1.ping扫描:

nmap -sP 172.16.88.0/24

扫描172.16.88.0/24网段上有哪些主机是存活的:

 

[root@nmap ~]# nmap -sP 172.16.88.0/24

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 16:33 CST

Nmap scan report for 172.16.88.1

Host is up (0.00060s latency).

Nmap scan report for 172.16.88.3

Host is up (0.00035s latency).

Nmap scan report for 172.16.88.4

Host is up (0.00034s latency).

Nmap scan report for 172.16.88.30

Host is up (0.00079s latency).

Nmap scan report for 172.16.88.31

Host is up (0.00063s latency).

Nmap scan report for 172.16.88.34

Host is up (0.00075s latency).

Nmap scan report for 172.16.88.37

Host is up (0.00052s latency).

Nmap scan report for 172.16.88.46

Host is up (0.00068s latency).

Nmap scan report for 172.16.88.47

Host is up (0.00063s latency).

Nmap scan report for 172.16.88.48

Host is up (0.00062s latency).

Nmap scan report for 172.16.88.50

Host is up (0.00076s latency).

Nmap scan report for 172.16.88.56

Host is up (0.00063s latency).

Nmap scan report for 172.16.88.61

Host is up (0.00047s latency).

Nmap scan report for 172.16.88.66

Host is up (0.00055s latency).

Nmap scan report for 172.16.88.71

Host is up (0.00062s latency).

Nmap scan report for 172.16.88.72

Host is up (0.00056s latency).

Nmap scan report for 172.16.88.73

Host is up (0.00069s latency).

Nmap scan report for 172.16.88.74

Host is up (0.00063s latency).

Nmap scan report for 172.16.88.80

Host is up (0.00082s latency).

Nmap scan report for 172.16.88.81

Host is up (0.00081s latency).

Nmap scan report for 172.16.88.85

Host is up (0.0032s latency).

Nmap scan report for 172.16.88.90

Host is up (0.0096s latency).

Nmap scan report for 172.16.88.91

Host is up (0.00029s latency).

Nmap scan report for 172.16.88.92

Host is up (0.00059s latency).

Nmap scan report for 172.16.88.93

Host is up (0.00088s latency).

Nmap scan report for 172.16.88.94

Host is up (0.00072s latency).

Nmap scan report for 172.16.88.124

Host is up (0.00071s latency).

Nmap scan report for 172.16.88.126

Host is up (0.00028s latency).

Nmap scan report for 172.16.88.139

Host is up (0.00037s latency).

Nmap scan report for 172.16.88.145

Host is up (0.00040s latency).

Nmap scan report for 172.16.88.147

Host is up (0.00069s latency).

Nmap scan report for 172.16.88.155

Host is up (0.00028s latency).

Nmap scan report for 172.16.88.156

Host is up (0.00037s latency).

Nmap scan report for 172.16.88.166

Host is up (0.00082s latency).

Nmap scan report for 172.16.88.167

Host is up (0.00072s latency).

Nmap scan report for 172.16.88.168

Host is up (0.00039s latency).

Nmap scan report for 172.16.88.170

Host is up (0.00086s latency).

Nmap scan report for 172.16.88.172

Host is up (0.00034s latency).

Nmap scan report for 172.16.88.175

Host is up (0.00089s latency).

Nmap scan report for 172.16.88.180

Host is up (0.00056s latency).

Nmap scan report for 172.16.88.181

Host is up (0.00041s latency).

Nmap scan report for 172.16.88.183

Host is up (0.00053s latency).

Nmap scan report for 172.16.88.184

Host is up (0.00075s latency).

Nmap scan report for 172.16.88.186

Host is up (0.00037s latency).

Nmap scan report for 172.16.88.187

Host is up (0.00031s latency).

Nmap scan report for 172.16.88.188

Host is up (0.00039s latency).

Nmap scan report for 172.16.88.189

Host is up (0.00035s latency).

Nmap scan report for 172.16.88.190

Host is up (0.00053s latency).

Nmap scan report for 172.16.88.197

Host is up (0.00051s latency).

Nmap scan report for 172.16.88.198

Host is up (0.00067s latency).

