Shulou(Shulou.com)06/01 Report--

How to use the nmap host, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Let's take a look at how to use nmap

Ping scanning

Option parameter-sP

Can show the online host, and then echo to make the corresponding host.

Advantages: with ping scanning, the target information can be easily obtained without being easily discovered. It will not return too much information to interfere with the analysis.

[root@xinsz08] # nmap-sP 192.168.1.102

Starting Nmap 7.60 (https://nmap.org) at 2017-10-11 12:37 CST

Nmap scan report for 192.168.1.1

Host is up (0.011s latency).

MAC Address: 1C:60:DE:BE:D6:38 (Shenzhen Mercury Communication Technologies)

Nmap scan report for 192.168.1.104 # found the surviving host 104

Host is up (0.00010s latency). # make sure that the current host is alive

MAC Address: MAC address of 7A:20:0B:97:C8:FC (Unknown) # host

Nmap scan report for 192.168.1.105

Host is up (0.000082s latency).

MAC Address: 00:0C:29:23:88:15 (VMware)

Nmap scan report for 192.168.1.102

Host is up.

Nmap done: 256 IP addresses (4 hosts up) scanned in 2.10 seconds

two。 No ping scan

If the other party turns on the firewall, sometimes we need to determine which host is running if the firewall forbids ping.

Parameter options:

-P0 can penetrate the firewall and avoid being discovered by the firewall as much as possible

Note: the second is not the letter, but the number 0

[root@xinsz08] # nmap-P0 192.168.1.104

Starting Nmap 7.60 (https://nmap.org) at 2017-10-11 12:48 CST

Nmap scan report for 192.168.1.104

Host is up (0.00021s latency).

Not shown: 991 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

443/tcp open https

445/tcp open microsoft-ds

902/tcp open iss-realsecure

912/tcp open apex-mesh

2869/tcp open icslap

3306/tcp open mysql

5357/tcp open wsdapi

MAC Address: 7A:20:0B:97:C8:FC (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.45 seconds

In general, we will also specify the nmap protocol. If we do not specify the nmap protocol, we will default to use the protocol 1, 2, 4, 4.

The agreement on nmap is as follows:

TCP: the corresponding agreement number is 6

ICMP: the corresponding agreement number is 1

IGMP: the corresponding agreement number is 2

UDP: the corresponding agreement number is 17

So we can specify the protocol to send packets to the target host to determine whether the target host is online.

[root@xinsz08] # nmap-P06 baidu.com

Starting Nmap 7.60 (https://nmap.org) at 2017-10-11 12:56 CST

Nmap scan report for baidu.com (111.13.101.208)

Host is up (0.030s latency).

Other addresses for baidu.com (not scanned): 220.181.57.217 123.125.114.144

Not shown: 998 filtered ports

PORT STATE SERVICE

80/tcp open http

443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 4.60 seconds

3. Route Trackin

Using-- traceroute for route tracking, you can easily find out the network nodes passing from the local computer to the target host.

[root@xinsz08] # nmap-- traceroute-v www.baidu.com

Starting Nmap 7.60 (https://nmap.org) at 2017-10-11 14:03 CST

Initiating Ping Scan at 14:03

Scanning www.baidu.com (119.75.216.20) [4 ports]

# resolve Baidu server address here

Completed Ping Scan at 14:03, 0.05s elapsed (1 total hosts)

(omit part of the text)

Nmap scan report for www.baidu.com (119.75.216.20)

Host is up (0.0092s latency).

Other addresses for www.baidu.com (not scanned): 119.75.213.61

Not shown: 998 filtered ports

PORT STATE SERVICE

80/tcp open http

443/tcp open https

TRACEROUTE (using port 80/tcp)

# through port 80 of Baidu server

HOP RTT ADDRESS

1 1.92 ms 192.168.1.1

2 3.42 ms 100.83.48.1

3 6.30 ms 10.128.130.36

4 6.12 ms 10.128.130.41

5 4.80 ms 10.11.68.1

6 8.60 ms 103.216.40.11

7... 9

10 5.29 ms 119.75.216.20

Nmap done: 1 IP address (1 host up) scanned in 7.29 seconds

Raw packets sent: 2021 (88.900KB) | Rcvd: 13 (660B)

There are many ways for nmap to discover host survival. Here we list three, any one of which can be used in daily work.

After reading the above, have you mastered how to use the nmap host? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.