Shulou(Shulou.com)06/02 Report--

Engaged in the work of IT, whether it is development or operation and maintenance, when testing some system service ports, you will always encounter TCP or UDP protocols. As we all know, TCP service ports can be tested remotely through telnet, while UDP ports generally use Nmap, whether in linux or windows environments.

Nmap software under windows has a graphical interface and command-line mode, but most people who use skilled people prefer command-line mode because it is easy and fast to operate.

Download address:

Https://nmap.org/download.html

After installation on windows, run directly to open the graphical interface

How do I use command mode?

1. Cmd,cd directly to the installation directory and execute the nmap command

2. Modify the environment variable so that nmap can be executed at any time

On my computer-Properties-Advanced-Environment variable environment variables-system variables-path

Path path modification: add a complete installation directory path, separated by a semicolon.

% SystemRoot%\ system32;%SystemRoot%;%SystemRoot%\ System32\ Wbem;%SYSTEMROOT%\ System32\ WindowsPowerShell\ v1.0\; E:\ software\ BIND9.11.1.x64;C:\ Program Files (x86)\ Nmap

Test command line scan udp port

Open xshell or cmd

Scan udp port 53 of dns 114.114.114.114 and the port state is closed

Scan udp port 53 of dns 8.8.8.8 and the result is that the port state is up

Of course, you can also scan the tcp port of the site.

Under the command line, enter nmap directly to view the specific command instructions.

[C:\] $nmap

Nmap 6.46 (http://nmap.org)

Usage: nmap [Scan Type (s)] [Options] {target specification}

TARGET SPECIFICATION:

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL: Input from list of hosts/networks

-iR: Choose random targets

-- exclude: Exclude hosts/networks

-- excludefile: Exclude list from file

HOST DISCOVERY:

-sL: List Scan-simply list targets to scan

-sn: Ping Scan-disable port scan

-Pn: Treat all hosts as online-- skip host discovery

-PS/PA/PU/PY [portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports

-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes

-PO [protocol list]: IP Protocol Ping

-default Murr: Never do DNS resolution/Always resolve [default: Murr]

-- dns-servers: Specify custom DNS servers

-- system-dns: Use OS's DNS resolver

-- traceroute: Trace hop path to each host

SCAN TECHNIQUES:

-sS/sT/sA/sW/sM: TCP SYN/Connect () / ACK/Window/Maimon scans

-sU: UDP Scan

-sN/sF/sX: TCP Null, FIN, and Xmas scans

-- scanflags: Customize TCP scanflags

-sI: Idle scan

-sY/sZ: SCTP INIT/COOKIE-ECHO scans

-sO: IP protocol scan

-b: FTP bounce scan

PORT SPECIFICATION AND SCAN ORDER:

-p: Only scan specified ports

Ex:-p22;-p1-65535;-p Upura 53, 111, 137, 80, 139, 8080, 9.

-F: Fast mode-Scan fewer ports than the default scan

-r: Scan ports consecutively-don't randomize

-- top-ports: Scan most common ports

-- port-ratio: Scan ports more common than

SERVICE/VERSION DETECTION:

-sV: Probe open ports to determine service/version info

-- version-intensity: Set from 0 (light) to 9 (try all probes)

-- version-light: Limit to most likely probes (intensity 2)

-version-all: Try every single probe (intensity 9)

-- version-trace: Show detailed version scan activity (for debugging)

SCRIPT SCAN:

-sC: equivalent to-- script=default

-- script=: is a comma separated list of

Directories, script-files or script-categories

-- script-args=: provide arguments to scripts

-- script-args-file=filename: provide NSE script args in a file

-- script-trace: Show all data sent and received

Script-updatedb: Update the script database.

-- script-help=: Show help about scripts.

Is a comma-separated list of script-files or

Script-categories.

OS DETECTION:

-O: Enable OS detection

-- osscan-limit: Limit OS detection to promising targets

-- osscan-guess: Guess OS more aggressively

TIMING AND PERFORMANCE:

Options which take are in seconds, or append 'ms' (milliseconds)

's' (seconds),'m' (minutes), or 'h' (hours) to the value (e.g. 30m).

-T: Set timing template (higher is faster)

-- min-hostgroup/max-hostgroup: Parallel host scan group sizes

-- min-parallelism/max-parallelism: Probe parallelization

-- min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Specifies

Probe round trip time.

Max-retries: Caps number of port scan probe retransmissions.

-- host-timeout: Give up on target after this long

-- scan-delay/--max-scan-delay: Adjust delay between probes

-- min-rate: Send packets no slower than per second

-- max-rate: Send packets no faster than per second

FIREWALL/IDS EVASION AND SPOOFING:

-f;-mtu: fragment packets (optionally w/given MTU)

-D: Cloak a scan with decoys

-S: Spoof source address

-e: Use specified interface

-g/--source-port: Use given port number

-- proxies: Relay connections through HTTP/SOCKS4 proxies

-- data-length: Append random data to sent packets

-- ip-options: Send packets with specified ip options

-- ttl: Set IP time-to-live field

-- spoof-mac: Spoof your MAC address

-- badsum: Send packets with a bogus TCP/UDP/SCTP checksum

OUTPUT:

-oN/-oX/-oS/-oG: Output scan in normal, XML, s |

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.