一、安装nmap
[root@hadoop Desktop]# yum install nmap
二、使用nmap
[root@hadoop Desktop]# nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 22:53 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
ps:nmap localhost #查看主机当前开放的端口
[root@hadoop Desktop]# nmap -p 1024-65535 localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 22:59 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): 127.0.0.1
All 64512 scanned ports on localhost (127.0.0.1) are closed
Nmap done: 1 IP address (1 host up) scanned in 0.94 seconds
ps:nmap -p 1024-65535 localhost #查看主机端口(1024-65535)中开放的端口
[root@hadoop Desktop]# nmap -PS 192.168.137.163
Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:04 CST
Nmap scan report for 192.168.137.163
Host is up (0.0000060s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
ps:nmap -PS 192.168.21.163 #探测目标主机开放的端口
目标地址还可以换成主机段(192.168.21.163/24),或者跟上两个目标地址,一个是目标起始地址另一个是目标结束地址,作用是在这个范围内的地址都将被扫描
[root@hadoop Desktop]# nmap -sP 115.239.211.112/24
Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:40 CST
Nmap scan report for 115.239.211.251
Host is up (0.015s latency).
Nmap scan report for 115.239.211.252
Host is up (0.019s latency).
Nmap scan report for 115.239.211.253
Host is up (0.0099s latency).
Nmap scan report for 115.239.211.254
Host is up (0.018s latency).
Nmap done: 4 IP addresses (205 hosts up) scanned in 18.89 seconds
ps:nmap -sP 115.239.211.112/24 #这里的s是小写的s,探测主机段中哪些主机时存活的
[root@hadoop Desktop]# nmap -PS22,80,3306 192.168.21.163
Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:13 CST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.07 seconds
ps:nmap -PS22,80,3306 192.168.21.163 #探测所列出的目标主机端口
[root@hadoop Desktop]# nmap -O 192.168.137.163
Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:18 CST
Nmap scan report for 192.168.137.163
Host is up (0.000067s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.51%D=7/11%OT=22%CT=1%CU=43501%PV=Y%DS=0%DC=L%G=Y%TM=55A133CE%P=
OS:i386-redhat-linux-gnu)SEQ(SP=104%GCD=1%ISR=10B%TI=Z%CI=Z%II=I%TS=A)OPS(O
OS:1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%O5=M400C
OS:ST11NW6%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000
OS:)ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S
OS:+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=
OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%
OS:A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%
OS:DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=
OS:40%CD=S)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.38 seconds
ps:nmap -O 192.168.21.163 #探测目标主机操作系统类型
三、总结扩展
扫描类型 | 描述 | 特点 |
---|---|---|
ICMP协议(-P) | ping扫描 | 简单、快速、有效 |
TCP SYN扫描(-sS) | TCP半开放扫描 | 高效、不易被检测、通用 |
TCP connect()扫描(-sT) | TCP全开放扫描 | 真实、结果可靠 |
UDP扫描(-sU) | UDP协议扫描 | 有效透过防火墙策略 |