Linux LAN probing tool nmap

Source: Internet
Author: User

NMap, also known as Network Mapper, is the Web scan and sniffer toolkit under Linux, with three basic functions,

One is to detect whether a group of hosts is online;

The second is to scan the host port, sniffing the network services provided;

You can also infer the operating system used by the host.

Nmap can be used to scan a LAN with only two nodes up to 500 nodes above the network. Nmap also allows users to customize scanning techniques. Typically, a simple ping using the ICMP protocol can meet general requirements, or you can drill down into UDP or TCP ports until the operating system is used by the host, and you can log all the probe results to a variety of formats for further analysis.
Perform a ping scan to print a host that responds to the scan without further testing (such as port scanning or operating system probing):

NMAP-SP 192.168.1.0/24

Lists only each host on the specified network and does not send any messages to the target host:

NMAP-SL 192.168.1.0/24

To probe open ports on the target host, you can specify a comma-delimited list of ports (such as-ps22,23,25,80):

Nmap-ps 192.168.1.234

To probe a host using UDP ping:

Nmap-pu 192.168.1.0/24

The most Frequently used scan option: A SYN Scan, also known as a semi-open scan, does not open a full TCP connection and executes quickly:

Nmap-ss 192.168.1.0/24

When the SYN scan is unavailable, the TCP Connect () scan is the default TCP scan:

nmap-st 192.168.1.0/24

UDP scanning with the-SU option, the UDP scan sends an empty (no data) UDP header to each destination port:

Nmap-su 192.168.1.0/24

Determine which IP protocols are supported by the target machine (TCP,ICMP,IGMP, etc.):

nmap-so 192.168.1.19

To probe the target host's operating system:

Nmap-o 192.168.1.19

nmap-a 192.168.1.19

In addition, NMAP official documents in the example:

Nmap-v scanme.nmap.org

This option scans all reserved TCP ports in the host scanme.nmap.org. Option-V enables detail mode.

Nmap-ss-o scanme.nmap.org/24

For a secret SYN scan, the object is 255 hosts for the "Class C" network segment where the host Saznme resides. Try to determine the operating system type of each work host at the same time. Because of SYN scanning and operating system detection, this scan requires root permissions.

Nmap-sv-p 22,53,110,143,4564 198.116.0-255.1-127

For host enumeration and TCP scan, the object is 255 8-bit subnets in Class B 188.116 segment. This test is used to determine whether the system is running sshd, DNS, IMAPD, or 4564 ports. If these ports are open, version detection will be used to determine which of the applications are running.

Nmap-v-ir 100000-p0-p 80

Randomly select 100000 hosts to scan whether the Web server (80 port) is running. Sending probe packets from the start phase to determine if the host is working is a waste of time, and only one port of the host is detected, so use-P0 to disallow the host list.

Nmap-p0-p80-ox Logs/pb-port80scan.xml-og Logs/pb-port80scan.gnmap 216.163.128.20/20

Scan 4,096 IP addresses, find the Web server (without pinging), and save the results in grep and XML format.

Host-l company.com | Cut-d-F 4 | Nmap-v-il-

Make a DNS zone transfer to discover the hosts in the company.com, and then provide the IP address to Nmap. The above commands are used for GNU Nux--other systems have different commands for zone transfers.

Other options:

-P <port ranges> (only the specified ports are scanned)

A single port and a range of ports, such as 1-1023, can be represented by hyphens. When both the TCP port and the UDP port are scanned, you can specify the protocol by adding T: or U: before the port number. The protocol qualifier remains valid until another is specified. For example, the parameter-P u:53,111,137,t:21-25,80,139,8080 will scan UDP ports 53,111, and 137, while scanning the listed TCP ports.

-F (Fast (limited port) scan)

After performing the scan, you can cat/proc/net/arp view the ARP cache table. or use the ARP command to view it directly.

Recommended use of Zenmap

Zenmap is an official graphical user interface for the Security Scanning Tool nmap, a cross-platform open source application that is not only easy to use for beginners, but also offers many advanced features for advanced users. Frequent scans can be stored and run repeatedly

Http://www.2cto.com/Article/200911/42537.html

Http://www.oschina.net/news/15639/5-linux-port-scanner

Linux LAN probing tool nmap

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.