Nmap学习8 - 端口扫描实验

最新推荐文章于 2024-09-10 19:04:12 发布
最新推荐文章于 2024-09-10 19:04:12 发布
阅读量4.6k 收藏 11
点赞数
分类专栏: 安全 文章标签: linux 网络 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43838889/article/details/122880777
版权

Nmap学习8 - 端口扫描实验

-sS (TCP SYN扫描)

nmap发送1000个常用服务端口的TCP SYN链接,端口顺序随机。

>nmap -sS --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-11 10:06 ?D1ú±ê×?ê±??
SENT (0.6030s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.6040s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:22 S ttl=38 id=7617 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:135 S ttl=46 id=20457 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:53 S ttl=41 id=30293 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:5900 S ttl=45 id=16473 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:25 S ttl=37 id=4576 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:1025 S ttl=51 id=40887 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:113 S ttl=58 id=15451 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:995 S ttl=54 id=23730 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:23 S ttl=50 id=61533 iplen=44  seq=3403289209 win=1024 <mss 1460>
SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:110 S ttl=45 id=13415 iplen=44  seq=3403289209 win=1024 <mss 1460>
RCVD (0.6920s) TCP 192.168.31.142:22 > 192.168.31.1:47495 SA ttl=64 id=0 iplen=44  seq=2108754243 win=29200 <mss 1460>
RCVD (0.6920s) TCP 192.168.31.142:135 > 192.168.31.1:47495 RA ttl=64 id=56985 iplen=40  seq=0 win=0 
...
RCVD (0.7350s) TCP 192.168.31.142:1641 > 192.168.31.1:47495 RA ttl=64 id=57975 iplen=40  seq=0 win=0 
RCVD (0.7350s) TCP 192.168.31.142:1071 > 192.168.31.1:47495 RA ttl=64 id=57976 iplen=40  seq=0 win=0 
RCVD (0.7350s) TCP 192.168.31.142:2381 > 192.168.31.1:47495 RA ttl=64 id=57977 iplen=40  seq=0 win=0 
RCVD (0.7350s) TCP 192.168.31.142:8089 > 192.168.31.1:47495 RA ttl=64 id=57978 iplen=40  seq=0 win=0 
RCVD (0.7350s) TCP 192.168.31.142:1216 > 192.168.31.1:47495 RA ttl=64 id=57979 iplen=40  seq=0 win=0 
RCVD (0.7350s) TCP 192.168.31.142:8402 > 192.168.31.1:47495 RA ttl=64 id=57980 iplen=40  seq=0 win=0 
Nmap scan report for 192.168.31.142
Host is up (0.00088s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
3306/tcp open  mysql
MAC Address: 00:0C:29:83:79:73 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.74 seconds

TCP SYN扫描,常常被称为半开放扫描, 因为它不打开一个完全的TCP连接。它发送一个SYN报文, 就像您真的要打开一个连接,然后等待响应。

SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:22 S ttl=38 id=7617 iplen=44 seq=3403289209 win=1024 <mss 1460>
RCVD (0.6920s) TCP 192.168.31.142:22 > 192.168.31.1:47495 SA ttl=64 id=0 iplen=44 seq=2108754243 win=29200 <mss 1460>
SYN/ACK表示端口在监听 (开放)

SENT (0.6910s) TCP 192.168.31.1:47495 > 192.168.31.142:135 S ttl=46 id=20457 iplen=44 seq=3403289209 win=1024 <mss 1460>
RCVD (0.6920s) TCP 192.168.31.142:135 > 192.168.31.1:47495 RA ttl=64 id=56985 iplen=40 seq=0 win=0
RST (复位)表示没有监听者。

-p 指定端口

-p (只扫描指定的端口)
该选项指明您想扫描的端口,覆盖默认值。 单个端口和用连字符表示的端口范围(如 1-1023)都可以。 范围的开始以及/或者结束值可以被省略, 分别导致Nmap使用1和65535。所以您可以指定 -p-从端口1扫描到65535。 如果您特别指定,也可以扫描端口0。 对于IP协议扫描(-sO),该选项指定您希望扫描的协议号 (0-255)。

