Nmap学习4 - 主机发现 实验一

已于 2022-02-08 10:59:56 修改
阅读量1.5k 收藏 5
点赞数
分类专栏: 安全 文章标签: linux 网络 udp
于 2022-02-07 16:37:24 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43838889/article/details/122580919
版权

Nmap学习4 - 主机发现 实验一

实验

  1. 客户端 window11 物理机 192.168.31.1,安装 nmap 扫描软件 、wireshark 网络协议分析器软件 、winscp 文件传输软件。
  2. Centos 7 虚拟机 192.168.31.142,安装 tcpdump 抓包软件和关闭防火墙
  3. Windows 7 虚拟机 192.168.31.146

实验1- nmap -sn 无端口扫描

局域网

>nmap -sn --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 11:29 ?D1ú±ê×?ê±??
SENT (0.5810s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5820s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6240s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6240s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6250s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6250s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6330s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6350s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6350s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6350s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6360s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6360s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6370s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6380s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6390s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6540s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (80 bytes)
NSOCK INFO [0.6550s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.0010s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds

使用 --packet-trace 选项,我们可以看到后面发生了什么.
SENT (0.5810s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5820s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
无端口扫描局域网时,客户端发arp广播查询目标主机IP地址,目标主机收到广播包后,回复自己的IP和MAC地址。

广域网

>nmap -sn --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 11:32 ?D1ú±ê×?ê±??
SENT (0.6050s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=13602 seq=0] IP [ttl=43 id=37469 iplen=28 ]
SENT (0.6200s) TCP 10.201.3.112:47133 > 220.181.38.251:443 S ttl=39 id=24109 iplen=44  seq=540556213 win=1024 <mss 1460>
SENT (0.6210s) TCP 10.201.3.112:47133 > 220.181.38.251:80 A ttl=45 id=42907 iplen=40  seq=0 win=1024
SENT (0.6210s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=64606 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=29039 iplen=40 ]
RCVD (0.6390s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=13602 seq=0] IP [ttl=47 id=37469 iplen=28 ]
NSOCK INFO [0.6750s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6750s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6760s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6760s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6840s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6850s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6850s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6860s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6860s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6880s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.7050s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.7050s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.7050s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.7050s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.7050s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.7050s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.7050s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.7050s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.035s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds

SENT (0.6050s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=13602 seq=0] IP [ttl=43 id=37469 iplen=28 ]
客户端发送 ICMP Echo request (就是ping)请求到 220.181.38.251

SENT (0.6200s) TCP 10.201.3.112:47133 > 220.181.38.251:443 S ttl=39 id=24109 iplen=44 seq=540556213 win=1024 <mss 1460>
客户端访问 220.181.38.251 443 端口

SENT (0.6210s) TCP 10.201.3.112:47133 > 220.181.38.251:80 A ttl=45 id=42907 iplen=40 seq=0 win=1024
客户端访问 220.181.38.148 80 端口

SENT (0.6210s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=64606 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=29039 iplen=40 ]
客户端发送 ICMP Timestamp request (发起同步的设备产生一个时间戳,然后利用ICMP消息体和协议规则,将时间戳发送给接收设备,这就是一个timestamp request消息。接收设备收到消息后返回自己的时间戳,这就是timestamp reply 消息。发出者的时间戳和接收者的时间戳就可以让两个设备之间保持时钟同步。)

RCVD (0.6390s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=13602 seq=0] IP [ttl=47 id=37469 iplen=28 ]
220.181.38.251 给客户端返回 ICMP Echo reply

实验2- nmap -Pn 无 Ping 扫描

>nmap -sn -Pn --packet-trace baidu.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:10 ?D1ú±ê×?ê±??
NSOCK INFO [0.3570s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.3570s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.3590s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.3590s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.3650s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.3670s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.3670s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.3670s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.3680s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.3680s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.3690s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.3690s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.3700s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.3850s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.3850s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up.
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds

