Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use nmap". Friends who are interested might as well take a look. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn how to use nmap.

Name:

Nmap- Network Detection and Security scanning tool

The main functions of nmap are:

Detect whether the host is online, scan the host open ports and sniff network services for network detection and security scanning.

NMap supports many scanning techniques, such as UDP, TCPconnect (), TCPSYN (half open scan), ftp proxy (bounce attack), reverse flag, ICMP, FIN, ACK scan, SYN scan and null scan.

Command format: Nmap [scan Type] [General options] {scan Target description}

Scan type:

-sTTCP connect () scanning, which is the most basic TCP scanning method, is used to establish a TCP connection. If it succeeds, it is considered that the target port is listening, otherwise it is considered that there is no listener on the target port. This scan is easily detected and a large number of connection requests and error messages are recorded in the log of the target host. -sSTCP synchronous scan (TCP SYN), which only sends SYN packets to the destination. If a SYN/ACK response packet is received, the destination port is considered to be listening and immediately disconnected; otherwise, the destination port is considered to have no listener. So this technique is often called semi-open scan (half-open). The biggest advantage of this technology is that few systems can log this in the system log. However, you need root permission to customize SYN packets.

-sAACK scanning, an advanced scanning method that can usually be used to penetrate firewalls.

-sW sliding window scanning, which is very similar to ACK scanning.

-sRRPC scanning, used in conjunction with other different port scanning methods.

-bFTP bounce attack (bounce attack), connect to a FTP server behind the firewall as a proxy, and then perform a port scan.

Scan target:

The destination address can be IP address, CIRD address, etc. For example, 192.168.1.2222.247.54.5/24-iL filename reads the target of the scan from the filename file. -iR lets nmap randomly select hosts to scan.

Example:

[root@xinsz08~] # nmap 192.168.1.12

StartingNmap 5.21 (http://nmap.org) at 2015-08-16 20:38 CST

Nmapscan report for xinsz08.cn (192.168.1.12)

Hostis up (0.000029s latency).

Notshown: 998 closed ports

PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

Nmapdone: 1 IP address (1 host up) scanned in 1.41 seconds

View details:

Example 1: scan a machine to see the port it opens

[root@xinsz08Desktop] # nmap-v xuegod64.cn

StartingNmap 5.21 (http://nmap.org) at 2014-12-30 20:50 CST

InitiatingARP Ping Scan at 20:50

Scanningxuegod64.cn (192.168.1.64) [1 port]

CompletedARP Ping Scan at 20:50, 0.04s elapsed (1 total hosts)

InitiatingSYN Stealth (stealth) Scan at 20:50

Scanningxuegod64.cn (192.168.1.64) [1000 ports] # scan xuegod64,1000 ports

Discovered open port 111/tcp on 192.168.1.64

Discovered open port 22/tcp on 192.168.1.64

CompletedSYN Stealth Scan at 20:50, 1.30s elapsed (1000total ports)

Nmapscan report for xuegod64.cn (192.168.1.64)

Hostis up (0.00054s latency).

Notshown: 998 closed ports

PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

At this point, I believe you have a deeper understanding of "how to use nmap". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.