当既扫描TCP端口又扫描UDP端口时,您可以通过在端口号前加上T: 或者U:指定协议。 协议限定符一直有效您直到指定另一个。 例如,参数 -p U:53,111,137,T:21-25,80,139,8080 将扫描UDP 端口53,111,和137,同时扫描列出的TCP端口。注意,要既扫描 UDP又扫描TCP,您必须指定 -sU ,以及至少一个TCP扫描类型(如 -sS,-sF,或者 -sT)。如果没有给定协议限定符, 端口号会被加到所有协议列表。

>nmap -sS -p123,22 --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-11 15:02 ?D1ú±ê×?ê±??
SENT (0.5990s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5990s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6490s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6490s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6510s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6510s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6590s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6600s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6600s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6630s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6630s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6630s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6710s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6710s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6710s] nsock_iod_new2(): nsock_iod_new (IOD #5)
NSOCK INFO [0.6730s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #5) EID 72
NSOCK INFO [0.6740s] nsock_read(): Read request from IOD #5 [198.18.0.1:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6750s] nsock_write(): Write request for 45 bytes to IOD #1 EID 91 [114.114.114.114:53]
NSOCK INFO [0.6800s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6800s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 91 [114.114.114.114:53]
NSOCK INFO [0.6800s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6800s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6800s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6800s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 72 [198.18.0.1:53]
NSOCK INFO [0.7030s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (122 bytes)
NSOCK INFO [0.7040s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 98
NSOCK INFO [0.7040s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.7040s] nevent_delete(): nevent_delete on event #98 (type READ)
NSOCK INFO [0.7040s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.7040s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.7040s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.7040s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.7040s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.7040s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.7040s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSOCK INFO [0.7040s] nevent_delete(): nevent_delete on event #82 (type READ)
SENT (0.7380s) TCP 192.168.31.1:39632 > 192.168.31.142:22 S ttl=53 id=57179 iplen=44  seq=1555126439 win=1024 <mss 1460>
SENT (0.7420s) TCP 192.168.31.1:39632 > 192.168.31.142:123 S ttl=45 id=55924 iplen=44  seq=1555126439 win=1024 <mss 1460>
RCVD (0.7490s) TCP 192.168.31.142:22 > 192.168.31.1:39632 SA ttl=64 id=0 iplen=44  seq=2517647007 win=29200 <mss 1460>
RCVD (0.7490s) TCP 192.168.31.142:123 > 192.168.31.1:39632 RA ttl=64 id=27332 iplen=40  seq=0 win=0
Nmap scan report for 192.168.31.142
Host is up (0.0021s latency).

PORT    STATE  SERVICE
22/tcp  open   ssh
123/tcp closed ntp
MAC Address: 00:0C:29:83:79:73 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds

用逗号分隔的端口列表:$ nmap -p80,443 localhost
用连字符表示的端口范围:$ nmap -p1-100 localhost
从 1 到 65535 的所有端口的别名:# nmap -p- localhost
特定端口(按协议):# nmap -pT:25,U:53
服务名称:# nmap -p smtp
带有通配符的服务名称:# nmap -p smtp*
仅在 Nmap 服务数据库中注册的端口:# nmap -p[1-65535] <目标>

-sT (TCP connect()扫描)

Connect()扫描就是默认的TCP 正常连接。

>nmap -sT -p20-22 --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-11 15:18 ?D1ú±ê×?ê±??
SENT (0.6110s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.6120s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
Stats: 0:00:00 elapsed; 0 hosts completed (0 up), 1 undergoing ARP Ping Scan
ARP Ping Scan Timing: About 100.00% done; ETC: 15:18 (0:00:00 remaining)
NSOCK INFO [0.6760s] nsock_iod_new2(): nsock_iod_new (IOD #1)
...
NSOCK INFO [0.7130s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.7130s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSOCK INFO [0.7130s] nevent_delete(): nevent_delete on event #82 (type READ)
CONN (0.7280s) TCP localhost > 192.168.31.142:22 => Operation now in progress
CONN (0.7360s) TCP localhost > 192.168.31.142:21 => Operation now in progress
CONN (0.7370s) TCP localhost > 192.168.31.142:20 => Operation now in progress
CONN (0.7370s) TCP localhost > 192.168.31.142:22 => Connected
CONN (1.8650s) TCP localhost > 192.168.31.142:20 => Operation now in progress
CONN (1.8660s) TCP localhost > 192.168.31.142:21 => Operation now in progress
Nmap scan report for 192.168.31.142
Host is up (0.0020s latency).

