Powerful functions of NMAP in Linux

After installing Linux, you will find that there will always be many application tools in Linux. The powerful use of these tools will make Linux network engineers and system administrators like it very much, such as the NMAP tool. The NMAP tool can be used to determine the network layout, ports opened by hosts, and services.

This information is vital for administrators to improve system security. NMAP lays a good foundation for establishing policies that enable security services and disable services.

For example, the result of the NMAP command. It can scan a specific host to find the operating system, opened ports, and services it uses. However, SMAP is a command running in shell, which has no intuitive interface. This is a difficult obstacle for many Linux system administrators. I was not used to it at the beginning. I envy some LAN scanning tools under Windows, such as streamer scanning. These tools provide friendly graphical operation interfaces. But after I used this command, I couldn't do without the NMAP command. I have discovered many features that are difficult to implement by other scanning tools. As long as you use this command flexibly, the system administrator will gain more benefits than other scanning tools. I will talk about how to use NMAP to collect host information in the LAN.

1. scan a batch of hosts.

If you are responsible for the security of your company's Lan, you need to know which hosts in the LAN have enabled unnecessary services and ports. This poses security risks to LAN security. Therefore, you need to scan hosts on the LAN to collect the developed port and service information.

The NMAP command can achieve this purpose. Because the NMAP command supports CIDR-style addresses. For example, the system administrator can use 192.168.0.0/24 to represent a string of IP addresses. This is a way to express an IP address string through a subnet mask. However, although the CIDR naming method is relatively simple, it is not flexible enough. For example, 192.168.0.4 is a file server in an enterprise. During the scan, the system administrator does not want the NMAP command to scan the host, so that information leakage may be convenient for attackers. Therefore, when scanning LAN hosts in actual work, it is often necessary to filter some specific hosts. In addition, you do not want to scan for special addresses such as 192.168.0.0, because these are broadcast addresses and do not specify host names. Currently, the scanning software on the market basically supports CIDR-style IP addresses. However, NMAP can filter out some specific IP addresses or only collect information about specific IP address hosts.

For example, the NMAP command can be followed by commas to separate multiple IP addresses. You can also select a host with a specific IP address through the range list. However, when many hosts need to be scanned, manual input will be troublesome. The NMAP command is most worthy of my recommendation. You can specify the IP address to be scanned from a list. In other words, the system administrator can save the IP address of the host to collect information in a file in advance. Then let the NMAP command read the IP address information from the file. This saves the trouble of input and improves the work efficiency. In addition, this file can be reused. For example, you can use "nmap-iL file name. I now use a DHCP server in an enterprise to manage IP addresses. IP Address Allocation is both dynamic and static. I will regularly scan hosts in the LAN to prevent users from opening insecure ports. It takes a lot of time to scan more hosts. For this reason, I use a circular scan method, such as scanning 50 hosts at a time, and so on. To achieve this goal, I export the list of all IP addresses in use from the DHCP server and create a text file. Note that the NMAP command does not support EXCEL files, so you need to convert the list to text files. Then, I can use the "nmap-iL file name" command to scan hosts with specified IP addresses in the file and collect useful information to ensure the security of hosts in the LAN.

2. Filter specific hosts.

In enterprise networks, some IP addresses correspond to special services. For security and performance considerations, you do not want the NMAP command to scan hosts corresponding to these IP addresses. For example, 192.168.0.2 may be a network printer in the enterprise LAN. Scanning this IP address often has little practical value, but it is a waste of time to increase the reading volume of the system administrator. Therefore, the system administrator wants to filter out specific hosts when using this command to shorten the scanning time and simplify the scanning results. The NMAP command supports this requirement.

For example, the system administrator can use the exclued parameter to exclude hosts that do not need to collect information. For example, nmap exclude 192.168.0.2 and 192.168.0.3 indicate that you do not need to scan hosts with these two IP addresses. In other words, if some hosts do not need to be scanned within the scan range, you can use commas to separate them and filter them using the Exclued parameter. This parameter can be followed by not only IP addresses, but also host names and CIDR format IP addresses. Typically, a scan network contains servers that are executing critical tasks and applications that strongly respond to port scans.

However, when many hosts are filtered, it is inconvenient to use IP addresses one by one. If the system administrator is doing this, the command may be completely unknown. In fact, this Exclued parameter also has a brother with the same parent, that is, excludefile. As the name suggests, this parameter can be followed by a text file. All IP addresses contained in this text file will be filtered out. It serves the same purpose as the Exclued parameter, except that the excluded target host information is obtained from a file rather than input in the command line. IP addresses or host names in this file can be separated by line breaks, spaces, or tabs. Obviously, saving the host information to be filtered in the form of files not only improves the scanning efficiency, but also can be reused during the next scan.

I especially like to use the NMAP command to collect relevant host information. The most important thing is to look at this function. The NMAP command can read the IP address or host name information from a specific file, and then use the Parameter options to collect host information from the list or filter out certain hosts. This can greatly improve our work efficiency and the flexibility of NMAP commands.