我们先用-sn 参数,指定不做端口扫描,便于实验观察。
跳过主机发现阶段,没有ICMP ping的过程;本地网络则没有arp的过程。

实验3- nmap -PS -PA -PU -PY 比较

>nmap -sn -PS --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:40 ?D1ú±ê×?ê±??
SENT (0.6070s) TCP 10.201.3.112:44277 > 220.181.38.148:80 S ttl=44 id=59776 iplen=44  seq=1810711350 win=1024 <mss 1460>
RCVD (0.6430s) TCP 220.181.38.148:80 > 10.201.3.112:44277 SA ttl=47 id=59776 iplen=44  seq=497989444 win=8192 <mss 1452>
NSOCK INFO [0.6800s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6800s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6810s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6810s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6810s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6810s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6810s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6810s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6810s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6810s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6990s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.6990s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6990s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6990s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.6990s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6990s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6990s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6990s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for baidu.com (220.181.38.148)
Host is up (0.037s latency).
Other addresses for baidu.com (not scanned): 220.181.38.251
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds

>nmap -sn -PA --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:40 ?D1ú±ê×?ê±??
SENT (0.5780s) TCP 10.201.3.112:45289 > 220.181.38.148:80 A ttl=38 id=52518 iplen=40  seq=0 win=1024
SENT (1.5870s) TCP 10.201.3.112:45290 > 220.181.38.148:80 A ttl=51 id=42790 iplen=40  seq=0 win=1024
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.64 seconds

>nmap -sn -PU --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:41 ?D1ú±ê×?ê±??
SENT (0.6040s) UDP 10.201.3.112:42067 > 220.181.38.148:40125 ttl=46 id=33413 iplen=68
SENT (1.6180s) UDP 10.201.3.112:42068 > 220.181.38.148:40125 ttl=59 id=15787 iplen=68
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.67 seconds

>nmap -sn -PY --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:41 ?D1ú±ê×?ê±??
SENT (0.6380s) SCTP 10.201.3.112:34658 > 220.181.38.148:80 ttl=51 id=20371 iplen=52
SENT (1.6400s) SCTP 10.201.3.112:34659 > 220.181.38.148:80 ttl=43 id=5992 iplen=52
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.70 seconds

SENT (0.6070s) TCP 10.201.3.112:44277 > 220.181.38.148:80 S ttl=44 id=59776 iplen=44 seq=1810711350 win=1024 <mss 1460>
RCVD (0.6430s) TCP 220.181.38.148:80 > 10.201.3.112:44277 SA ttl=47 id=59776 iplen=44 seq=497989444 win=8192 <mss 1452>
-PS 此扫描选项发送一个带有 SYN 标志的空 TCP 数据包

SENT (0.5780s) TCP 10.201.3.112:45289 > 220.181.38.148:80 A ttl=38 id=52518 iplen=40 seq=0 win=1024
SENT (1.5870s) TCP 10.201.3.112:45290 > 220.181.38.148:80 A ttl=51 id=42790 iplen=40 seq=0 win=1024
-PS 此扫描选项发送一个带有 ACK 标志的空 TCP 数据包

SENT (0.6040s) UDP 10.201.3.112:42067 > 220.181.38.148:40125 ttl=46 id=33413 iplen=68
SENT (1.6180s) UDP 10.201.3.112:42068 > 220.181.38.148:40125 ttl=59 id=15787 iplen=68
-PU 此扫描选项发送 UDP 空数据包

SENT (0.6380s) SCTP 10.201.3.112:34658 > 220.181.38.148:80 ttl=51 id=20371 iplen=52
SENT (1.6400s) SCTP 10.201.3.112:34659 > 220.181.38.148:80 ttl=43 id=5992 iplen=52
-PY 通过发送 SCTP INIT 来确定主机是否在线

实验4- nmap -PE -PP -PM 比较

>nmap -sn -PE --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:54 ?D1ú±ê×?ê±??
SENT (0.6090s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=10974 seq=0] IP [ttl=46 id=62372 iplen=28 ]
RCVD (0.6420s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=10974 seq=0] IP [ttl=47 id=62372 iplen=28 ]
NSOCK INFO [0.6760s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6760s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6770s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6770s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6780s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6780s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6780s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6780s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6780s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6780s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6940s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.6950s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6950s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6950s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.6950s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6950s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6950s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6950s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.033s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds

>nmap -sn -PP --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:54 ?D1ú±ê×?ê±??
SENT (0.5850s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=4004 seq=0 orig=0 recv=0 trans=0] IP [ttl=47 id=1697 iplen=40 ]
SENT (1.5900s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=31426 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=20773 iplen=40 ]
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.64 seconds

>nmap -sn -PM --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:54 ?D1ú±ê×?ê±??
SENT (0.6040s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=3736 seq=0 mask=0.0.0.0] IP [ttl=44 id=19226 iplen=32 ]
SENT (1.6170s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=36449 seq=0 mask=0.0.0.0] IP [ttl=54 id=37465 iplen=32 ]
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.67 seconds