PORT   STATE    SERVICE
20/tcp filtered ftp-data
21/tcp filtered ftp
22/tcp open     ssh
MAC Address: 00:0C:29:83:79:73 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.00 seconds

CONN (0.7280s) TCP localhost > 192.168.31.142:22 => Operation now in progress
CONN (0.7370s) TCP localhost > 192.168.31.142:22 => Connected
nmap使用Connect() API获得每个连接尝试的状态信息,而不是读取响应的原始报文。

-sU (UDP扫描)

UDP扫描发送空的(没有数据)UDP报头到每个目标端口。

>nmap -sU -p67,68,111 --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-11 15:43 ?D1ú±ê×?ê±??
SENT (0.6790s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.6800s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.7390s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.7390s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.7400s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
...
NSOCK INFO [0.7570s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSOCK INFO [0.7570s] nevent_delete(): nevent_delete on event #82 (type READ)
SENT (0.7580s) UDP 192.168.31.1:44771 > 192.168.31.142:111 ttl=59 id=5483 iplen=68
SENT (0.7580s) UDP 192.168.31.1:44771 > 192.168.31.142:67 ttl=40 id=759 iplen=272
SENT (0.7590s) UDP 192.168.31.1:44771 > 192.168.31.142:68 ttl=39 id=16088 iplen=28
RCVD (0.7590s) ICMP [192.168.31.142 > 192.168.31.1 Port 67 unreachable (type=3/code=3) ] IP [ttl=64 id=37532 iplen=300 ]
RCVD (0.7590s) UDP 192.168.31.142:111 > 192.168.31.1:44771 ttl=64 id=17983 iplen=60
SENT (1.8740s) UDP 192.168.31.1:44772 > 192.168.31.142:68 ttl=51 id=4076 iplen=28
Nmap scan report for 192.168.31.142
Host is up (0.0010s latency).

PORT    STATE         SERVICE
67/udp  closed        dhcps
68/udp  open|filtered dhcpc
111/udp open          rpcbind
MAC Address: 00:0C:29:83:79:73 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.01 seconds

SENT (0.7580s) UDP 192.168.31.1:44771 > 192.168.31.142:67 ttl=40 id=759 iplen=272
RCVD (0.7590s) ICMP [192.168.31.142 > 192.168.31.1 Port 67 unreachable (type=3/code=3) ] IP [ttl=64 id=37532 iplen=300 ]
如果返回ICMP端口不可到达错误(类型3,代码3), 该端口是closed(关闭的)。

-sN; -sF; -sX (TCP Null,FIN,and Xmas扫描)

-sN TCP Null扫描

不设置任何标志位(tcp标志头是0)

>nmap -sN -p20-23 --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-11 15:56 ?D1ú±ê×?ê±??
SENT (0.6400s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.6400s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6890s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6900s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6910s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
...
NSOCK INFO [0.7090s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSOCK INFO [0.7090s] nevent_delete(): nevent_delete on event #82 (type READ)
SENT (0.7110s) TCP 192.168.31.1:33617 > 192.168.31.142:22  ttl=48 id=64863 iplen=40  seq=1571317302 win=1024
SENT (0.7110s) TCP 192.168.31.1:33617 > 192.168.31.142:23  ttl=43 id=15345 iplen=40  seq=1571317302 win=1024
SENT (0.7110s) TCP 192.168.31.1:33617 > 192.168.31.142:21  ttl=50 id=24600 iplen=40  seq=1571317302 win=1024
SENT (0.7110s) TCP 192.168.31.1:33617 > 192.168.31.142:20  ttl=40 id=33994 iplen=40  seq=1571317302 win=1024
RCVD (0.7110s) TCP 192.168.31.142:23 > 192.168.31.1:33617 RA ttl=64 id=34146 iplen=40  seq=0 win=0
RCVD (0.7120s) TCP 192.168.31.142:21 > 192.168.31.1:33617 RA ttl=64 id=34147 iplen=40  seq=0 win=0
RCVD (0.7120s) TCP 192.168.31.142:20 > 192.168.31.1:33617 RA ttl=64 id=34148 iplen=40  seq=0 win=0
SENT (1.8200s) TCP 192.168.31.1:33618 > 192.168.31.142:22  ttl=42 id=31705 iplen=40  seq=1571382839 win=1024
Nmap scan report for 192.168.31.142
Host is up (0.00023s latency).

