Linux网络管理员福利:Namp命令的29个实战例子
来源:互联网 发布:徐老师淘宝店衣服 编辑:程序博客网 时间:2024/06/05 10:14
- 来自Vic___:http://blog.csdn.net/vic___
Nmap 又叫做Network Mapper(网络映射器)是一个开源并且为了Linux系统管理员或者网络管理员的万能的工具。Nmap用于浏览网络,执行安全扫描,网络审计以及在远程机器找到开放端口。它可以扫描在线主机,操作系统,滤包器和远程主机打开的端口。
Nmap 命令和例子
我用两个不同的方面,去覆盖所有NMAP的使用方法,第一部分是正经的Nmap。顺便提一下设备,我会使用两个没有防火墙的服务器,来测试Nmap命令。
192.168.0.100 – server1.tecmint.com192.168.0.101 – server2.tecmint.comNmap 命令 用法
# nmap [扫描类型] [选项] {目标说明}
怎么在Linux安装NMAP
如今大多数的Linux发行版,像 Red Hat, CentOS, Fedoro, Debian 和 Ubuntu 已经在默认安装包管理库Yum或APT中包含Nmap. 这两个工具是用来安装和管理软件包和升级的工具.为了安装Nmap可以使用下列命令。
# yum install nmap [基于Red Hat系统]$ sudo apt-get install nmap [基于Debian系统]
一旦你安装完成最新的nmap应用程序,你可以使用下列来自这篇文章的例子命令。
1. 使用Hostname和IP地址来扫描系统
Nmap工具提供丰富的方法来扫描一个系统。在这个例子中,我将演示一个扫描,用“server2.tecmint.com”的主机名扫描出他的系统所有开放端口,服务和MAC地址。
使用主机名扫描
[root@server1 ~]# nmap server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.415 secondsYou have new mail in /var/spool/mail/root
使用IP地址扫描
[root@server1 ~]# nmap 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind958/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.465 secondsYou have new mail in /var/spool/mail/root
2. 使用 “-v” 选项
你可以看见下面命令使用了“-v”选项,此选项个给了更多的远程设备的细节。
[root@server1 ~]# nmap -v server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 ESTInitiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43The ARP Ping Scan took 0.01s to scan 1 total hosts.Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43Discovered open port 22/tcp on 192.168.0.101Discovered open port 80/tcp on 192.168.0.101Discovered open port 8888/tcp on 192.168.0.101Discovered open port 111/tcp on 192.168.0.101Discovered open port 3306/tcp on 192.168.0.101Discovered open port 957/tcp on 192.168.0.101The SYN Stealth Scan took 0.30s to scan 1680 total ports.Host server2.tecmint.com (192.168.0.101) appears to be up ... good.Interesting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
扫描多个主机
扫描多个主机只需要简单地以空格隔开输入他们IP地址或者主机名即可
[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4. 扫描整个子网
通过使用通配符,你可以扫描整个子网或者IP段。
[root@server1 ~]# nmap 192.168.0.*Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 ESTInteresting ports on server1.tecmint.com (192.168.0.100):Not shown: 1677 closed portsPORT STATE SERVICE22/tcp open ssh111/tcp open rpcbind851/tcp open unknownInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 secondsYou have new mail in /var/spool/mail/root
在上面的输出你可以看见nmap扫描整个子网并且提供了那些主机在这个网络是上线状态的信息。
5. 使用IP地址最后8字节,扫描多个服务器
你可以通过简单的使用IP地址的最后8字节,执行扫描多个IP地址。例如,这里我演示了扫描IP地址192.168.0.101, 192.168.0.102 和 192.168.0.103.