Nmap scan report for 172.16.88.199

Host is up (0.00059s latency).

Nmap scan report for 172.16.88.200

Host is up (0.00071s latency).

Nmap scan report for 172.16.88.209

Host is up (0.00037s latency).

Nmap scan report for 172.16.88.213

Host is up (0.00037s latency).

Nmap scan report for 172.16.88.222

Host is up (0.00021s latency).

Nmap scan report for 172.16.88.241

Host is up (0.00046s latency).

Nmap scan report for 172.16.88.243

Host is up (0.00022s latency).

Nmap scan report for 172.16.88.251

Host is up (0.00044s latency).

Nmap scan report for 172.16.88.254

Host is up (0.00049s latency).

Nmap done: 256 IP addresses (59 hosts up) scanned in 73.11 seconds

 

2.无ping扫描,ping扫描虽然简单,但是当开启了禁ping后,以上方法便行不通了。这时我们便可以用无ping扫描。

nmap -p0 172.16.88.0/24

扫描172.16.88.0/24网段上有哪些主机是存活的:

 

[root@nmap ~]# nmap -p0 172.16.88.0/24

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 16:51 CST

Nmap scan report for 172.16.88.1

Host is up (0.00063s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.3

Host is up (0.00038s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.4

Host is up (0.00040s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.30

Host is up (0.00086s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.31

Host is up (0.00058s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.34

Host is up (0.00069s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.37

Host is up (0.00060s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.46

Host is up (0.00057s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.47

Host is up (0.00051s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.48

Host is up (0.00050s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.50

Host is up (0.00065s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.56

Host is up (0.00061s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.61

Host is up (0.00051s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.66

Host is up (0.00080s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.71

Host is up (0.00051s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.72

Host is up (0.00062s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.73

Host is up (0.00055s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.74

Host is up (0.00057s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.80

Host is up (0.00053s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.81

Host is up (0.00075s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.85

Host is up (0.00053s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

 

Nmap scan report for 172.16.88.90

Host is up (0.0011s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.91

Host is up (0.00026s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.92

Host is up (0.00050s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.93

Host is up (0.00066s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.94

Host is up (0.0019s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.124

Host is up (0.00061s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.126

Host is up (0.00034s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.139

Host is up (0.00033s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.145

Host is up (0.00040s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.147

Host is up (0.00058s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.155

Host is up (0.00024s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.156

Host is up (0.00057s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.166

Host is up (0.00066s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.167

Host is up (0.00060s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.168

Host is up (0.00039s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.170

Host is up (0.00051s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.172

Host is up (0.00037s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.175

Host is up (0.00049s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.180

Host is up (0.00058s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.181

Host is up (0.00043s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.183

Host is up (0.00052s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.184

Host is up (0.00061s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.186

Host is up (0.00034s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.187

Host is up (0.00028s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.188

Host is up (0.00040s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.189

Host is up (0.00036s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.190

Host is up (0.00094s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.197

Host is up (0.00051s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.198

Host is up (0.00063s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.199

Host is up (0.00073s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.200

Host is up (0.00048s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.209

Host is up (0.00041s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.213

Host is up (0.00033s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.222

Host is up (0.00020s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.241

Host is up (0.00053s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap scan report for 172.16.88.243

Host is up (0.00028s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.251

Host is up (0.00038s latency).

PORT  STATE    SERVICE

0/tcp filtered unknown

Nmap scan report for 172.16.88.254

Host is up (0.00079s latency).

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap done: 256 IP addresses (59 hosts up) scanned in 81.43 seconds

 

3.ARP扫描

Nmap -PR 172.16.88.0/24

ARP扫描是nmap对目标进行一个apr ping扫描的过程,尤其在内网的情况下。因为在本地局域网防火墙是不会禁止ARP请求的。所以在内网中使用apr扫描时非常有效的。

 

[root@nmap ~]# nmap -PR 172.16.88.0/24

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 17:09 CST

Nmap scan report for 172.16.88.1

Host is up (0.00043s latency).