PORT   STATE         SERVICE
20/tcp closed        ftp-data
21/tcp closed        ftp
22/tcp open|filtered ssh
23/tcp closed        telnet
MAC Address: 00:0C:29:83:79:73 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds

RCVD (0.7110s) TCP 192.168.31.142:23 > 192.168.31.1:33617 RA ttl=64 id=34146 iplen=40 seq=0 win=0
RCVD (0.7120s) TCP 192.168.31.142:21 > 192.168.31.1:33617 RA ttl=64 id=34147 iplen=40 seq=0 win=0
RCVD (0.7120s) TCP 192.168.31.142:20 > 192.168.31.1:33617 RA ttl=64 id=34148 iplen=40 seq=0 win=0
20/21/23端口返回RST (复位)表示没有监听者。

SENT (0.7110s) TCP 192.168.31.1:33617 > 192.168.31.142:22 ttl=48 id=64863 iplen=40 seq=1571317302 win=1024
SENT (1.8200s) TCP 192.168.31.1:33618 > 192.168.31.142:22 ttl=42 id=31705 iplen=40 seq=1571382839 win=1024
nmap发送两次22端口扫描,服务端没有返回。没有响应也可能意味着报文过滤器丢弃了探测报文或者它引发的任何响应。因此Nmap无法确定该端口是开放的还是被过滤的。 UDP,IP协议, FIN,Null,和Xmas扫描可能把端口归入“open|filtered” 。

-sF; -sX (FIN,and Xmas扫描) 从–packet-trace 结果看,与-sN相同。

-sA (TCP ACK扫描)

这种扫描与目前为止讨论的其它扫描的不同之处在于 它不能确定open(开放的)或者 open|filtered(开放或者过滤的))端口。 它用于发现防火墙规则,确定它们是有状态的还是无状态的,哪些端口是被过滤的。

服务端 192.168.31.142 执行,将22端口数据丢弃。

iptables -A INPUT -p tcp --dport 22 -j DROP

>nmap -sA -p20-23 --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-11 16:19 ?D1ú±ê×?ê±??
SENT (0.6350s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.6350s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6840s] nsock_iod_new2(): nsock_iod_new (IOD #1)
...
NSOCK INFO [0.7010s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
NSOCK INFO [0.7010s] nevent_delete(): nevent_delete on event #82 (type READ)
SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:22 A ttl=55 id=47881 iplen=40  seq=0 win=1024
SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:23 A ttl=54 id=15580 iplen=40  seq=0 win=1024
SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:21 A ttl=58 id=18026 iplen=40  seq=0 win=1024
SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:20 A ttl=50 id=59861 iplen=40  seq=0 win=1024
RCVD (0.7030s) TCP 192.168.31.142:23 > 192.168.31.1:49417 R ttl=64 id=46495 iplen=40  seq=476804170 win=0
RCVD (0.7030s) TCP 192.168.31.142:21 > 192.168.31.1:49417 R ttl=64 id=46496 iplen=40  seq=476804170 win=0
RCVD (0.7030s) TCP 192.168.31.142:20 > 192.168.31.1:49417 R ttl=64 id=46497 iplen=40  seq=476804170 win=0
SENT (1.8170s) TCP 192.168.31.1:49418 > 192.168.31.142:22 A ttl=37 id=52126 iplen=40  seq=0 win=1024
Nmap scan report for 192.168.31.142
Host is up (0.00s latency).