3. Randomly select the target host to collect information.

Sometimes, for the purpose of research or testing, you need to immediately select an IP address for scanning and collect relevant information such as ports and services. The Nmap command can also scan hosts on the network immediately. This mainly relies on the iR option, which is followed by an integer number. If it is 0, it means endless scanning. Because scanning will not only arouse users' dislike, but also affect the performance of the local machine, it is best not to use this endless scanning. If it is followed by another number, it indicates how many IP addresses need to be randomly generated for scanning. Note that the IP addresses generated here are random, not from small to large or from large to small. Only the information collected by this command has reference value. In addition, if the host address generated by the user contains multicast or unassigned IP addresses, the command will automatically skip this step. Obviously, this is a user-friendly design.

Once again, scanning hosts on the network can cause harm. Because some operating systems or applications are sensitive to network scanning, scanning may affect their normal operation. In addition, scanning also consumes a lot of resources on the local machine. Therefore, if you use the SMAP command for scanning in a timely manner, you should not scan too many hosts at a time, and the frequency should not be too frequent. If there are many clients in the enterprise network, it is reasonable to scan and collect information in batches.

In addition, the NMAP command is an open-source scanning tool running on the Linux operating system. But it can not only scan Linux clients, but also scan clients including Windows operating systems. It uses some identifiers to identify the type of operating system. In addition, even if the client is a network printer, the NMAP command can also scan and collect important information. The information collected above is the port and service information enabled by a network printer. This helps the system administrator to eliminate all the devices in the enterprise network.

This is the powerful function of the NMAP tool.

More and more commands are available in Linux. Do you know these commands? This article explains how to use the ipvsadm command. It mainly provides a simple translation, which is helpful to the users of the ipvsadm command.

In order to better understand this command manual, we will briefly introduce several terms used in this manual: 1, virtual-service-address: it refers to the Virtual Server ip address 2, real-service-address: refers to the real Server ip address 3, scheduler: Scheduling Method

The usage and format of ipvsadm are as follows: ipvsadm-A | E-t | u | f virutal-service-address: port [-s scheduler] [-p [timeout] [-M netmask] ipvsadm-D-t | u | f virtual-service-address ipvsadm-C ipvsadm-R ipvsadm- S [-n] ipvsadm-a | e-t | u | f service-address: port-r real-server-address: port [-g | I | m] [-w weight] ipvsadm-d-t | u | f service-address-r server-address ipvsadm-L | l [options] ipvsadm -Z [-t | u | f service-address] ipvsadm -- s Et tcp tcpfin udp ipvsadm -- start-daemon state [-- mcast-interface] ipvsadm -- stop-daemon ipvsadm-h Command Option explanation: There are two Command Option formats, long and Short have the same meaning. In actual use, either of them can be used.

-A -- add-service adds A new virtual server record in the virtual server table of the kernel. That is, add a new virtual server.

-E -- edit-service: edit a virtual server record in the kernel virtual server table.

-D -- delete-service: delete a virtual server record in the kernel virtual server table.

-C -- clear clears all records in the kernel virtual server table.

-R -- restore Virtual Server rule-S -- save Virtual Server rule, the output is in the readable format of the-R option.-a -- add-server adds a new Real server record to a record in the kernel virtual server table. That is, add a new real server to a virtual server-e -- edit-server to edit a Real server record in a virtual server record-d -- delete-server to delete a virtual server A Real Server record in the record-L |-l -- list displays the kernel virtual server table-Z -- zero virtual service table counters, clears the current number of connections, and so on)

-- Set tcp tcpfin udp sets the connection timeout value -- start-daemon to start the synchronization daemon. It can be followed by a master or backup to indicate that the LVS Router is a master or backup. The VRRP function of keepalived can also be used in this function.

-- Stop-daemon stop synchronization daemon-h -- help display help information other options:-t -- tcp-service-address indicates that the virtual server provides the tcp service [vip: port] or [real-server-ip: port]-u -- udp-service-address indicates that the virtual server provides the udp service [vip: port] or [real-server-ip: port]-f -- fwmark-service fwmark indicates the service type marked by iptables.

-S -- scheduler scheduling algorithm, which has the following options: rr | wrr | lc | wlc | lblc | lblcr | dh | sh | sed | nq. The default scheduling algorithm is: wlc. -p -- persistent [timeout] persistent and stable service. This option means that multiple requests from the same customer will be processed by the same real server. The default timeout value is 300 seconds.

-M -- netmask persistent granularity mask-r -- real-server-address Real Server [real-server: port]-g -- gatewaying specifies that the LVS working mode is direct routing mode, which is also the default LVS Mode)

-I -- ipip: Specify the LVS working mode as tunnel mode-m -- masquerading: Specify the LVS working mode as NAT mode-w -- weight: the actual server's weight -- mcast-interface the multicast synchronization interface-c -- connection displays the current connection of LVS, for example: ipvsadm-L-c -- timeout: displays the timeout value of tcp tcpfin udp, for example: ipvsadm-L -- timeout -- daemon displays the status of the synchronization daemon -- stats displays statistics -- rate displays rate information -- sort sorts the output of the virtual server and the Real Server -- numeric-n outputs the IP address and the numeric form of the port.

I hope it will help you learn the ipvsadm command.

1. Command Manual: The ipvsadm command in Linux
2. Are you preinstalled with Linux Desktop today?
3. Powerful functions of NMAP in Linux
4. Linux Firewall and NMAP commands
5. Use WinScp to swap files between Linux and Microsoft