[root@server1 ~]# nmap 192.168.0.101,102,103Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 secondsYou have new mail in /var/spool/mail/root
6. 扫描来自文件的主机列表
如果你有很多的主机需要扫描并且所有主机细节都是写在文件里,你可以直接地告诉NMAP去读这个文件然后执行扫描。来看看怎么做:
创建一个文本文件叫“nmaptest.txt”并且规定所有需要做扫描的IP地址和服务器的主机名。
[root@server1 ~]# cat > nmaptest.txtlocalhostserver2.tecmint.com192.168.0.101
接下来,运行下面命令,使用“iL”选项的nmap命令去扫描所有在文件列出的IP地址。
[root@server1 ~]# nmap -iL nmaptest.txtStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 ESTInteresting ports on localhost.localdomain (127.0.0.1):Not shown: 1675 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp open smtp111/tcp open rpcbind631/tcp open ipp857/tcp open unknownInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind958/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Interesting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind958/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7. 扫描IP段
你可以用Nmap执行扫描指定的IP段。
[root@server1 ~]# nmap 192.168.0.101-110Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8. 扫描除开某IP的网段
You can exclude some hosts while performing a full network scan or when you are scanning with wildcards with “–exclude” option. 当你使用Nmap的通配符扫描整个网络的时候想要排除某几个IP地址,可以使用“–exclude”选项。
[root@server1 ~]# nmap 192.168.0.* --exclude 192.168.0.100Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 secondsYou have new mail in /var/spool/mail/root
9. 扫描系统信息和路由追踪
通过Nmap,你可以探测在远程主机的操作系统以及版本信息。为了可以探测操作系统和版本,脚本扫描和路由追踪,我们可以使用“-A”选项。
[root@server1 ~]# nmap -A 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)80/tcp open http Apache httpd 2.2.3 ((CentOS))111/tcp open rpcbind 2 (rpc #100000)957/tcp open status 1 (rpc #100024)3306/tcp open mysql MySQL (unauthorized)8888/tcp open http lighttpd 1.4.32MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).TCP/IP fingerprint:SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)TSeq(Class=TR%IPID=Z%TS=1000HZ)T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)T2(Resp=N)T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)Uptime 0.169 days (since Mon Nov 11 12:22:15 2013)Nmap finished: 1 IP address (1 host up) scanned in 22.271 secondsYou have new mail in /var/spool/mail/root
在上面的输出,你可以看见NMAP提供了远程主机正在运行的操作系统的TCP/IP指纹信息、更多的端口细节信息和运行在远程主机的服务。
10. 使用Nmap启动操作系统检测
使用“-O”选项和“-osscan-guess”都可以帮助发现操作系统。
[root@server1 ~]# nmap -O server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).TCP/IP fingerprint:SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)TSeq(Class=TR%IPID=Z%TS=1000HZ)T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)T2(Resp=N)T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OSR%Ops=)T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)Uptime 0.221 days (since Mon Nov 11 12:22:16 2013)Nmap finished: 1 IP address (1 host up) scanned in 11.064 secondsYou have new mail in /var/spool/mail/root
11. 扫描主机来检测防火墙
下列命令演示一次扫描,远程机器是否使用任何的滤包器和防火墙。
[root@server1 ~]# nmap -sA 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 ESTAll 1680 scanned ports on server2.tecmint.com (192.168.0.101) are UNfilteredMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.382 secondsYou have new mail in /var/spool/mail/root
12. 扫描主机来检查它的是否收到防火墙保护
可以扫描主机是否受到任何的滤包器和防火墙的保护。
[root@server1 ~]# nmap -PN 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds
13. 找出网络中在线的主机
随着“-sP”选项的帮助,我们可以轻松地检查出在网络哪个主机是在线,有这个选项支持的nmap跳过端口探测和其他检测。
[root@server1 ~]# nmap -sP 192.168.0.*Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 ESTHost server1.tecmint.com (192.168.0.100) appears to be up.Host server2.tecmint.com (192.168.0.101) appears to be up.MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds
14. 执行快速扫描
使用“-F”选项可以执行快速扫描去扫描nmap-services文件列出的端口,但不会扫描其他的端口。
[root@server1 ~]# nmap -F 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1234 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds
15. 查询Nmap版本
使用“-V”选项可以查询在你的机器上运行的nmap命令的版本。
[root@server1 ~]# nmap -VNmap version 4.11 ( http://www.insecure.org/nmap/ )You have new mail in /var/spool/mail/root
16. 连续地扫描端口
使用“-r”标记替代随机扫描
[root@server1 ~]# nmap -r 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds
17. 打印主机接口和路由
使用“–iflist”选项你可以找出主机的接口和路由信息
[root@server1 ~]# nmap --iflistStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST************************INTERFACES************************DEV (SHORT) IP/MASK TYPE UP MAClo (lo) 127.0.0.1/8 loopback upeth0 (eth0) 192.168.0.100/24 ethernet up 08:00:27:11:C7:89**************************ROUTES**************************DST/MASK DEV GATEWAY192.168.0.0/0 eth0169.254.0.0/0 eth0
