How to scan open ports in a network segment using the NMAP port scan tool on Linux

Source: Internet
Author: User
Tags nmap port scan nmap commands

Linux generally does not automatically install NMAP commands using the Yum-y install nmap installation nmap command, provided that you have configured the Yum source.

Nmap Features:

Host detection

Port scan

Version detection

System detection

Supports the authoring of probe scripts

    1. Nmap Command Detailed

nmap ip_address    #nmap默认发送一个arp的ping数据包 to detect all open ports in the target host 1-10000 range [[email protected]  scanport]# nmap  Starting Nmap 6.40  ( http:// )  at 2017-11-17 10:20 CSTNmap scan report for is up  (0.00030s latency). Not shown: 987 closed portsport     state service21/tcp    open  ftp135/tcp  open  msrpc139/tcp  open   netbios-ssn1027/tcp open  iis1028/tcp open  unknown1029/tcp open   ms-lsa1031/tcp open  iad22638/tcp open  sybase3389/tcp open   ms-wbt-server6059/tcp open  x11:597001/tcp open  afs3-callback8001/ Tcp open  vcom-tunnel8089/tcp open  unknownmac address: 5c:f3:fc:e4:81:40  (IBM) nmap done: 1 ip address  (1 host up)  scanned  in 1.27 seconds[[email protected] scanport]#


-VV parameter Indicates the result verbose output

[[email protected] scanport]# nmap -vv starting nmap 6.40   ( )  at 2017-11-17 10:21 cstinitiating arp ping  Scan at 10:21Scanning [1 port]Completed ARP Ping  scan at 10:21, 0.02s elapsed  (1 total hosts) Initiating Parallel  dns resolution of 1 host. at 10:21completed parallel dns  resolution of 1 host. at 10:21, 0.00s elapsedinitiating syn  stealth scan at 10:21scanning [1000 ports]discovered open  port 21/tcp on open port 139/tcp on open port 3389/tcp on open port  135/tcp on open port 1029/tcp on open port 1028/tcp  on open port 1031/tcp on  Open port 8001/tcp on open port 1027/tcp on open port 7001/tcp on open  port 8089/tcp on open port 6059/tcp on open port 2638/tcp on syn  stealth scan at 10:21, 1.15s elapsed  (1000 total ports) Nmap scan  report for is up  (0.00029s latency). Scanned at 2017-11-17 10:21:43 cst for 2snot shown: 987 closed  portsport     state  service21/tcp   open  ftp135/tcp  open  msrpc139/tcp   Open  netbios-ssn1027/tcp open  iis1028/tcp open  unknown1029/tcp  open  ms-lsa1031/tcp open  iad22638/tcp open  sybase3389/tcp  open  ms-wbt-server6059/tcp open  X11:597001/tcp open   Afs3-callback8001/tcp open  vcom-tunnel8089/tcp open  unknownmac address:  5C:F3:FC:E4:81:40  (IBM) read data files from: /usr/bin/. /share/nmapnmap done: 1 ip address  (1 host up)  scanned in  1.26 seconds           raw packets sent:  1082  (47.592KB)  | Rcvd: 1001  (40.080KB) [[email protected] scanport]#

-P Custom Scanned port

For example, scan port 1-200

[Email protected] scanport]# nmap-p1-200 starting Nmap 6.40 ( at 2017-11-17 10:26 Cstnmap Scan report for was up (0.00030s latency). Not shown:197 closed Portsport State service21/tcp open ftp135/tcp Open msrpc139/tcp open Netbios-ssnmac Address: 5c:f3:fc:e4:81:40 (IBM) Nmap done:1 IP address (1 host up) scanned in 0.15 seconds[[email protected] scanport]#

Example: specifying a specific port

[Email protected] scanport]# nmap-p135,136,137,139 starting Nmap 6.40 ( at 2017-11-17 10:2 8 Cstnmap Scan Report for are up (0.0045s latency). PORT State service135/tcp Open msrpc136/tcp closed profile137/tcp closed netbios-ns139/tcp open Netbios-ssnmac Add Ress:5c:f3:fc:e4:81:40 (IBM) Nmap done:1 IP address (1 host up) scanned in 0.14 seconds[[email protected] scanport]#