SENT (0.6090s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=10974 seq=0] IP [ttl=46 id=62372 iplen=28 ]
RCVD (0.6420s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=10974 seq=0] IP [ttl=47 id=62372 iplen=28 ]
-PE 选项告诉 Nmap 向 scanme 发送一个 ICMP 回显请求包。 如果我们收到 ICMP echo 回复,我们可以确定主机在线。

SENT (0.5850s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=4004 seq=0 orig=0 recv=0 trans=0] IP [ttl=47 id=1697 iplen=40 ]
SENT (1.5900s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=31426 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=20773 iplen=40 ]
-PP ICMP时间戳回复 (-PP)

SENT (0.6040s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=3736 seq=0 mask=0.0.0.0] IP [ttl=44 id=19226 iplen=32 ]
SENT (1.6170s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=36449 seq=0 mask=0.0.0.0] IP [ttl=54 id=37465 iplen=32 ]
-PM 地址标记回复 (-PM) 消息

实验5- nmap -PO IP 协议 ping

nmap -sn -PO --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:30 ?D1ú±ê×?ê±??
SENT (0.5930s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=60889 seq=0] IP [ttl=57 id=19664 iplen=28 ]
SENT (0.6050s) igmp (2) 10.201.3.112 > 220.181.38.251: ttl=40 id=11947 iplen=28
SENT (0.6050s) ipv4 (4) 10.201.3.112 > 220.181.38.251: ttl=55 id=24946 iplen=20
RCVD (0.6260s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=60889 seq=0] IP [ttl=47 id=19664 iplen=28 ]
NSOCK INFO [0.6600s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6600s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6610s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6610s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6610s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6610s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6610s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6610s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6610s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6750s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.6760s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.034s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds

SENT (0.5930s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=60889 seq=0] IP [ttl=57 id=19664 iplen=28 ]
SENT (0.6050s) igmp (2) 10.201.3.112 > 220.181.38.251: ttl=40 id=11947 iplen=28
SENT (0.6050s) ipv4 (4) 10.201.3.112 > 220.181.38.251: ttl=55 id=24946 iplen=20
RCVD (0.6260s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=60889 seq=0] IP [ttl=47 id=19664 iplen=28 ]
-PO 不指定协议,默认使用 使用 IGMP 2、IP-in-IP4 和 ICMP 1 协议来尝试判断主机是否在线。

实验6- nmap -PR ARP ping

>nmap -sn -PR --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:36 ?D1ú±ê×?ê±??
SENT (0.6460s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=30437 seq=0] IP [ttl=46 id=25608 iplen=28 ]
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:443 S ttl=46 id=58335 iplen=44  seq=3943378522 win=1024 <mss 1460>
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:80 A ttl=42 id=24026 iplen=40  seq=0 win=1024
SENT (0.6660s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=9267 seq=0 orig=0 recv=0 trans=0] IP [ttl=50 id=59853 iplen=40 ]
RCVD (0.6810s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=30437 seq=0] IP [ttl=47 id=25608 iplen=28 ]
NSOCK INFO [0.7150s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.7150s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.7170s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.7170s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.7240s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.7260s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.7260s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.7270s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.7280s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.7280s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.7280s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.7290s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.7300s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.7520s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.7520s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.035s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.77 seconds

在广域网中,虽然加了 -PR 参数,nmap 还是通过ping 和访问远端主机的443和80端口判断主机是否在线。
SENT (0.6460s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=30437 seq=0] IP [ttl=46 id=25608 iplen=28 ]
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:443 S ttl=46 id=58335 iplen=44 seq=3943378522 win=1024 <mss 1460>
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:80 A ttl=42 id=24026 iplen=40 seq=0 win=1024
SENT (0.6660s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=9267 seq=0 orig=0 recv=0 trans=0] IP [ttl=50 id=59853 iplen=40 ]
RCVD (0.6810s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=30437 seq=0] IP [ttl=47 id=25608 iplen=28 ]

