Linux uses NMAP to collect host information (1)

Since its appearance in Red Hat Linux, NMAP has become an indispensable tool for Linux network engineers and system administrators. This tool can be used to determine the network layout, host opened ports and services, and so on. This information is vital for administrators to improve system security. NMAP lays a good foundation for establishing policies that enable security services and disable services.

For example, the result of the NMAP command. It can scan a specific host to find the operating system, opened ports, and services it uses. However, SMAP is a command running in shell, which has no intuitive interface. This is a difficult obstacle for many Linux system administrators. I was not used to it at the beginning. I envy some LAN scanning tools under Windows, such as streamer scanning. These tools provide friendly graphical operation interfaces. But after I used this command, I couldn't do without the NMAP command. I have discovered many features that are difficult to implement by other scanning tools. As long as you use this command flexibly, the system administrator will gain more benefits than other scanning tools. I will talk about how to use NMAP to collect host information in the LAN.

1. scan a batch of hosts.

If you are responsible for the security of your company's Lan, you need to know which hosts in the LAN have enabled unnecessary services and ports. This poses security risks to LAN security. Therefore, you need to scan hosts on the LAN to collect the developed port and service information.

The NMAP command can achieve this purpose. Because the NMAP command supports CIDR-style addresses. For example, the system administrator can use 192.168.0.0/24 to represent a string of IP addresses. This is a way to express an IP address string through a subnet mask. However, although the CIDR naming method is relatively simple, it is not flexible enough. For example, 192.168.0.4 is a file server in an enterprise. During the scan, the system administrator does not want the NMAP command to scan the host, so that information leakage may be convenient for attackers. Therefore, when scanning LAN hosts in actual work, it is often necessary to filter some specific hosts. In addition, you do not want to scan for special addresses such as 192.168.0.0, because these are broadcast addresses and do not specify host names. Currently, the scanning software on the market basically supports CIDR-style IP addresses. However, NMAP can filter out some specific IP addresses or only collect information about specific IP address hosts.

For example, the NMAP command can be followed by commas to separate multiple IP addresses. You can also select a host with a specific IP address through the range list. However, when many hosts need to be scanned, manual input will be troublesome. The NMAP command is most worthy of my recommendation. You can specify the IP address to be scanned from a list. In other words, the system administrator can save the IP address of the host to collect information in a file in advance. Then let the NMAP command read the IP address information from the file. This saves the trouble of input and improves the work efficiency. In addition, this file can be reused. For example, you can use "nmap-iL file name. I now use a DHCP server in an enterprise to manage IP addresses. IP Address Allocation is both dynamic and static. I will regularly scan hosts in the LAN to prevent users from opening insecure ports. It takes a lot of time to scan more hosts. For this reason, I use a circular scan method, such as scanning 50 hosts at a time, and so on. To achieve this goal, I export the list of all IP addresses in use from the DHCP server and create a text file. Note that the NMAP command does not support EXCEL files, so you need to convert the list to text files. Then, I can use the "nmap-iL file name" command to scan hosts with specified IP addresses in the file and collect useful information to ensure the security of hosts in the LAN.