Several nmap skills

Several tips about nmap Nmap (NetworkMapper) is an open source network detection and security audit tool. Its design goal is to quickly scan a large network. of course, it is no problem to scan a single host with it. Nmap uses several original nmap techniques in a novel way. Nmap ("Network er (Network er)") is an open source Network detection and security audit tool. Its design goal is to quickly scan a large network. of course, it is no problem to scan a single host with it. Nmap uses original IP packets in a novel way to find out which hosts are on the network and what services are provided by those hosts (application name and version ), what types of message filters/firewalls are used for the operating systems (including version information) in which services are running, and a bunch of other functions are used. Although Nmap is usually used for security review, many system administrators and network administrators also use it for routine work, such as viewing information about the entire network and managing service upgrade plans, monitor the running of hosts and services. Here are a few examples to share some amazing tips [root @ localhost ~] # Nmap-v www.XXXX.com -----------------------------> test all reserved TCP ports of the target host [root @ localhost ~] # Nmap-sS-O 192.168.254.152 ------------------ view the system Starting Nmap 6.40 ( http://nmap.org ) At CSTNmap scan report for 192.168.254.152Host is up (0.00069 s latency ). not shown: 992 closed ports ...................................................... Running: Microsoft Windows VistaOS CPE: cpe:/o: microsoft: windows_vistaOS details: Microsoft Windows VistaNetwork Distance: 1 hop nmap-PT scan using TCP ping, you can obtain all started computers. [Root @ kissing ~] # Nmap-PT 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) At CSTInteresting ports on 192.168.0.1: Not shown: 1679 closed portsPORT STATE SERVICE80/tcp open httpMAC Address: 1C: AF: F7: 89: 48: 70 (Unknown) interesting ports on 192.168.0.100: Not shown: 1675 filtered portsPORT STATE SERVICE21/tcp open ftp139/tcp open netbios-ssn445/tcp open microsoft-ds6001/tcp closed X11: 16002/tcp closed X11: 2MAC Address: c4: 46: 19: 39: 9D: E7 (Unknown) All 1680 s Canned ports on 192.168.0.101 are closedMAC Address: E8: 99: C4: 08: B0: EE (Unknown) Interesting ports on 192.168.0.102: Not shown: 1677 filtered portsPORT STATE SERVICE135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-dsMAC Address: 00: 23: 5A: BA: 9F: 51 (Unknown) all 1680 scanned ports on 192.168.0.104 are closedMAC Address: 38: AA: 3C: 2F: 34: 18 (Unknown) Interesting ports on 192.168.0.144: No T shown: 1676 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind1022/tcp open unknown Nmap finished: 256 IP addresses (6 hosts up) scanned in 41.821 seconds --------------------------------------------------------------------------------- nmap-sP 192.168.x.0/24 scans all up hosts in this segment [root @ kissing ~] # Nmap-sP 192.168.0.0/24 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) At CSTHost 192.168.0.1 appears to be up. MAC Address: 1C: AF: F7: 89: 48: 70 (Unknown) Host 192.168.0.101 appears to be up. MAC Address: E8: 99: C4: 08: B0: EE (Unknown) Host 192.168.0.102 appears to be up. MAC Address: 00: 23: 5A: BA: 9F: 51 (Unknown) Host 192.168.0.104 appears to be up. MAC Address: 38: AA: 3C: 2F: 34: 18 (Unknown) Host 192.168.0.144 appears to be up. nmap finished: 256 IP addresses (5 hos Ts up) scanned in 5.161 seconds scanning nmap-O 192.168.x.x scans the host's operating system. only root can use the O parameter ------------------------------------------------------------------------------- nmap-A 192.168.x.x to scan the host's operating system, the root permission is not required. [root @ kissing ~] # Nmap-A 192.168.0.102 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) At CSTWarning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP portInteresting ports on 192.168.0.102: Not shown: 1677 filtered portsPORT state service VERSION135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn445/tcp open netbios-ssn MAC Address: 00: 23: 5A: BA: 9F: 51 (Unknown) no OS matches for host (test conditions non-ideal ). TCP/IP fingerprint: SInfo (V = 4.11% P = i686-redhat-linux-gnu % D = 9/18% Tm = 5239C07A % O = 135% C =-1% M = 00235A) TSeq (Class = TR % IPID = I % TS = 100 HZ) t1 (Resp = Y % DF = N % W = 2000% ACK = S ++ % Flags = AS % Ops = MNNT) T2 (Resp = N) T3 (Resp = N) t4 (Resp = N) T5 (Resp = N) T6 (Resp = N) T7 (Resp = N) PU (Resp = N) uptime 0.157 days (since Wed Sep 18 19:16:50 2013) Service Info: OS: Windows Nmap finished: 1 IP address (1 host up) scanned in 42.652 seconds common options:-v: verbosity information is displayed, and scan details are displayed during the scan process-A: intense scan mode, including operating system detection, Version detection, script scanning, and path tracking-T: set the time template. there are always six levels (0-5). The higher the level, the faster the scanning speed.-sT: TCP scan-sU: UDP scan-Pn: considers all specified hosts as enabled and skips host discovery.