>nmap -sn -PR --packet-trace 172.26.129.4
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:36 ?D1ú±ê×?ê±??
SENT (0.5880s) ICMP [172.26.131.123 > 172.26.129.4 Echo request (type=8/code=0) id=14931 seq=0] IP [ttl=55 id=7872 iplen=28 ]
RCVD (0.5880s) ICMP [172.26.129.4 > 172.26.131.123 Echo reply (type=0/code=0) id=14931 seq=0] IP [ttl=63 id=316 iplen=28 ]
NSOCK INFO [0.6300s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6300s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6310s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6310s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6380s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6390s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6390s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6400s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6400s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6400s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6420s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6420s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6430s] nsock_write(): Write request for 43 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [3.1540s] nsock_write(): Write request for 43 bytes to IOD #1 EID 83 [114.114.114.114:53]
NSOCK INFO [3.1550s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 83 [114.114.114.114:53]
NSOCK INFO [6.1660s] nsock_write(): Write request for 43 bytes to IOD #2 EID 91 [198.18.0.1:53]
NSOCK INFO [6.1660s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 91 [198.18.0.1:53]
NSOCK INFO [6.1820s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 34 [198.18.0.1:53] (120 bytes)
NSOCK INFO [6.1830s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 98
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #18 (type READ)
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #98 (type READ)
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 172.26.129.4
Host is up (0.00s latency).
Nmap done: 1 IP address (1 host up) scanned in 6.21 seconds

在局域网中,加了 -PR 参数,nmap 是通过ping判断主机是否在线。
SENT (0.5880s) ICMP [172.26.131.123 > 172.26.129.4 Echo request (type=8/code=0) id=14931 seq=0] IP [ttl=55 id=7872 iplen=28 ]
RCVD (0.5880s) ICMP [172.26.129.4 > 172.26.131.123 Echo reply (type=0/code=0) id=14931 seq=0] IP [ttl=63 id=316 iplen=28 ]

>nmap -sn -PR --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:36 ?D1ú±ê×?ê±??
SENT (0.5840s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5840s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6210s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6210s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6330s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6330s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6370s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6390s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6390s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6450s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6460s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6460s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6480s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6480s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6490s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6600s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (80 bytes)
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.00s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds

在同网段上,加了 -PR 参数,nmap 才是通过ARP判断主机是否在线。
SENT (0.5840s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5840s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73

**在同网段上,可以使用–disable-arp-ping参数,禁止ARP **

>nmap -sn --disable-arp-ping --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:47 ?D1ú±ê×?ê±??
SENT (0.5830s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=29249 seq=0] IP [ttl=42 id=30258 iplen=28 ]
RCVD (0.5840s) ICMP [192.168.31.142 > 192.168.31.1 Echo reply (type=0/code=0) id=29249 seq=0] IP [ttl=64 id=5745 iplen=28 ]
NSOCK INFO [0.6250s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6250s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6270s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6270s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6410s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6490s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6490s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6500s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6510s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6520s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6720s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (122 bytes)
NSOCK INFO [0.6720s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6720s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6720s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6720s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.0010s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.71 seconds

SENT (0.5830s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=29249 seq=0] IP [ttl=42 id=30258 iplen=28 ]
RCVD (0.5840s) ICMP [192.168.31.142 > 192.168.31.1 Echo reply (type=0/code=0) id=29249 seq=0] IP [ttl=64 id=5745 iplen=28 ]
使用ping来判断主机是否在线。

实验7- nmap --traceroute 跟踪主机路径

>nmap -sn --traceroute  baidu.com sina.cn 163.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 16:01 ?D1ú±ê×?ê±??
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.036s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
-   Hop 1 is the same as for 183.60.95.227
2   ... 18
19  33.00 ms 220.181.38.251

Nmap scan report for sina.cn (183.60.95.227)
Host is up (0.032s latency).

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   3.00 ms  10.201.63.254
2   ... 13
14  31.00 ms 183.60.95.227

Nmap scan report for 163.com (123.58.180.8)
Host is up (0.0085s latency).
Other addresses for 163.com (not scanned): 123.58.180.7

TRACEROUTE (using proto 1/icmp)
HOP RTT     ADDRESS
-   Hop 1 is the same as for 183.60.95.227
2   ... 11
12  5.00 ms 123.58.180.8

Nmap done: 3 IP addresses (3 hosts up) scanned in 13.84 seconds

Other addresses for baidu.com (not scanned): 220.181.38.148

TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS

  • Hop 1 is the same as for 183.60.95.227
    2 … 18
    19 33.00 ms 220.181.38.251

