Linux generally does not automatically install NMAP commands using the Yum-y install nmap installation nmap command, provided that you have configured the Yum source.
Nmap Features:
Host detection
Port scan
Version detection
System detection
Supports the authoring of probe scripts
Nmap Command Detailed
nmap ip_address #nmap默认发送一个arp的ping数据包 to detect all open ports in the target host 1-10000 range [[email protected] scanport]# nmap 10.132.71.1 Starting Nmap 6.40 ( http:// nmap.org ) at 2017-11-17 10:20 CSTNmap scan report for 10.132.71.1host is up (0.00030s latency). Not shown: 987 closed portsport state service21/tcp open ftp135/tcp open msrpc139/tcp open netbios-ssn1027/tcp open iis1028/tcp open unknown1029/tcp open ms-lsa1031/tcp open iad22638/tcp open sybase3389/tcp open ms-wbt-server6059/tcp open x11:597001/tcp open afs3-callback8001/ Tcp open vcom-tunnel8089/tcp open unknownmac address: 5c:f3:fc:e4:81:40 (IBM) nmap done: 1 ip address (1 host up) scanned in 1.27 seconds[[email protected] scanport]#
The
-VV parameter Indicates the result verbose output
[[email protected] scanport]# nmap -vv 10.132.71.1 starting nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:21 cstinitiating arp ping Scan at 10:21Scanning 10.132.71.1 [1 port]Completed ARP Ping scan at 10:21, 0.02s elapsed (1 total hosts) Initiating Parallel dns resolution of 1 host. at 10:21completed parallel dns resolution of 1 host. at 10:21, 0.00s elapsedinitiating syn stealth scan at 10:21scanning 10.132.71.1 [1000 ports]discovered open port 21/tcp on 10.132.71.1discovered open port 139/tcp on 10.132.71.1discovered open port 3389/tcp on 10.132.71.1discovered open port 135/tcp on 10.132.71.1discOvered open port 1029/tcp on 10.132.71.1discovered open port 1028/tcp on 10.132.71.1Discovered open port 1031/tcp on 10.132.71.1Discovered Open port 8001/tcp on 10.132.71.1discovered open port 1027/tcp on 10.132.71.1discovered open port 7001/tcp on 10.132.71.1discovered open port 8089/tcp on 10.132.71.1Discovered open port 6059/tcp on 10.132.71.1discovered open port 2638/tcp on 10.132.71.1completed syn stealth scan at 10:21, 1.15s elapsed (1000 total ports) Nmap scan report for 10.132.71.1Host is up (0.00029s latency). Scanned at 2017-11-17 10:21:43 cst for 2snot shown: 987 closed portsport state service21/tcp open ftp135/tcp open msrpc139/tcp Open netbios-ssn1027/tcp open iis1028/tcp open unknown1029/tcp open ms-lsa1031/tcp open iad22638/tcp open sybase3389/tcp open ms-wbt-server6059/tcp open X11:597001/tcp open Afs3-callback8001/tcp open vcom-tunnel8089/tcp open unknownmac address: 5C:F3:FC:E4:81:40 (IBM) read data files from: /usr/bin/. /share/nmapnmap done: 1 ip address (1 host up) scanned in 1.26 seconds raw packets sent: 1082 (47.592KB) | Rcvd: 1001 (40.080KB) [[email protected] scanport]#
-P Custom Scanned port
For example, scan port 1-200
[Email protected] scanport]# nmap-p1-200 10.128.71.1 starting Nmap 6.40 (http://nmap.org) at 2017-11-17 10:26 Cstnmap Scan report for 10.128.71.1Host was up (0.00030s latency). Not shown:197 closed Portsport State service21/tcp open ftp135/tcp Open msrpc139/tcp open Netbios-ssnmac Address: 5c:f3:fc:e4:81:40 (IBM) Nmap done:1 IP address (1 host up) scanned in 0.15 seconds[[email protected] scanport]#
Example: specifying a specific port
[Email protected] scanport]# nmap-p135,136,137,139 10.128.71.1 starting Nmap 6.40 (http://nmap.org) at 2017-11-17 10:2 8 Cstnmap Scan Report for 10.128.71.1Host are up (0.0045s latency). PORT State service135/tcp Open msrpc136/tcp closed profile137/tcp closed netbios-ns139/tcp open Netbios-ssnmac Add Ress:5c:f3:fc:e4:81:40 (IBM) Nmap done:1 IP address (1 host up) scanned in 0.14 seconds[[email protected] scanport]#
-SP Specifies that the scan mode is ping (does not scan the port)
NMAP-SP ip_address #使用ping方式扫描 (no ports scanned)
Nmap--traceroute ip_address #路由跟踪
NMAP-SP xx.xx.xx.xx/24 #扫描一个网段 (using ping)
NMAP-SP 10.1.1.1-255 #也可以扫描一个网段 (using ping)
Nmap-st ip_address #TCP contect () port scan
Nmap-su IP_Address #UDP端口扫描
Nmap-ss ip_address #TCP同步 (SYN) port scan
nmap 10.1.1.1/24 #扫描一个网段使用默认端口扫描, results with the following script
#!/bin/bashfor i in {1..254} does nmap 10.128.71. $i >>scan.port Done
Nmap Probe Operating system type
Nmap-o IP_Address #扫描操作系统类型
Nmap-a ip_address #使用默认扫描, ping Scan, OS scan, script scan, route tracking, service detection, etc.
