@server1 ~]# nmap -F 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1234 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds

15.查看Nmap的版本

你能夠使用「-V」選項來檢測你機子上Nmap的版本。

[root@server1 ~]# nmap -V

Nmap version 4.11 ( http://www.insecure.org/nmap/ )

16.順序掃描端口

使用「-r」選項表示不會隨機的選擇端口掃描。

[root@server1 ~]# nmap -r 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds

17.打印主機接口和路由

你能夠使用nmap的「–iflist」選項檢測主機接口和路由信息。

[root@server1 ~]# nmap --iflist

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST

************************INTERFACES************************

DEV (SHORT) IP/MASK TYPE UP MAC

lo (lo) 127.0.0.1/8 loopback up

eth0 (eth0) 192.168.0.100/24 ethernet up 08:00:27:11:C7:89

**************************ROUTES**************************

DST/MASK DEV GATEWAY

192.168.0.0/0 eth0

169.254.0.0/0 eth0

從上面的輸出你能夠看到，nmap列舉出了你係統上的接口以及它們各自的路由信息。

18.掃描特定的端口

使用Nmap掃描遠程機器的端口有各類選項，你能夠使用「-P」選項指定你想要掃描的端口，默認狀況下nmap只掃描TCP端口。

[root@server1 ~]# nmap -p 80 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

80/tcp open http

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) sca

19.掃描TCP端口

你能夠指定具體的端口類型和端口號來讓nmap掃描。

[root@server1 ~]# nmap -p T:8888,80 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

80/tcp open http

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

20.掃描UDP端口

[root@server1 ~]# nmap -sU 53 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

53/udp open http

8888/udp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

21.掃描多個端口

你還能夠使用選項「-P」來掃描多個端口。

[root@server1 ~]# nmap -p 80,443 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

80/tcp open http

443/tcp closed https

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds

22.掃描指定範圍內的端口

您能夠使用表達式來掃描某個範圍內的端口。

[root@server1 ~]# nmap -p 80-160 192.168.0.101

23.查找主機服務版本號

咱們能夠使用「-sV」選項找出遠程主機上運行的服務版本。

[root@server1 ~]# nmap -sV 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.3 (protocol 2.0)

80/tcp open http Apache httpd 2.2.3 ((CentOS))

111/tcp open rpcbind 2 (rpc #100000)

957/tcp open status 1 (rpc #100024)

3306/tcp open mysql MySQL (unauthorized)

8888/tcp open http lighttpd 1.4.32

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds

24.使用TCP ACK (PA)和TCP Syn (PS)掃描遠程主機

有時候包過濾防火牆會阻斷標準的ICMP ping請求，在這種狀況下，咱們能夠使用TCP ACK和TCP Syn方法來掃描遠程主機。

[root@server1 ~]# nmap -PS 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds

25.使用TCP ACK掃描遠程主機上特定的端口

[root@server1 ~]# nmap -PA -p 22,80 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds

26. 使用TCP Syn掃描遠程主機上特定的端口

[root@server1 ~]# nmap -PS -p 22,80 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds

27.執行一次隱蔽的掃描

[root@server1 ~]# nmap -sS 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds

28.使用TCP Syn掃描最經常使用的端口

[root@server1 ~]# nmap -sT 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds

29.執行TCP空掃描以騙過防火牆

[root@server1 ~]# nmap -sN 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open|filtered ssh

80/tcp open|filtered http

111/tcp open|filtered rpcbind

957/tcp open|filtered unknown

3306/tcp open|filtered mysql

8888/tcp open|filtered sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds

相關標籤/搜索

nmap

nc&nmap

nmap+wireshark

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。