Nmap 網路診斷工具基本使用技巧與教學
2016-09-25 13:56
429 查看
Nmap 是一個開放原始碼的網路掃描與探測工具,可以讓網路管理者掃描整個子網域或主機的連接埠等,功能非常強大。
Nmap(Network Mapper)是一個開放原始碼的網路檢測工具,它的功能非常強大,這裡整理了許多使用範例,讓初學者可以快速上手。
一般的 Linux 系統通常都會將 Nmap 納入官方的套件庫,如果是 Red Hat 系列的 Linux,可以使用 yum 安裝:
而如果是 Debian 系列的 Linux 則可使用 apt:
輸出為
也可以直接使用 IP 位址來指定掃描的主機:
如果加上
輸出為
輸出為
您也可以直接使用萬用字元,一次掃描整個子網域:
或是
如果您想要掃描
如果要掃描子網域中連續的某一段,可以這樣寫:
然後我們就可以使用
若以檔案方式指定主機,也可以使用
輸出為
1SSH 伺服器版本。
2Apache 伺服器版本。
3作業系統類型。
如果只需要作業系統資訊,可以使用
輸出為
若只需要各種服務的版本:
輸出為
輸出為
輸出為
輸出為
輸出為
另一種方式:
指定 TCP 連接埠
指定 UDP 連接埠
掃描兩個連接埠:
指定連接埠範圍:
結合各種參數:
掃描前
Nmap(Network Mapper)是一個開放原始碼的網路檢測工具,它的功能非常強大,這裡整理了許多使用範例,讓初學者可以快速上手。
安裝
一般的 Linux 系統通常都會將 Nmap 納入官方的套件庫,如果是 Red Hat 系列的 Linux,可以使用 yum 安裝:sudo yum install nmap
而如果是 Debian 系列的 Linux 則可使用 apt:
sudo apt-get install nmap
基本主機掃描
Nmap 最基本的用法就是掃描主機是否有開機,並且開啟哪些連接埠:nmap www.hinet.net
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 08:09 CST Nmap scan report for www.hinet.net (202.39.253.11) Host is up (0.0034s latency). rDNS record for 202.39.253.11: 202-39-253-11.HINET-IP.hinet.net Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 113/tcp closed ident Nmap done: 1 IP address (1 host up) scanned in 6.05 seconds
也可以直接使用 IP 位址來指定掃描的主機:
nmap 202.39.253.11
如果加上
-v參數,會有更詳細的輸出:
nmap -v www.hinet.net
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 08:32 CST Initiating Ping Scan at 08:32 Scanning www.hinet.net (202.39.253.11) [2 ports] Completed Ping Scan at 08:32, 1.20s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 08:32 Completed Parallel DNS resolution of 1 host. at 08:32, 0.00s elapsed Initiating Connect Scan at 08:32 Scanning www.hinet.net (202.39.253.11) [1000 ports] Discovered open port 80/tcp on 202.39.253.11 Completed Connect Scan at 08:32, 4.81s elapsed (1000 total ports) Nmap scan report for www.hinet.net (202.39.253.11) Host is up (0.0044s latency). rDNS record for 202.39.253.11: 202-39-253-11.HINET-IP.hinet.net Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 113/tcp closed ident Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 6.13 seconds
掃描多台主機
如果要一次掃描多台主機,就直接把所有的主機名稱都放進nmap的參數中即可:
nmap www.hinet.net tw.yahoo.com www.google.com.tw
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 08:36 CST Nmap scan report for www.hinet.net (202.39.253.11) Host is up (0.0038s latency). rDNS record for 202.39.253.11: 202-39-253-11.HINET-IP.hinet.net Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 113/tcp closed ident Nmap scan report for tw.yahoo.com (202.43.192.109) Host is up (0.0046s latency). rDNS record for 202.43.192.109: ir1.fp.vip.tw1.yahoo.com Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 113/tcp closed ident 443/tcp open https Nmap scan report for www.google.com.tw (74.125.31.94) Host is up (0.011s latency). rDNS record for 74.125.31.94: tb-in-f94.1e100.net Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 113/tcp closed ident 443/tcp open https Nmap done: 3 IP addresses (3 hosts up) scanned in 9.97 seconds
您也可以直接使用萬用字元,一次掃描整個子網域:
nmap 192.168.0.*
或是
nmap 192.168.0.0/24
如果您想要掃描
192.168.0.123、
192.168.0.124、
192.168.0.125這三台主機,可以寫成這樣:
nmap 192.168.0.123,124,125
如果要掃描子網域中連續的某一段,可以這樣寫:
nmap 192.168.0.123-140
以檔案列表指定主機
nmap也可以直接從檔案讀取要掃描的主機,假設我們有一個主機列表檔案
hostlist.txt,其內容為:
www.hinet.net 192.168.0.123 www.google.com.tw
然後我們就可以使用
nmap直接讀取這個檔案內容來進行掃描:
nmap -iL hostlist.txt
排除指定的主機
如果要掃描整個網域,但是要排除某些機器,可以使用--exclude參數:
nmap 192.168.0.* --exclude 192.168.0.100
若以檔案方式指定主機,也可以使用
--excludefile指定排除的列表:
nmap -iL hostlist.txt --excludefile excludelist.txt
偵測作業系統版本
如果要偵測主機的作業系統與各種服務的版本,可以加上-A參數:
nmap -A scanme.nmap.org
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 09:37 CST Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.14s latency). Not shown: 990 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.11 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA) |_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA) 53/tcp filtered domain 80/tcp open http Apache httpd 2.2.142 ((Ubuntu)) |_http-title: Go ahead and ScanMe! 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 6666/tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 6669/tcp filtered irc 9929/tcp open nping-echo Nping echo Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel3 Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 58.98 seconds
1SSH 伺服器版本。