Not shown: 990 filtered tcp ports (no-response)

PORT     STATE  SERVICE

22/tcp   closed ssh

80/tcp   open   http

427/tcp  open   svrloc

443/tcp  open   https

902/tcp  open   iss-realsecure

5988/tcp closed wbem-http

5989/tcp closed wbem-https

8000/tcp open   http-alt

8300/tcp open   tmi

9080/tcp open   glrpc

 

Nmap scan report for 172.16.88.3

Host is up (0.00028s latency).

Not shown: 982 filtered tcp ports (no-response)

PORT     STATE  SERVICE

22/tcp   open   ssh

80/tcp   open   http

139/tcp  open   netbios-ssn

443/tcp  open   https

445/tcp  open   microsoft-ds

3260/tcp closed iscsi

4000/tcp open   remoteanything

4001/tcp closed newoak

4002/tcp open   mlchat-proxy

4003/tcp closed pxc-splr-ft

4004/tcp closed pxc-roid

4005/tcp closed pxc-pin

4006/tcp closed pxc-spvr

7001/tcp closed afs3-callback

7002/tcp closed afs3-prserver

7004/tcp closed afs3-kaserver

7007/tcp closed afs3-bos

7019/tcp closed doceri-ctl

 

Nmap scan report for 172.16.88.4

Host is up (0.00032s latency).

Not shown: 982 filtered tcp ports (no-response)

PORT     STATE  SERVICE

22/tcp   open   ssh

80/tcp   open   http

139/tcp  open   netbios-ssn

443/tcp  open   https

445/tcp  open   microsoft-ds

3260/tcp closed iscsi

4000/tcp open   remoteanything

4001/tcp closed newoak

4002/tcp open   mlchat-proxy

4003/tcp closed pxc-splr-ft

4004/tcp closed pxc-roid

4005/tcp closed pxc-pin

4006/tcp closed pxc-spvr

7001/tcp closed afs3-callback

7002/tcp closed afs3-prserver

7004/tcp closed afs3-kaserver

7007/tcp closed afs3-bos

7019/tcp closed doceri-ctl

 

Nmap scan report for 172.16.88.30

Host is up (0.00082s latency).

Not shown: 991 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

5500/tcp open  hotline

5901/tcp open  vnc-1

8080/tcp open  http-proxy

 

Nmap scan report for 172.16.88.31

Host is up (0.00056s latency).

Not shown: 941 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

8022/tcp open  oa-system

 

Nmap scan report for 172.16.88.34

Host is up (0.00049s latency).

Not shown: 996 closed tcp ports (reset)

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.37

Host is up (0.00052s latency).

Not shown: 942 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.46

Host is up (0.00050s latency).

Not shown: 987 closed tcp ports (reset)

PORT     STATE SERVICE

53/tcp   open  domain

88/tcp   open  kerberos-sec

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

389/tcp  open  ldap

445/tcp  open  microsoft-ds

464/tcp  open  kpasswd5

593/tcp  open  http-rpc-epmap

636/tcp  open  ldapssl

3268/tcp open  globalcatLDAP

3269/tcp open  globalcatLDAPssl

3389/tcp open  ms-wbt-server

4899/tcp open  radmin

 

Nmap scan report for 172.16.88.47

Host is up (0.00058s latency).

Not shown: 942 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE  SERVICE

22/tcp   open   ssh

80/tcp   open   http

389/tcp  open   ldap

1433/tcp closed ms-sql-s

1521/tcp open   oracle

1812/tcp closed radius

3306/tcp open   mysql

5901/tcp open   vnc-1

 

Nmap scan report for 172.16.88.48

Host is up (0.00047s latency).

Not shown: 988 closed tcp ports (reset)

PORT      STATE SERVICE

80/tcp    open  http

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

445/tcp   open  microsoft-ds

3389/tcp  open  ms-wbt-server

8254/tcp  open  unknown

49152/tcp open  unknown

49153/tcp open  unknown

49154/tcp open  unknown

49155/tcp open  unknown

49156/tcp open  unknown

49158/tcp open  unknown

 

Nmap scan report for 172.16.88.50

Host is up (0.00056s latency).