在这里插入图片描述
从Wireshark抓包看,nmap 发出TTL值逐渐增大的ICMP Echo request包,来进行主机在线测试。由于数据包通过路由器时,数据包内的TTL回减去1,当TTL为0时数据包会直接被路由器丢弃。 nmap发出的ping包TTL值为19时,到达目的主机所在的路由器,目标主机回复ICMP Echo reply包,nmap就知道通过19个路由器。由于目前的路由器对ICMP Echo request不做回应,所以无法获取路由器的IP地址,只能用 2 … 18 来显示。

详见 Traceroute(路由追踪)的原理及实现

医生的托马斯
关注
专栏目录
网络渗透实验一:网络扫描与网络侦察
qq_40525803的博客
11-01 1177
实验网络扫描与网络侦察 实验目的:理解网络扫描、网络侦察的作用;通过搭建网络渗透测试平台,了解并熟悉常用搜索引擎、扫描工具的应用,通过信息收集为下一步渗透工作打下基础。 系统环境:Kali Linux 2、Windows 网络环境:交换网络结构 实验工具: Metasploitable2(自行下载的虚拟机镜像); Nmap(Kali);WinHex、数据恢复软件等 实验原理: 1、网络扫描与网络侦察的目的 黑客在进行一次完整的攻击之前除了确定攻击目标之外,最主要的工作就是收集尽量多的关于攻击目标的信息。
Nmap主机端口扫描
qq_41082689的博客
04-19 1362
主机端口扫描 前言 一、nmap简介 Nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪服务运行在那些连接端,并且推断哪个操作系统计算机运行(这是亦称fingerprinting)。 它是网络管理员必用的软件之一,以及用以评估网络系统保安。正如大多数工具被用于网络安全的工具,nmap 也是不少黑客及骇客(又称脚本小孩)爱用的工具。系统管理员可以利用nmap来探测工作环境中...
Nmap 主机发现
看着博客敲代码
01-22 1611
前言 在网络收集中最重要的发现主机,也就是筛选出活跃的主机主机列表。举个例子 : 主机发现就像是去别人家拜访一样,总是要敲门询问家中主任是否在家,如果得到回应则说明家中有人,如果经过一段时间没有回应,则表示 关于Nmap 简介与安装 就不多说了 可以看此篇文章。 ......
Nmap最全使用方法和原理解释(由浅入深)
最新发布
qq_41344881的博客
09-03 2413
nmap使用教程方法和命令原理
nmap扫描局域网存活主机_第十五天Nmap篇:每日一练之Kali Linux面试题
weixin_39908106的博客
12-05 416
31、【不定项】Kali Linux中,Nmap网络扫描工具功能包括( )A、主机发现B、端口扫描C、版本探测D、OS探测(点击空白处查看内容)▼ABCD32、Kali Linux中,执行全网扫描可使用( )参数来排除不想要扫描的主机。A、-includeB、-expectC、-excludeD、-except(点击空白处查看内容)▼C33、Kali Linux中,以下Nmap的(...
5.2 主机扫描:主机探测
qq_55202378的博客
08-03 7391
主机探测
Nmap实战案例
Kali与编程
01-16 1065
Nmap是一款常用的网络扫描工具,可以帮助安全人员发现和评估目标系统的漏洞和安全风险。Nmap可以通过不同的扫描技术和选项,快速识别目标主机的开放端口、运行服务和操作系统信息,从而帮助安全人员进行漏洞扫描和安全测试。本文将介绍Nmap在实际安全测试中的应用案例,包括端口扫描、服务识别、漏洞扫描和漏洞利用等方面。一、端口扫描端口扫描是Nmap的基本功能之一,可以帮助安全人员发现目标主机的开放端口和运行服务,从而评估目标系统的安全性。下面是一个简单的端口扫描实战案例。目标主机:192.168.1.100。
nmap实验一信安166.doc
06-15
**Nmap实验报告** 实验名称:Nmap扫描器使用和分析 实验环境: - 操作系统:Microsoft Windows 2003虚拟机 - 网络平台:TCP/IP网络 - 机器IP:192.168.0.28 - Nmap版本:6.47 实验目的: 1. 掌握主机扫描的原理,...
Nmap-基于TCP协议的活跃主机发现技术
张子悦^^的博客
08-24 604
(2021-8-24) 通过《诸神之眼:Nmap网络安全审计技术揭秘》的学习 自己动手用nmap实验 基于TCP协议的活跃主机发现技术 TCP协议解析 TCP(Transmission Control Protocol,传输控制协议)是一个位于传输层的协议。它是一种面向连接的、可靠的、基于字节流的传输层通信协议,由IETF的RFC793定义。TCP的特点是使用三次握手协议建立连接。当主动方发出SYN连接请求后,等待对方回答TCP的三次握手SYN+ACK,并最终对对方的SYN执行ACK确认。这种建立连接的方法
