网络扫描和嗅探工具包nmap

NMap，即Network Mapper，网络扫描和嗅探工具包。检测主机在线、操作系统，扫描端口。

安装nmap，安装光盘的rpm包所在目录就有，比如centos：

[root@searu ~]# cd /media/CentOS_5.5_Final/CentOS

[root@searu CentOS]# ls | grep nmap

[root@searu CentOS]# rpm -i nmap-4.11-1.1.i386.rpm

 

探测主机在线状况，ping。

[root@searu CentOS]# nmap -sP 192.168.1.1-111

[root@searu CentOS]# nmap -sP 192.168.1.0/24

 

使用UDP协议探测主机，ping。

[root@searu ~]# nmap -PU 192.168.1.0/24

 

探测目标主机端口。

[root@searu ~]# nmap -PS 192.168.1.111

[root@searu ~]# nmap -PS 192.168.1.111

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-07-18 22:04 CST

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns_servers

Interesting ports on 192.168.1.111:

Not shown: 1676 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

912/tcp open unknown

MAC Address: 90:FB:A6:3F:BC:6C (Unknown)

Nmap finished: 1 IP address (1 host up) scanned in 1.569 seconds

[root@searu ~]#

TCP扫描。

[root@searu ~]# nmap -sT 192.168.1.0/24

TCP的SYN扫描，半握手。

[root@searu ~]# nmap -sS 192.168.1.0/24

 

UDP扫描。

[root@searu ~]# nmap -sU 192.168.1.0/24

探测目标机支持的IP协议。

[root@searu ~]# nmap -sO 192.168.1.111

[root@searu ~]# nmap -sO 192.168.1.111

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-07-18 22:21 CST

Interesting protocols on 192.168.1.111:

Not shown: 248 closed protocols

PROTOCOL STATE SERVICE

1 open icmp

2 open|filtered igmp

4 open|filtered ip

6 open tcp

17 filtered udp

41 open|filtered ipv6

50 open|filtered esp

51 open|filtered ah

MAC Address: 90:FB:A6:3F:BC:6C (Unknown)

Nmap finished: 1 IP address (1 host up) scanned in 45.440 seconds

[root@searu ~]#

探测目标主机的操作系统。

[root@searu ~]# nmap -O 192.168.1.1

[root@searu ~]# nmap -O 192.168.1.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-07-18 22:27 CST

Interesting ports on 192.168.1.1:

Not shown: 1678 closed ports

PORT STATE SERVICE

80/tcp open http

1900/tcp open UPnP

MAC Address: 74:EA:3A:1E:A7:D6 (Unknown)

Device type: general purpose

Running: Linux 2.6.X

OS details: Linux 2.6.5 – 2.6.11

Uptime 0.447 days (since Mon Jul 18 11:43:29 2011)

Nmap finished: 1 IP address (1 host up) scanned in 2.733 seconds

[root@searu ~]#

获取远程主机的端口信息和识别主机操作系统。

[root@searu ~]# nmap -sS -P0 -sV -O <target>

<target>可以是独立IP，主机名，或一个子网

寻找一个给定子网中未使用的ip地址。

[root@searu ~]# nmap -T4 -sP 192.168.1.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp

获取网络中所有存活的主机。

[root@searu ~]# nmap -sP 192.168.1.*

[root@searu ~]# nmap -sP 192.168.1.0/24