Not shown: 993 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

3390/tcp open  dsc

8443/tcp open  https-alt

 

Nmap scan report for 172.16.88.56

Host is up (0.00076s latency).

Not shown: 986 closed tcp ports (reset)

PORT      STATE SERVICE

80/tcp    open  http

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

445/tcp   open  microsoft-ds

3306/tcp  open  mysql

3389/tcp  open  ms-wbt-server

8200/tcp  open  trivnet1

8254/tcp  open  unknown

49152/tcp open  unknown

49153/tcp open  unknown

49154/tcp open  unknown

49155/tcp open  unknown

49156/tcp open  unknown

49157/tcp open  unknown

 

Nmap scan report for 172.16.88.61

Host is up (0.00049s latency).

Not shown: 992 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

5432/tcp open  postgresql

8088/tcp open  radan-http

8089/tcp open  unknown

8099/tcp open  unknown

8443/tcp open  https-alt

 

Nmap scan report for 172.16.88.66

Host is up (0.00066s latency).

Not shown: 942 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.71

Host is up (0.00052s latency).

Not shown: 942 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.72

Host is up (0.00049s latency).

Not shown: 947 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

80/tcp   open  http

443/tcp  open  https

3301/tcp open  unknown

 

Nmap scan report for 172.16.88.73

Host is up (0.00051s latency).

Not shown: 946 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

111/tcp  open  rpcbind

2049/tcp open  nfs

3306/tcp open  mysql

 

Nmap scan report for 172.16.88.74

Host is up (0.00041s latency).

Not shown: 987 closed tcp ports (reset)

PORT     STATE SERVICE

53/tcp   open  domain

88/tcp   open  kerberos-sec

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

389/tcp  open  ldap

445/tcp  open  microsoft-ds

464/tcp  open  kpasswd5

593/tcp  open  http-rpc-epmap

636/tcp  open  ldapssl

3268/tcp open  globalcatLDAP

3269/tcp open  globalcatLDAPssl

3389/tcp open  ms-wbt-server

4899/tcp open  radmin

 

Nmap scan report for 172.16.88.80

Host is up (0.00058s latency).

Not shown: 941 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

8022/tcp open  oa-system

 

Nmap scan report for 172.16.88.81

Host is up (0.00052s latency).

Not shown: 996 closed tcp ports (reset)

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.85

Host is up (0.00036s latency).

Not shown: 989 closed tcp ports (reset)

PORT      STATE SERVICE

21/tcp    open  ftp

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

445/tcp   open  microsoft-ds

3389/tcp  open  ms-wbt-server

49152/tcp open  unknown

49153/tcp open  unknown

49154/tcp open  unknown

49156/tcp open  unknown

49157/tcp open  unknown

49159/tcp open  unknown

 

Nmap scan report for 172.16.88.90

Host is up (0.0020s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

8081/tcp open  blackice-icecap

8082/tcp open  blackice-alerts

 

Nmap scan report for 172.16.88.91

Host is up (0.00028s latency).

Not shown: 998 closed tcp ports (reset)

PORT    STATE SERVICE

22/tcp  open  ssh

111/tcp open  rpcbind

 

Nmap scan report for 172.16.88.92

Host is up (0.00053s latency).

Not shown: 941 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

8022/tcp open  oa-system

 

Nmap scan report for 172.16.88.93

Host is up (0.00057s latency).

Not shown: 941 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

1433/tcp open  ms-sql-s

1521/tcp open  oracle

3301/tcp open  unknown

3306/tcp open  mysql

3389/tcp open  ms-wbt-server

8022/tcp open  oa-system

 

Nmap scan report for 172.16.88.94

Host is up (0.00056s latency).

Not shown: 994 filtered tcp ports (no-response)

PORT      STATE SERVICE

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

445/tcp   open  microsoft-ds

3389/tcp  open  ms-wbt-server

49154/tcp open  unknown

49159/tcp open  unknown

 

Nmap scan report for 172.16.88.124

Host is up (0.00055s latency).

