Shulou(Shulou.com)06/01 Report--

Namp is very powerful.

Determine the status of the host behind the firewall

Nmap-sP IP or network segment

Parameter explanation:

-sP ping scan. The status of the host is judged by sending a specific ICMP message and according to the response information returned.

two。 Port scan

Nmap supports a variety of scanning methods, T scan, SYN scan, to NULL scan, Xmas scan and FIN mark bit scan and so on.

The commonly used better method is SYN semi-open scanning. The specific commands are as follows:

Nmap-vv-sS IP

Parameter explanation:

-vv shows the detailed scanning process. This is optional:

-sS uses SYN semi-open scanning, which makes the scanning results more accurate. It is much more accurate than tools such as Xscan that use connect scanning.

3. Operating system fingerprint recognition

Nmap-O IP

Parameter explanation:

-O this parameter is mainly used to judge the operating system currently being used by remote hosts. Through the built-in operating system fingerprint library, nmap can easily judge the vast majority of different types of operating systems and network devices in the world.

Nmap advanced scanning function

Delay strategy

Using the suboption of the-T parameter, you can effectively control the scan time of the Nmap:

Nmap-sS IP-T (0-5)

Parameter explanation:

-T sets the timely policy for nmap. The following are sub-options, corresponding to 0-5 digits:

0 is the Paranoid mode. In order to avoid the detection of IDS, the scanning speed is extremely slow. Nmap serial all scans. Send a packet at least every 5 minutes

1 is Sneaky mode. It's about the same. It's just that the sending interval of the packet is 15 seconds.

2 is Polite mode. Do not increase too much network load to prevent dang from losing the target host. Serial each probe with an interval of 0.4 seconds for each probe

3 is Normal mode. Nmap default option to scan as quickly as possible without overloading the network or losing the host / port

4 is Aggresive mode. Set a timeout limit of 5 minutes, and the scanning time for each host does not exceed 1.5 seconds.

5 is Insane mode. It is only suitable for fast networks or does not care about losing some information, and the timeout limit for each host is 75 seconds. Wait only 0.3 seconds for each probe.

two。 Service version identification

Version identification is very useful, corresponding to the vulnerabilities of the version.

Namp-vv-sV IP

Parameter explanation:

-sV probe detailed service version number

-p specify a port, "," specify multiple ports, "-" specify multiple consecutive ports

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.