2Apache 伺服器版本。
3作業系統類型。
如果只需要作業系統資訊,可以使用
-O參數:
nmap -O scanme.nmap.org
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 09:44 CST Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.14s latency). Not shown: 990 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp filtered domain 80/tcp open http 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 6666/tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 6669/tcp filtered irc 9929/tcp open nping-echo Aggressive OS guesses: Linux 2.6.32 - 3.9 (98%), Linux 2.6.38 - 3.0 (97%), Linux 2.6.32 - 2.6.39 (97%), Netgear DG834G WAP or Western Digital WD TV media player (96%), Linux 2.6.32 - 3.2 (95%), Linux 3.0 - 3.9 (95%), Linux 3.2 (95%), Linux 2.6.32 - 3.6 (95%), Linux 3.1 (95%), AXIS 210A or 211 Network Camera (Linux 2.6) (94%) No exact OS matches for host (test conditions non-ideal). Network Distance: 12 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.80 seconds
若只需要各種服務的版本:
nmap -sV scanme.nmap.org
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 13:16 CST Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.14s latency). Not shown: 989 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7.1 (Ubuntu Linux; protocol 2.0) 53/tcp filtered domain 80/tcp open http Apache httpd 2.2.14 ((Ubuntu)) 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 1105/tcp filtered ftranhc 6666/tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 6669/tcp filtered irc 9929/tcp open nping-echo Nping echo Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 48.03 seconds
測試主機是否有防火牆
Nmap 可以透過 TCP ACK 掃描,偵測主機是否有啟用防火牆:nmap -sA scanme.nmap.org
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 10:17 CST Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.14s latency). All 1000 scanned ports on scanme.nmap.org (74.207.244.221) are unfiltered Nmap done: 1 IP address (1 host up) scanned in 2.22 seconds
掃描有防火牆的主機
掃描在防火牆保護下的主機:nmap -PN scanme.nmap.org
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 10:24 CST Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up (0.14s latency). Not shown: 990 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp filtered domain 80/tcp open http 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 6666/tcp filtered irc 6667/tcp filtered irc 6668/tcp filtered irc 6669/tcp filtered irc 9929/tcp open nping-echo Nmap done: 1 IP address (1 host up) scanned in 16.99 seconds
偵測有開機的主機
掃描整個網路,偵測所有有開機的主機(ping scan):nmap -sP 140.115.35.0/24
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 11:06 CST Nmap scan report for mail.atm.ncu.edu.tw (140.115.35.1) Host is up (0.0018s latency). Nmap scan report for rain.atm.ncu.edu.tw (140.115.35.4) Host is up (0.0015s latency). Nmap scan report for iut.atm.ncu.edu.tw (140.115.35.5) Host is up (0.0017s latency). [略] Nmap scan report for 140.115.35.254 Host is up (0.0047s latency). Nmap done: 256 IP addresses (117 hosts up) scanned in 3.00 seconds
快速掃描
加快掃描的速度:nmap -F www.hinet.net
輸出為
Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 10:55 CST Nmap scan report for www.hinet.net (202.39.253.11) Host is up (0.0034s latency). rDNS record for 202.39.253.11: 202-39-253-11.HINET-IP.hinet.net Not shown: 98 filtered ports PORT STATE SERVICE 80/tcp open http 113/tcp closed ident Nmap done: 1 IP address (1 host up) scanned in 2.19 seconds
另一種方式:
nmap -T5 192.168.1.0/24
指定掃描的連接埠
掃描連接埠80:
nmap -p 80 192.168.1.1
指定 TCP 連接埠
80:
nmap -p T:80 192.168.1.1
指定 UDP 連接埠
53:
nmap -p U:53 192.168.1.1
掃描兩個連接埠:
nmap -p 80,443 192.168.1.1
指定連接埠範圍:
nmap -p 80-200 192.168.1.1
結合各種參數:
nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1 nmap -p U:53,111,137,T:21-25,80,139,8080 server1.cyberciti.biz nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254
掃描前
10個常用的連接埠:
nmap --top-ports 10 192.168.1.1
查詢主機名稱
只查詢網域中所有的主機名稱,不做任何主機與連接埠的偵測:nmap -sL 192.168.1.0/24
相关文章推荐
- Mysql挂掉后无法重启,报错pid文件丢失
- 如何为我们的Snappy Ubuntu应用编译并打包Snap(1)
- 远程启动windows进程
- scala中trait的线性化推导公式
- ListView的性能优化之convertView和viewHolder
- JAVA基础--JAVA的四种引用
- 走进Javascript变量的世界
- visio2007使用记录
- 腾讯2016校招笔试
- Android之文件下载
- Web前端开发规范:CSS书写规范
- Spring创建对象的三种方法之二静态工厂创建(源码)
- JAVA基础--垃圾回收机制及算法
- iOS开发 适配iOS10以及Xcode8
- Java源码初学_AbstractList&AbstractCollection
- 单例模式
- java权限与修饰符
- JAVA线程锁及部分特性
- Android之SQLite数据库的使用
- 接口 xml json 数据的封装类