Shulou(Shulou.com)05/31 Report--

This article is about what common tools such as port scanning are in network security. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

1.telnet

First of all, the simplest thing is that it is most convenient for telnet. Both linux and windows are applicable, and you can easily test whether the port is connected or not.

Note that the default telnet is off under window, and the control panel programs and functions can be used by selecting the Telnet client in the Windows function.

Format: telnet [- option] [IP or domain name] [port]

Example: telnet 8.8.8.8 22

Indicates that the port 22 of 8.8.8.8 is not open.

If the result is above, the port is open.

2.Netcat tool (nc command)

Nc is claimed to be the Swiss Army knife in the network tools, which is powerful and can do many things. Today we will introduce how to use it to do port scanning. If the system is not installed

Centos is installed through yum install nc.

Applicable format

Ncat [- option] [IP or domain name] [Port]

The important parameters are briefly introduced:

-4 ipv 6 denotes ipv 4 and ipv6 mode

-u indicates scanning UDP port. Default is TCP port.

The result of-o-x is output to a file, and x is represented in binary format.

-v the level of detail of the result can be more than one v, for example, the more the number of-vv & ampndash;vvv, the more detailed the result

-p & ampndash;s indicates that the scan source address and ip are specified.

-z table zero IO mode, indicating that no data is sent during the scan

-w seconds set timeout

Example: nc-vz-w 2 www.toutiao.com 80-443

The results show that port 80 is open.

3.nmap is the king of port scanning.

This official account has done the results of enterprise port scanning on the basis of nmap yesterday, so I will not repeat it any more. If necessary, I can introduce it in detail later.

Use the method nmap [- scan type] [- option] {scan targets can be files, ip,ip segments, domain names, etc.}

Example: nmap-T3-Pn-sV-p 1-35 80443 www.toutiao.com

Scan the home page of Jinri Toutiao with port 1-35 and 80443.

Nmap scan result

It can be seen that the Toutiao server has ports 80 and 443, and the server operating system is the Tengine of Taobao used by redhat's linux,web server.

4. The fastest tool for zmap scanning

If you are wide enough, it can scan all the IP,zmap detailed articles across the Internet in an hour. I'll introduce it later. Here's just an example:

Use method zmap [- option]-p port [ip or subnet]

The-p port followed by the port indicates the port. This must be an item that supports tcp,udp port scanning. Note that zmap only supports the single port option.

-I Network card if your network card is not the default ech0, etc., you need to specify the network card manually.

-o the file name result is output to a file.

Example: zmap-p 443 117.135.168.141ax 24

We scan the same 24 Ip addresses of the domain name resolution IP of Jinri Toutiao www.toutiao.com

The results show that there are many 443 disconnections in this segment, indicating that the service of the https service is on, and the query is based on the attribution of Ip.

It should be the Shanghai Mobile computer room. It is estimated that this is the CDN computer room of Jinri Toutiao.

5. Masscan "bear palm fish scanner"

Nmap scan is detailed, the result is accurate, but the scan is slow; zmap scan is extremely fast, but can only be single-port, the result is simple, high false alarm rate, only suitable for initial scanning. So is there a fast, accurate and detailed scanner for both bear paw and fish, let's call it a "bear palm fish scanner"? In fact, you can zmap+nmap to do, in fact, the author is to use a combination of them, in the future if necessary, will be introduced. The "bear palm fish scanner" introduced today is Masscan.

Use method masscan-p port (multiple ip support, split, support-table is range) [ip or subnet]

Example masscan-p80,443 Magi 8080-8100 117.135.168.141 Universe 24

The results show that this IP segment has opened many ports of 80 8080 and 443.

Catch http headers through the browser, 8080 is also open, is a live_stream server, estimated to be a live streaming server.

Thank you for reading! This is the end of this article on "what are the common tools for port scanning in network security?" I hope the above content can be of some help to you, so that you can learn more knowledge. If you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.