網絡掃描探測工具nmap經常使用命令

Nmap即網絡映射器對Linux系統/網絡管理員來講是一個開源且很是通用的工具。Nmap用於在遠程機器上探測網絡，執行安全掃描，網絡審計和搜尋開放端口。它會掃描遠程在線主機，該主機的操做系統，包過濾器和開放的端口。

我用兩部centos 6.x的主機進行測試

server：192.168.1.252

client：192.168.1.200

安裝nmap，默認centos和red hat並無安裝

yum install nmap

使用主機名或IP地址進行掃描

[root@www ~]# nmap 192.168.1.252 直接nmap加IP或主機名進行掃描能夠加多個IP同時進行掃描

                      也可以使用IP地址最後的字節進行掃描好比：

                      192.168.1.252,253,254用「，」隔開。

                      分段掃描：192.168.1.199-254

Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 10:40 CST

 Nmap scan report for 192.168.1.252

Host is up (0.00054s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

22/tcp open  ssh  這裏是表示server開啓的端口和服務

MAC Address: 00:0C:29:64:CC:0F (VMware)  server的mac地址

Nmap done: 1 IP address (1 host up) scanned in 1.44 seconds

使用-v選項 顯示更多server主機上的詳細信息

[root@www ~]# nmap -v 192.168.1.252  

Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 10:49 CST

Initiating ARP Ping Scan at 10:49

Scanning 192.168.1.252 [1 port]

Completed ARP Ping Scan at 10:49, 0.02s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 10:49

Completed Parallel DNS resolution of 1 host. at 10:49, 0.01s elapsed

Initiating SYN Stealth Scan at 10:49

Scanning 192.168.1.252 [1000 ports]

Discovered open port 22/tcp on 192.168.1.252

Completed SYN Stealth Scan at 10:49, 0.16s elapsed (1000 total ports)

Nmap scan report for 192.168.1.252

Host is up (0.00060s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE

22/tcp open  ssh

MAC Address: 00:0C:29:64:CC:0F (VMware)

Read data files from: /usr/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds

           Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.032KB)

掃描整個網段子網

[root@www ~]# nmap 192.168.1.*    排除主機掃描法：

                        192.168.1.* -exclude 192.168.1.5

Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 11:08 CST

Nmap scan report for 192.168.1.1

Host is up (0.00082s latency).

Not shown: 998 closed ports

PORT   STATE SERVICE

53/tcp open  domain

80/tcp open  http

MAC Address: 00:22:AA:EA:48:48 (Nintendo Co.)

Nmap scan report for 192.168.1.5

Host is up (0.00081s latency).

Not shown: 997 closed ports

PORT     STATE    SERVICE

23/tcp   filtered telnet

80/tcp   open     http

1900/tcp open     upnp

MAC Address: C0:61:18:07:07:83 (Unknown)

........省略...........

路由和系統掃描

[root@www ~]# nmap -A 192.168.1.252

Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 11:28 CST

Nmap scan report for 192.168.1.252

Host is up (0.00064s latency).

Not shown: 999 closed ports

PORT   STATE SERVICE VERSION

22/tcp open  ssh     OpenSSH 6.6.1 (protocol 2.0)

|_ssh-hostkey: 2048 00:b0:0a:3f:77:bc:56:a1:b8:6b:99:76:f4:b4:89:4d (RSA)

MAC Address: 00:0C:29:64:CC:0F (VMware)

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=5.51%D=8/3%OT=22%CT=1%CU=39616%PV=Y%DS=1%DC=D%G=Y%M=000C29%TM=57A

OS:16500%P=x86_64-redhat-linux-gnu)SEQ(SP=100%GCD=1%ISR=106%TI=Z%CI=I%II=I%

OS:TS=A)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5

OS:=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=

OS:3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%

OS:A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0

OS:%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S

OS:=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R

OS:=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N

OS:%T=40%CD=S)

Network Distance: 1 hop

TRACEROUTE

HOP RTT     ADDRESS

1   0.64 ms 192.168.1.252

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 14.51 seconds

掃描udp端口：   nmap -sU 192.168.1.252

掃描指定udp端口：nmap -sU 53 192.168.1.252

掃描多個端口：  nmap -p 80,25,110 192.168.1.252

掃描一段端口：  nmap -p 80-1000 192.168.1.252

查找主機版本：  nmap -sV 192.168.1.252