PORT   STATE      SERVICE
20/tcp unfiltered ftp-data
21/tcp unfiltered ftp
22/tcp filtered   ssh
23/tcp unfiltered telnet
MAC Address: 00:0C:29:83:79:73 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:23 A ttl=54 id=15580 iplen=40 seq=0 win=1024
SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:21 A ttl=58 id=18026 iplen=40 seq=0 win=1024
SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:20 A ttl=50 id=59861 iplen=40 seq=0 win=1024
RCVD (0.7030s) TCP 192.168.31.142:23 > 192.168.31.1:49417 R ttl=64 id=46495 iplen=40 seq=476804170 win=0
RCVD (0.7030s) TCP 192.168.31.142:21 > 192.168.31.1:49417 R ttl=64 id=46496 iplen=40 seq=476804170 win=0
RCVD (0.7030s) TCP 192.168.31.142:20 > 192.168.31.1:49417 R ttl=64 id=46497 iplen=40 seq=476804170 win=0
当扫描未被过滤的系统时, open(开放的)和closed(关闭的) 端口 都会返回RST报文。Nmap把它们标记为 unfiltered(未被过滤的),意思是 ACK报文不能到达,但至于它们是open(开放的)或者 closed(关闭的) 无法确定。

SENT (0.7030s) TCP 192.168.31.1:49417 > 192.168.31.142:22 A ttl=55 id=47881 iplen=40 seq=0 win=1024
SENT (1.8170s) TCP 192.168.31.1:49418 > 192.168.31.142:22 A ttl=37 id=52126 iplen=40 seq=0 win=1024
不响应的端口 或者发送特定的ICMP错误消息(类型3,代号1,2,3,9,10, 或者13)的端口,标记为 filtered(被过滤的)。