Not shown: 949 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT   STATE SERVICE

22/tcp open  ssh

 

Nmap scan report for 172.16.88.126

Host is up (0.00031s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

100/tcp  open  newacct

443/tcp  open  https

800/tcp  open  mdbs_daemon

7443/tcp open  oracleas-https

 

Nmap scan report for 172.16.88.139

Host is up (0.00036s latency).

Not shown: 993 filtered tcp ports (no-response)

PORT     STATE  SERVICE

53/tcp   closed domain

85/tcp   closed mit-ml-dev

443/tcp  open   https

1021/tcp closed exp1

1022/tcp closed exp2

8000/tcp closed http-alt

8088/tcp closed radan-http

 

Nmap scan report for 172.16.88.145

Host is up (0.00038s latency).

Not shown: 993 filtered tcp ports (no-response)

PORT     STATE  SERVICE

53/tcp   closed domain

85/tcp   closed mit-ml-dev

443/tcp  open   https

1021/tcp closed exp1

1022/tcp closed exp2

8000/tcp closed http-alt

8088/tcp closed radan-http

 

Nmap scan report for 172.16.88.147

Host is up (0.00060s latency).

Not shown: 999 filtered tcp ports (no-response)

PORT    STATE  SERVICE

443/tcp closed https

 

Nmap scan report for 172.16.88.155

Host is up (0.00043s latency).

Not shown: 993 filtered tcp ports (no-response)

PORT     STATE  SERVICE

53/tcp   closed domain

85/tcp   closed mit-ml-dev

443/tcp  open   https

1021/tcp closed exp1

1022/tcp closed exp2

8000/tcp closed http-alt

8088/tcp closed radan-http

 

Nmap scan report for 172.16.88.156

Host is up (0.00089s latency).

Not shown: 985 closed tcp ports (reset)

PORT      STATE SERVICE

22/tcp    open  ssh

80/tcp    open  http

139/tcp   open  netbios-ssn

443/tcp   open  https

445/tcp   open  microsoft-ds

5432/tcp  open  postgresql

5555/tcp  open  freeciv

8088/tcp  open  radan-http

8089/tcp  open  unknown

8099/tcp  open  unknown

8443/tcp  open  https-alt

10001/tcp open  scp-config

10002/tcp open  documentum

20000/tcp open  dnp

60020/tcp open  unknown

 

Nmap scan report for 172.16.88.166

Host is up (0.00051s latency).

Not shown: 996 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

3306/tcp open  mysql

 

Nmap scan report for 172.16.88.167

Host is up (0.00047s latency).

Not shown: 996 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

3306/tcp open  mysql

 

Nmap scan report for 172.16.88.168

Host is up (0.00044s latency).

Not shown: 946 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE  SERVICE

22/tcp   closed ssh

80/tcp   open   http

443/tcp  open   https

8083/tcp open   us-srv

 

Nmap scan report for 172.16.88.170

Host is up (0.00060s latency).

Not shown: 995 filtered tcp ports (no-response)

PORT     STATE  SERVICE

80/tcp   open   http

443/tcp  open   https

514/tcp  open   shell

7443/tcp open   oracleas-https

8010/tcp closed xmpp

 

Nmap scan report for 172.16.88.172

Host is up (0.00029s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

3306/tcp open  mysql

8080/tcp open  http-proxy

9000/tcp open  cslistener

 

Nmap scan report for 172.16.88.175

Host is up (0.00055s latency).

Not shown: 946 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE  SERVICE

22/tcp   closed ssh

80/tcp   open   http

443/tcp  open   https

8083/tcp open   us-srv

 

Nmap scan report for 172.16.88.180

Host is up (0.00055s latency).

Not shown: 946 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT     STATE  SERVICE

22/tcp   closed ssh

80/tcp   open   http

443/tcp  open   https

8083/tcp open   us-srv

 

Nmap scan report for 172.16.88.181

Host is up (0.00039s latency).

Not shown: 987 closed tcp ports (reset)

PORT      STATE SERVICE

80/tcp    open  http

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

445/tcp   open  microsoft-ds

3306/tcp  open  mysql

3389/tcp  open  ms-wbt-server

8080/tcp  open  http-proxy

8254/tcp  open  unknown

49152/tcp open  unknown

49153/tcp open  unknown

49154/tcp open  unknown

49160/tcp open  unknown

49167/tcp open  unknown

 

Nmap scan report for 172.16.88.183

Host is up (0.00051s latency).

