Shulou(Shulou.com)06/01 Report--

Nmap is a very useful tool for network scanning and host detection, suitable for Winodws and Linux systems, and supports a variety of scanning technologies.

NMAP is mainly used in Linux environment. It is not installed by default in RHEL. After configuring the yum source, install NMAP.

[root@localhost ~] # yum install nmap

NMAP syntax:

Nmap

Operation demonstration:

(1) detect the surviving hosts in the network

Nmap-sP 192.168.80.0swap 24

The "- sP" option means to scan in ping mode without further testing (such as port scanning or operating system probe), which is very suitable for detecting living hosts in the network.

[root@localhost] # nmap-sP 192.168.80.0 Universe 24

Starting Nmap 4.11 (http://www.insecure.org/nmap/) at 2014-10-21 13:29 CST

Host 192.168.80.1 appears to be up.

MAC Address: 00:50:56:C0:00:08 (VMWare)

Host 192.168.80.2 appears to be up.

MAC Address: 00:50:56:F6:C1:1A (VMWare)

Host 192.168.80.128 appears to be up.

MAC Address: 00:0C:29:3D:B0:4E (VMware)

Host 192.168.80.130 appears to be up.

Host 192.168.80.254 appears to be up.

MAC Address: 00:50:56:FB:E4:16 (VMWare)

Nmap finished: 256 IP addresses (5 hosts up) scanned in 9.069 seconds

(2) scan a specific host

Nmap-sS-O 192.168.80.128

The "- sS" option indicates that the SYN scan is performed, and the-O option indicates that the remote operating system is identified.

[root@localhost] # nmap-sS-O 192.168.80.128

Starting Nmap 4.11 (http://www.insecure.org/nmap/) at 2014-10-21 14:54 CST

Interesting ports on 192.168.80.128:

Not shown: 1674 closed ports

PORT STATE SERVICE

80/tcp open http

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

1025/tcp open NFS-or-IIS

3389/tcp open ms-term-serv

MAC Address: 00:0C:29:3D:B0:4E (VMware)

Device type: general purpose

Running: Microsoft Windows 2003/.NET

OS details: Microsoft Windows 2003 Server SP1

Nmap finished: 1 IP address (1 host up) scanned in 5.384 seconds

(3) scan hosts with open designated ports

Feel free to find an address field in the public network and scan which hosts have opened port 3389.

Nmap-sS-p 3389-oG-221.0.90.0 Universe 24 | grep open

The "- p" option specifies the port, and the "- oG" option indicates that information is recorded in a format that is easy to retrieve, that is, each host records all information on a separate line.

[root@localhost ~] # nmap-sS-p 3389-oG-221.0.90.0Univer 24 | grep open

Host: 221.0.90.34 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.51 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.57 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.100 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.109 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.167 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.200 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.204 () Ports: 3389/open/tcp//ms-term-serv///

Host: 221.0.90.221 () Ports: 3389/open/tcp//ms-term-serv///

In the scan results of nmap, the status of each port may be: open, filtered, unfiltered.

Open status means that the port is open

The filtered status indicates that the port is covered by a firewall or network security software, preventing nmap from detecting whether it is open or not.

Unfiltered indicates that the port is down.

Nmap has a lot of uses and powerful functions, and it's just a brick to attract jade. In addition, nmap can also be used in Windows, but it doesn't feel as powerful as Linux.

For example, using nmap to scan specific hosts in Windows

Scan result

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.