-SP Specifies that the scan mode is ping (does not scan the port)

NMAP-SP ip_address #使用ping方式扫描 (no ports scanned)

Nmap--traceroute ip_address #路由跟踪

NMAP-SP xx.xx.xx.xx/24 #扫描一个网段 (using ping)

NMAP-SP #也可以扫描一个网段 (using ping)

Nmap-st ip_address #TCP contect () port scan

Nmap-su IP_Address #UDP端口扫描

Nmap-ss ip_address #TCP同步 (SYN) port scan

nmap #扫描一个网段使用默认端口扫描, results with the following script

#!/bin/bashfor i in {1..254} does nmap 10.128.71. $i >>scan.port Done

Nmap Probe Operating system type

Nmap-o IP_Address #扫描操作系统类型

Nmap-a ip_address #使用默认扫描, ping Scan, OS scan, script scan, route tracking, service detection, etc.

[[email protected] scanport]# nmap -a nmap 6.40  ( )  at 2017-11-17 10:46 cstnmap scan report for is up  (0.00028s latency). not shown: 987 closed portsport     state service        VERSION21/tcp   open  ftp            Microsoft ftpd| ftp-anon: Anonymous FTP  login allowed  (ftp code 230) | 07-21-12  03:03am        <DIR>          aspnet_client|  11-17-17  07:35am       <dir>           download|_12-13-12  10:31am&nbSp;              105984 \xd2\xbd\ xb1\xa3\xb2\xbf\xc3\xc5\xc8\xcb\xd4\xb1.xls135/tcp  open  msrpc          Microsoft Windows RPC139/tcp  open   Netbios-ssn1027/tcp open  msrpc         microsoft  Windows RPC1028/tcp open  msrpc          Microsoft Windows RPC1029/tcp open  msrpc          microsoft windows rpc1031/tcp open  tcpwrapped2638/tcp open   sybase?3389/tcp open  ms-wbt-server microsoft terminal service6059/ tcp open  tcpwrapped7001/tcp open  http           oracle weblogic&nBsp server  (servlet 2.5; jsp 2.1) |_http-generator: weblogic server|_http-methods:  No Allow or Public header in OPTIONS response  (Status code  404) |_http-title: error 404--not found8001/tcp open  http           Oracle WebLogic Server  (servlet 2.5;  jsp 2.1) |_http-generator: weblogic server|_http-methods: no allow or public  header in OPTIONS response  (status code 404) |_http-title: error  404--not found8089/tcp open  http           microsoft iis httpd 6.0| http-methods: potentially risky methods:  trace delete copy move propfind proppatch search mkcol lock  unlock put|_see|_http-title: - /mac  address: 5c:f3:fc:e4:81:40  (IBM) Device type: general purposerunning: microsoft  Windows XPOS CPE: cpe:/o:microsoft:windows_xp::sp2OS details: Microsoft  windows xp sp2network distance: 1 hopservice info: os: windows;  Cpe: cpe:/o:microsoft:windowshost script results:|_nbstat: netbios name: ld,  NetBIOS user: <unknown>, NetBIOS MAC: 5c:f3:fc:e4:81:40  (IBM) |  smb-os-discovery: |   os: windows server 2003 3790 service  pack 2  (windows server 2003 5.2) |   os cpe: cpe:/o:microsoft :windows_server_2003::sp2|   computer name: ld|   netbios  Computer name: ld|   workgroup: workgroup|_  system time: 2017-11-17t10:50:02+08:00|  Smb-security-mode: |   account that was used for smb scripts :  <blank>|   user-level authentication|   smb security:  Challenge/response passwords supported|_  Message signing disabled  ( Dangerous, but default) |_SMBV2-ENABLED:&NBSP;SERVER&NBSP;DOESN ' t support smbv2  protocoltraceroutehop rtt     address1   0.28 ms and service detection performed. please report any  incorrect results at . nmap done: 1 ip address  (1 host up)  scanned in 89.36  seconds[[email protected] scanport]#

This article is from the "Night" blog, please be sure to keep this source

How to scan open ports in a network segment using the NMAP port scan tool on Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.