Not shown: 996 closed tcp ports (reset)

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.184

Host is up (0.00045s latency).

Not shown: 994 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

8200/tcp open  trivnet1

 

Nmap scan report for 172.16.88.186

Host is up (0.00034s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

8200/tcp open  trivnet1

 

Nmap scan report for 172.16.88.187

Host is up (0.00032s latency).

Not shown: 949 filtered tcp ports (no-response), 50 filtered tcp ports (host-prohibited)

PORT   STATE SERVICE

22/tcp open  ssh

 

Nmap scan report for 172.16.88.188

Host is up (0.00034s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

100/tcp  open  newacct

443/tcp  open  https

800/tcp  open  mdbs_daemon

7443/tcp open  oracleas-https

 

Nmap scan report for 172.16.88.189

Host is up (0.00031s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

100/tcp  open  newacct

443/tcp  open  https

800/tcp  open  mdbs_daemon

7443/tcp open  oracleas-https

 

Nmap scan report for 172.16.88.190

Host is up (0.00039s latency).

Not shown: 973 closed tcp ports (reset)

PORT      STATE SERVICE

21/tcp    open  ftp

22/tcp    open  ssh

23/tcp    open  telnet

53/tcp    open  domain

80/tcp    open  http

88/tcp    open  kerberos-sec

135/tcp   open  msrpc

139/tcp   open  netbios-ssn

389/tcp   open  ldap

443/tcp   open  https

445/tcp   open  microsoft-ds

464/tcp   open  kpasswd5

593/tcp   open  http-rpc-epmap

636/tcp   open  ldapssl

801/tcp   open  device

3268/tcp  open  globalcatLDAP

3269/tcp  open  globalcatLDAPssl

3306/tcp  open  mysql

3389/tcp  open  ms-wbt-server

9200/tcp  open  wap-wsp

49152/tcp open  unknown

49153/tcp open  unknown

49154/tcp open  unknown

49155/tcp open  unknown

49157/tcp open  unknown

49158/tcp open  unknown

49159/tcp open  unknown

 

Nmap scan report for 172.16.88.197

Host is up (0.00046s latency).

Not shown: 993 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

111/tcp  open  rpcbind

514/tcp  open  shell

5901/tcp open  vnc-1

5902/tcp open  vnc-2

6001/tcp open  X11:1

6002/tcp open  X11:2

 

Nmap scan report for 172.16.88.198

Host is up (0.00064s latency).

Not shown: 999 filtered tcp ports (no-response)

PORT    STATE SERVICE

443/tcp open  https

 

Nmap scan report for 172.16.88.199

Host is up (0.00043s latency).

Not shown: 996 closed tcp ports (reset)

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

3389/tcp open  ms-wbt-server

 

Nmap scan report for 172.16.88.200

Host is up (0.00050s latency).

Not shown: 950 filtered tcp ports (no-response), 49 filtered tcp ports (host-prohibited)

PORT     STATE SERVICE

4443/tcp open  pharos

 

Nmap scan report for 172.16.88.209

Host is up (0.00040s latency).

Not shown: 998 filtered tcp ports (no-response)

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

 

Nmap scan report for 172.16.88.213

Host is up (0.00028s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

100/tcp  open  newacct

443/tcp  open  https

800/tcp  open  mdbs_daemon

7443/tcp open  oracleas-https

 

Nmap scan report for 172.16.88.222

Host is up (0.00024s latency).

Not shown: 950 filtered tcp ports (no-response), 49 filtered tcp ports (host-prohibited)

PORT   STATE  SERVICE

22/tcp closed ssh

 

Nmap scan report for 172.16.88.241

Host is up (0.00045s latency).

