Nmap即网络映射器对Linux系统/网络管理员来说是一个开源且非常通用的工具。Nmap用于在远程机器上探测网络,执行安全扫描,网络审计和搜寻开放端口。它会扫描远程在线主机,该主机的操作系统,包过滤器和开放的端口。
我用两部centos 6.x的主机进行测试
server:192.168.1.252
client:192.168.1.200
安装nmap,默认centos和red hat并没有安装
yum install nmap
使用主机名或IP地址进行扫描
[root@www ~]# nmap 192.168.1.252 直接nmap加IP或主机名进行扫描可以加多个IP同时进行扫描
也可使用IP地址最后的字节进行扫描比如:
192.168.1.252,253,254用“,”隔开。
分段扫描:192.168.1.199-254
Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 10:40 CST
Nmap scan report for 192.168.1.252
Host is up (0.00054s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh 这里是表示server开启的端口和服务
MAC Address: 00:0C:29:64:CC:0F (VMware) server的mac地址
Nmap done: 1 IP address (1 host up) scanned in 1.44 seconds
使用-v选项 显示更多server主机上的详细信息
[root@www ~]# nmap -v 192.168.1.252
Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 10:49 CST
Initiating ARP Ping Scan at 10:49
Scanning 192.168.1.252 [1 port]
Completed ARP Ping Scan at 10:49, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:49
Completed Parallel DNS resolution of 1 host. at 10:49, 0.01s elapsed
Initiating SYN Stealth Scan at 10:49
Scanning 192.168.1.252 [1000 ports]
Discovered open port 22/tcp on 192.168.1.252
Completed SYN Stealth Scan at 10:49, 0.16s elapsed (1000 total ports)
Nmap scan report for 192.168.1.252
Host is up (0.00060s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:64:CC:0F (VMware)
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds
Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.032KB)
扫描整个网段子网
[root@www ~]# nmap 192.168.1.* 排除主机扫描法:
192.168.1.* -exclude 192.168.1.5
Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 11:08 CST
Nmap scan report for 192.168.1.1
Host is up (0.00082s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
MAC Address: 00:22:AA:EA:48:48 (Nintendo Co.)
Nmap scan report for 192.168.1.5
Host is up (0.00081s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
80/tcp open http
1900/tcp open upnp
MAC Address: C0:61:18:07:07:83 (Unknown)
........省略...........
路由和系统扫描
[root@www ~]# nmap -A 192.168.1.252
Starting Nmap 5.51 ( http://nmap.org ) at 2016-08-03 11:28 CST
Nmap scan report for 192.168.1.252
Host is up (0.00064s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
|_ssh-hostkey: 2048 00:b0:0a:3f:77:bc:56:a1:b8:6b:99:76:f4:b4:89:4d (RSA)
MAC Address: 00:0C:29:64:CC:0F (VMware)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.51%D=8/3%OT=22%CT=1%CU=39616%PV=Y%DS=1%DC=D%G=Y%M=000C29%TM=57A
OS:16500%P=x86_64-redhat-linux-gnu)SEQ(SP=100%GCD=1%ISR=106%TI=Z%CI=I%II=I%
OS:TS=A)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5
OS:=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=
OS:3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%
OS:A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0
OS:%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S
OS:=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R
OS:=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N
OS:%T=40%CD=S)
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.64 ms 192.168.1.252
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.51 seconds
扫描udp端口: nmap -sU 192.168.1.252
扫描指定udp端口:nmap -sU 53 192.168.1.252
扫描多个端口: nmap -p 80,25,110 192.168.1.252
扫描一段端口: nmap -p 80-1000 192.168.1.252
查找主机版本: nmap -sV 192.168.1.252