[[email protected] scanport]# nmap -a 10.128.71.1starting nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:46 cstnmap scan report for 10.128.71.1Host is up (0.00028s latency). not shown: 987 closed portsport state service VERSION21/tcp open ftp Microsoft ftpd| ftp-anon: Anonymous FTP login allowed (ftp code 230) | 07-21-12 03:03am <DIR> aspnet_client| 11-17-17 07:35am <dir> download|_12-13-12 10:31am&nbSp; 105984 \xd2\xbd\ xb1\xa3\xb2\xbf\xc3\xc5\xc8\xcb\xd4\xb1.xls135/tcp open msrpc Microsoft Windows RPC139/tcp open Netbios-ssn1027/tcp open msrpc microsoft Windows RPC1028/tcp open msrpc Microsoft Windows RPC1029/tcp open msrpc microsoft windows rpc1031/tcp open tcpwrapped2638/tcp open sybase?3389/tcp open ms-wbt-server microsoft terminal service6059/ tcp open tcpwrapped7001/tcp open http oracle weblogic&nBsp server (servlet 2.5; jsp 2.1) |_http-generator: weblogic server|_http-methods: No Allow or Public header in OPTIONS response (Status code 404) |_http-title: error 404--not found8001/tcp open http Oracle WebLogic Server (servlet 2.5; jsp 2.1) |_http-generator: weblogic server|_http-methods: no allow or public header in OPTIONS response (status code 404) |_http-title: error 404--not found8089/tcp open http microsoft iis httpd 6.0| http-methods: potentially risky methods: trace delete copy move propfind proppatch search mkcol lock unlock put|_see http://nmap.org/nsedoc/scripts/http-methods.html|_http-title: 10.128.71.1 - /mac address: 5c:f3:fc:e4:81:40 (IBM) Device type: general purposerunning: microsoft Windows XPOS CPE: cpe:/o:microsoft:windows_xp::sp2OS details: Microsoft windows xp sp2network distance: 1 hopservice info: os: windows; Cpe: cpe:/o:microsoft:windowshost script results:|_nbstat: netbios name: ld, NetBIOS user: <unknown>, NetBIOS MAC: 5c:f3:fc:e4:81:40 (IBM) | smb-os-discovery: | os: windows server 2003 3790 service pack 2 (windows server 2003 5.2) | os cpe: cpe:/o:microsoft :windows_server_2003::sp2| computer name: ld| netbios Computer name: ld| workgroup: workgroup|_ system time: 2017-11-17t10:50:02+08:00| Smb-security-mode: | account that was used for smb scripts : <blank>| user-level authentication| smb security: Challenge/response passwords supported|_ Message signing disabled ( Dangerous, but default) |_SMBV2-ENABLED:&NBSP;SERVER&NBSP;DOESN ' t support smbv2 protocoltraceroutehop rtt address1 0.28 ms 10.128.71.1os and service detection performed. please report any incorrect results at http://nmap.org/submit/ . nmap done: 1 ip address (1 host up) scanned in 89.36 seconds[[email protected] scanport]#
This article is from the "Night" blog, please be sure to keep this source http://liuqun.blog.51cto.com/3544993/1982726
How to scan open ports in a network segment using the NMAP port scan tool on Linux