医生的托马斯
关注
专栏目录
nmap端口扫描与测试
z_beast的博客
08-27 9341
实验目的及要求 1.Nmap安装和扫描安装 2.选择和排除扫描标 3.扫描发现存活的目标主机 4.识别操作系统 5.识别目标主机的服务及版本 6.绕过防火墙扫描端口 实验环境 实验内容与完成情况 一、Nmap安装和扫描安装 (1)在Win7系统中安装Nmap 登陆官网进行下载 找到指定的下载链接 在win7下下载Nmap 选择安装组件(这里选择默认) 选择安装路径 数据安装读条 ...
实验2 网络扫描--Nmap与X-Scan
君莫hacker的博客
09-15 5130
Nmap:使用命令进行主机扫描、端口扫描、操作系统识别和漏洞扫描,并理解扫描原理。 X-Scan:安装软件,并对一个地址段进行扫描,并形成扫描报告。 保持默认,点击install进行安装(忘截图了) 安装完成 2. windows主机下载安装X-Scan 实验操作 namp操作 ...
网络攻防-端口扫描实验
qq_64389397的博客
12-15 1067
本次实验主要对主机扫描和端口扫描原理的理解。回答问题:样例程序中“conf.L3socket=L3RawSocket”的作用是什么?
Nmap端口扫描实验
03-27
Nmap端口扫描实验
扫描与爆破
最新发布
2302_80097039的博客
09-10 300
这里我直接用kali虚拟机进行试验,靶机为win2003还是先了解一下基础的语法和知识要想打开对应的端口号需要打开对应的服务,或者去服务管理里面打开对应的服务就可以了Nmap-扫描器之王重要参数。
端口扫描实验报告
12-21
端口扫描  设计并实现一个端口扫描程序,检测某个IP或某段IP的计算机的端口工作情况。
Nmap网络扫描器实验
Fright-Moch的博客
05-09 7310
网络入侵的一般流程是确定目标、信息收集、漏洞挖掘、实施攻击、留下后门、清除日志。在信息收集环节又可分为网络踩点、网络扫描和网络查点。在网络扫描部分,按照攻击者的入侵流程又可分为主机扫描、端口扫描、系统类型探测和漏洞扫描。 网络扫描是针对整个目标网络或单台主机,网络扫描可以全面、快速、准确的获取目标系统的信息;通过网络扫描发现对方,获取对方的信息是进行网络攻防的前提。至今,互联网上有许多开源的优秀网络扫描工具,Nmap(简称Network Mapper)就是世界上最流行功能、最强大的网络扫描工具。
解决方案-nmap端口扫描实验-新手白帽子详细教程
2401_84915584的博客
05-16 351
本文已参与「新人创作礼」活动,一起开启掘金创作之路0x01 端口信息使用nmap对靶机进行端口探测结果如下:| : | HTTP/1。
网络安全实验---NMAP扫描.docx
06-09
网络安全实验---NMAP扫描全文共8页,当前为第1页。网络安全实验---NMAP扫描全文共8页,当前为第1页。实验目的和要求 网络安全实验---NMAP扫描全文共8页,当前为第1页。 网络安全实验---NMAP扫描全文共8页,当前为第1...
端口扫描神器 - Nmap的基本使用
热门推荐
hackzkaq的博客
11-19 1万+
搜索公众号:白帽子左一,领配套练手靶场,全套安全课程及工具 一、Nmap简介 Nmap是一款网络扫描和主机检测的非常有用的工具。 可以用于收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。 主要功能有: 检测活在网络上的主机(主机发现) 检测主机上开放的端口(端口发现或枚举) 检测到相应的端口(服务发现)的软件和版本 检测操作系统,硬件地址,以及软件版本 检测脆弱性的漏洞(Nmap的脚本) 下载地址:https://nmap.org/download.html (也可文末扫码找助教领取安装
端口扫描实验
07-19
了解端口扫描的基本概念和工作原理。编写一个利用全连接的端口扫描程序,能显示目标主机的端口开放情况。要求能在命令行输入要扫描的目标主机和端口范围。
网络实验端口扫描实验报告
06-30
网络实验实验报告,什么都有了,制作个封面就可以交了。~~~
扫描---实验一:端口扫描(X-scan)
weixin_70557959的博客
05-05 8626
一、实验目的及要求 掌握使用X-scan对目标主机进行综合检测,查看相关漏洞信息。 二、实验原理 计算机通过各个端口与其他设备交换信息,每一个打开的端口都是一个潜在的通信通道,同时也意味着是一个可入侵的通道。对目标计算机进行端口扫描,就能得到许多有用的信息。端口扫描可以通过手工进行扫描,也可以用端口扫描器进行扫描。 扫描器是一种自动检测远程或本地主机安全性弱点的程序,通过使用扫描器可以不留痕迹的发现远程服务器的各种TCP端口的分配及提供的服务和它们的软件版本,可以直观了解到存在的安全问题。X-sca
网络攻击与防御》 主机发现与端口扫描实验nmap(2)
CSDNfengwang的博客
02-20 1555
掌握主机活跃性检测、网络拓扑检测、端口、开放服务与系统识别的检测,并可以利用漏洞检测工具来进行基本的系统漏洞扫描。
实验一:端口扫描(X-scan)
weixin_46544151的博客
04-18 1万+
一、实验目的及要求 掌握使用X-scan对目标主机进行综合检测,查看相关漏洞信息。 二、实验原理 计算机通过各个端口与其他设备交换信息,每一个打开的端口都是一个潜在的通信通道,同时也意味着是一个可入侵的通道。对目标计算机进行端口扫描,就能得到许多有用的信息。端口扫描可以通过手工进行扫描,也可以用端口扫描器进行扫描。 扫描器是一种自动检测远程或本地主机安全性弱点的程序,通过使用扫描器可以不留痕迹的发现远程服务器的各种TCP端口的分配及提供的服务和它们的软件版本,可以直观了解到存在的安全问题。X-sca
网络攻防技术】实验二——端口扫描实验
qq_45755706的博客
02-26 4937
一、实验要求 本次实验主要对主机扫描和端口扫描原理的理解。使用python(scapy库)编写端口扫描程序,对目标IP(包含IP地址段)进行扫描,完成以下功能: 使用icmp协议探测主机是否开启; 对本机(关闭防火墙)的开放端口和非开放端口完成半连接、ACK、FIN、Null、Xmas、windows扫描,并与nmap扫描结果进行比较。 对远程(有防火墙)主机的开放端口和非开放端口完成半连接、ACK、FIN、Null、Xmas、windows扫描,并与2)进行比较,分析结果。 回答问题:样例程序中“con
Nmap扫描器实验:Windows 2003环境下主机与端口探测
"这篇实验报告详细介绍了如何使用Nmap扫描器进行主机和端口扫描,以及如何进行远程操作系统检测。实验环境是Microsoft Windows 2003虚拟机,使用TCP/IP网络Nmap版本为6.47。实验的主要目的是让学生掌握Nmap的基本...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值