Python基础之Python-nmap模块
热门推荐
03-30 1万+
Python-nmap模块一:nmap二:基本扫描策略2.1 无任何附加参数2.2 冗余2.3 指定端口号2.4 操作系统侦测2.5 只进行主机发现2.6 跳过主机发现2.7 扫描和版本号侦测2.8 UDP 扫描三:绕过防火墙3.1 利用掩体3.2 禁用 ping3.3 IP地址伪装3.4 空闲扫描3.5 指定网卡进行扫描3.6 限制扫描时间3.7 指定源 IP 地址3.8 指定源主机端口3.9 ...
Qt+nmap存活主机发现
11-05
Qt和nmap存活主机发现示例。主机发现迅速,一个网段大约2s。先通过进程调用namp输出xml文件,再用Qt解析得到结果。
01内网安全-nmap基本使用
kjkdd的博客
02-21 384
kail渗透扫描、安全防护、nmap使用
uniapp 小程序发布体验版 http://198.18.0.1:7001 不在以下 request 合法域名列表中(踩坑记录二)
weixin_44216637的博客
03-31 1513
http://198.18.0.1:7001 不在以下 request 合法域名列表中 无法连接uniCloud本地调试服务,请检查当前客户端是否与主机在同一局域网下
nmap教程—2—发现主机
ZhShy
03-10 1万+
文章目录一、IP发现二、ICMP发现1. ICMP的工作原理2. ICMP请求3.ICMP时间戳4. ICMP地址掩码请求三、TCP发现1. TCP工作原理2. TCP SYN发现 发现主机就是指探测网络中活动的主机发现主机是实施渗透测试的第一步,也是最重要的一步。只有先确定目标主机是活动的,才能进一步实施渗透测试。在Nmap中,可以通过不同的方法来发现主机,如IP发现、ICMP发现、TCP发现UDP发现等。 一、IP发现 网际协议(Internet Protocol)是tcp/ip体系中的网络层协议。
Mac配置双网卡使内外网同时访问
MacwinWin的博客
04-06 3416
公司内外网相互隔离,所以想要使一台电脑同时内外网访问,就需要将两个网络分别连接到电脑的两个网卡上,再设置一下路由表,让某段ip的流量走内网,其他的走外网就可以了 之前有介绍再Linux系统上设置双网卡的教程:https://blog.csdn.net/MacwinWin/article/details/100971477 但Mac上该怎么设置呢? 我的Mac版本是11.2.3 macOS Big Sur 首先需要确认一下内外网流量怎么分配,我的策略是外网流量走wifi,内网流量走网线,所以需要将wifi的优
渗透测试:主机发现和端口扫描的思路方法总结(nmap+ping命令+nc.traditional+伪设备连接)
Bossfrank的博客
06-20 8079
本文总结了有关主机发现和端口扫描的常规方法思路。包括使用nmap工具和使用ping命令进行主机发现、使用nc.traditional进行端口扫描、使用伪设备进行端口扫描。本文涉及了许多bash脚本的for循环命令、有关输出重定向>&符号的使用、逻辑运算符&&和||的使用等,希望读者慢慢消化。
ICMP的使用
ababab_vain的博客
11-30 2196
大家好呀,我是请假君,今天又来和大家一起学习数通了,今天要分享的知识是ICMP。 RFC792定义的ICMP ( Internet Control Message Protocol,互联网控制消息协议)是一个网络层协议,基于IP运行。ICMP定义了错误报告和其它回送给源点的关于IP数据包处理情况的消息,可以用于报告IP数据包传递过程中发生的错误、失败等信息,提供网络诊断等功能。 ICMP通常为IP层或者更高层协议使用。其中 ping是一个最常见的应用,主...
Nmap扫描工具
weixin_33816946的博客
05-17 173
EXAMPLES:1. nmap -v -A sina.com -v: Increase verbosity level (use -vv or more for greater effect) -A: Enable OS detection, version detection, script scanning, and traceroute2.nmap -v -sn 1...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值