在上面的输出,你可以看见上面的示意图列出了你的系统的接口和他们各自的路由。
18. 扫描特定的端口
Nmap有多种多样的选项去发现远程机器的端口。通过“-p”选项,你可以指定你想要扫描的端口,默认情况下Nmap扫描只扫描TCP端口。
[root@server1 ~]# nmap -p 80 server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 ESTInteresting ports on server2.tecmint.com (192.168.0.101):PORT STATE SERVICE80/tcp open httpMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) sca
19. 扫描一个TCP端口
你也可以指定特别的端口类型和标号来扫描。
[root@server1 ~]# nmap -p T:8888,80 server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 ESTInteresting ports on server2.tecmint.com (192.168.0.101):PORT STATE SERVICE80/tcp open http8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
20. 扫描一个UDP端口
[root@server1 ~]# nmap -sU 53 server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 ESTInteresting ports on server2.tecmint.com (192.168.0.101):PORT STATE SERVICE53/udp open http8888/udp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
21. 扫描多个指定端口
使用“-p”选项,你也可以指定多个端口扫描。
[root@server1 ~]# nmap -p 80,443 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 ESTInteresting ports on server2.tecmint.com (192.168.0.101):PORT STATE SERVICE80/tcp open http443/tcp closed httpsMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds
22. 扫描一段的端口
你可以扫描一段范围表达的端口。
[root@server1 ~]# nmap -p 80-160 192.168.0.101
23. 找到主机服务版本号
使用“-sV”选项,我们可以查询出在远程服务器的服务版本。
[root@server1 ~]# nmap -sV 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)80/tcp open http Apache httpd 2.2.3 ((CentOS))111/tcp open rpcbind 2 (rpc #100000)957/tcp open status 1 (rpc #100024)3306/tcp open mysql MySQL (unauthorized)8888/tcp open http lighttpd 1.4.32MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds
24. 扫描远程主机是使用TCP ACK还是TCP Syn
有时,滤包器防火墙阻止 ICMP的ping请求,在那种情况下,我们可以使用 TCP ACK和TCP Syn方法来扫描远程主机。
[root@server1 ~]# nmap -PS 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.360 secondsYou have new mail in /var/spool/mail/root
25. 用TCP ACK扫描远程主机扫描特定端口
[root@server1 ~]# nmap -PA -p 22,80 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 ESTInteresting ports on server2.tecmint.com (192.168.0.101):PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.166 secondsYou have new mail in /var/spool/mail/root
26. 用TCP Syn扫描远程主机扫描特定端口
[root@server1 ~]# nmap -PS -p 22,80 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 ESTInteresting ports on server2.tecmint.com (192.168.0.101):PORT STATE SERVICE22/tcp open ssh80/tcp open httpMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.165 secondsYou have new mail in /var/spool/mail/root
27. 执行一个秘密的扫描
[root@server1 ~]# nmap -sS 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.383 secondsYou have new mail in /var/spool/mail/root
28. 用TCP Syn检查所有通用的端口
[root@server1 ~]# nmap -sT 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.406 secondsYou have new mail in /var/spool/mail/root
29. 执行一个TCP 空扫描来欺骗防火墙
[root@server1 ~]# nmap -sN 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp open|filtered ssh80/tcp open|filtered http111/tcp open|filtered rpcbind957/tcp open|filtered unknown3306/tcp open|filtered mysql8888/tcp open|filtered sun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 1.584 secondsYou have new mail in /var/spool/mail/root
这就是现在的NMAP,我将会在这一系列的第二部分提出更多创造性的NMAP选项.直到那时,请继续关注我们,别忘了分享你的宝贵的评价。
via: http://www.tecmint.com/nmap-command-examples/
译者:Vic___
本文由 LCTT 原创翻译,Linux中国 荣誉推出
- Linux 网络管理员福利:Namp命令的29个实战例子
- Linux网络管理员福利:Namp命令的29个实战例子
- 给Linux系统/网络管理员的nmap的29个实用例子
- 给Linux系统/网络管理员的nmap的29个实用例子
- 给Linux系统/网络管理员的nmap的29个实用例子
- 给Linux系统/网络管理员准备的Nmap命令的29个实用范例
- 给Linux系统/网络管理员准备的Nmap命令的29个实用范例
- 给Linux系统/网络管理员准备的Nmap命令的29个实用范例
- 给Linux系统/网络管理员准备的Nmap命令的29个实用范例
- 给Linux系统/网络管理员准备的Nmap命令的29个实用范例
- 14 个 Linux grep 命令的例子
- 14 个 Linux grep 命令的例子
- 10个重要的Linux ps命令实战
- 10个重要的Linux ps命令实战
- 10个重要的Linux ps命令实战
- 10个重要的Linux ps命令实战
- 10个重要的Linux ps命令实战
- 10个重要的Linux ps命令实战
- 快速排序 quick sort
- Android中EditText控件横屏全屏模式时的控制
- CoconutKit ios开发必备
- 归并排序 merge sort
- java.lang.IllegalArgumentException: Cannot convert value of type [$Proxy0 implementing (解决)
- Linux网络管理员福利:Namp命令的29个实战例子
- [c++运用]-利用指针查看分配内存及后续连接的内存---ShinePans
- java.net.SocketException: java.net.BindException: Address already in use
- P次方数 英雄会 csdn 高校俱乐部
- hdu1251 统计难题(字典树)
- 数据结构复习笔记四:数组和广义表
- Working Practice-使用官方的实现
- OSX: 不要升级到ARD 3.7.1 Admin(续)
- 使用Maven运行Java main的3种方式