Not shown: 979 closed tcp ports (reset)

PORT     STATE SERVICE

80/tcp   open  http

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

1025/tcp open  NFS-or-IIS

1026/tcp open  LSA-or-nterm

1027/tcp open  IIS

1028/tcp open  unknown

1030/tcp open  iad1

1031/tcp open  iad2

1032/tcp open  iad3

3389/tcp open  ms-wbt-server

8000/tcp open  http-alt

8001/tcp open  vcom-tunnel

8080/tcp open  http-proxy

8081/tcp open  blackice-icecap

8100/tcp open  xprint-server

8200/tcp open  trivnet1

8443/tcp open  https-alt

8888/tcp open  sun-answerbook

9101/tcp open  jetdirect

 

Nmap scan report for 172.16.88.243

Host is up (0.00031s latency).

Not shown: 982 filtered tcp ports (no-response)

PORT     STATE  SERVICE

22/tcp   open   ssh

80/tcp   open   http

139/tcp  open   netbios-ssn

443/tcp  open   https

445/tcp  open   microsoft-ds

3260/tcp closed iscsi

4000/tcp open   remoteanything

4001/tcp closed newoak

4002/tcp open   mlchat-proxy

4003/tcp closed pxc-splr-ft

4004/tcp closed pxc-roid

4005/tcp closed pxc-pin

4006/tcp closed pxc-spvr

7001/tcp closed afs3-callback

7002/tcp closed afs3-prserver

7004/tcp closed afs3-kaserver

7007/tcp closed afs3-bos

7019/tcp closed doceri-ctl

 

Nmap scan report for 172.16.88.251

Host is up (0.00032s latency).

Not shown: 998 filtered tcp ports (no-response)

PORT    STATE  SERVICE

80/tcp  closed http

500/tcp closed isakmp

 

Nmap scan report for 172.16.88.254

Host is up (0.0019s latency).

Not shown: 997 closed tcp ports (reset)

PORT    STATE SERVICE

22/tcp  open  ssh

80/tcp  open  http

443/tcp open  https

 

Nmap done: 256 IP addresses (59 hosts up) scanned in 126.31 seconds

 

4.端口扫描:

nmap -sT 172.16.88.90

扫描172.16.88.90这台主机开放了哪些端口:

 

[root@nmap ~]# nmap -sT 172.16.88.90

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 16:36 CST

Nmap scan report for 172.16.88.90

Host is up (0.0011s latency).

Not shown: 995 closed tcp ports (conn-refused)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

8081/tcp open  blackice-icecap

8082/tcp open  blackice-alerts

Nmap done: 1 IP address (1 host up) scanned in 13.28 seconds

 

5.隐藏扫描:

nmap -sS 172.16.88.90

只在目标主机上留下很少的日志信息:

 

[root@nmap ~]# nmap -sS 172.16.88.90

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 16:39 CST

Nmap scan report for 172.16.88.90

Host is up (0.0012s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/t​​cp  open  rpcbind

8081/tcp open  blackice-icecap

8082/tcp open  blackice-alerts

Nmap done: 1 IP address (1 host up) scanned in 13.29 seconds​

 

6.UDP端口扫描

nmap -PU 172.16.88.190

使用UDP扫描,nmap会发送一个空的报文到主机,如果返回则说明设备在线。通常我们只需要添加-PU即可实现udp扫描。

 

[root@nmap ~]# nmap -PU 172.16.88.90

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 17:03 CST

Nmap scan report for 172.16.88.90

Host is up (0.0023s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

8081/tcp open  blackice-icecap

8082/tcp open  blackice-alerts

Nmap done: 1 IP address (1 host up) scanned in 13.32 seconds

 

7.操作系统识别:

 nmap -sS -O 172.16.88.190

-sS半开扫描,不会计入被扫描主机日志,较隐蔽

-O操作系统扫描

 

[root@nmap ~]# nmap -sS -O  172.16.88.90

Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-27 17:00 CST

Nmap scan report for 172.16.88.90

Host is up (0.0026s latency).

Not shown: 995 closed tcp ports (reset)

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

8081/tcp open  blackice-icecap

8082/tcp open  blackice-alerts

Device type: general purpose

Running: Linux 2.6.X|3.X

OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3

OS details: Linux 2.6.32 - 3.13

Network Distance: 2 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 15.97 seconds

 

更多选项和示例,请参见手册页(https://nmap.org/book/man.html)