Two network scanning tools in the UbuntuLinux system

Source: Internet
Author: User
Article Title: two network scanning tools under the UbuntuLinux system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source. Nbtscan -- collect NetBIOS information from a Windows network
 
Tool name: nbtscan-1.5.1a
 
Application Environment: Linux
 
Tool introduction: This is a program used to scan NetBIOS name information on Windows networks. This program sends a NetBIOS status query to each address within the given range, and lists the received information in a readable table. for each response host, NBTScan lists its IP addresses, NetBIOS computer names, logon usernames, and MAC addresses.
 
  Nmap-network scanning and sniffing Toolkit
 

Tool name: nmap-3.50
 
Application Environment: Linux
 
Tool introduction: NMap is a network scanning and sniffing tool kit in Linux. It can help the network administrator to thoroughly detect UDP or TCP ports until the operating system used by the host. It can also record all the test results to logs of various formats to serve system security. NMap, or Network Mapper, is a Network scanning and sniffing toolkit in Linux. It has three basic functions: first, to detect whether a group of hosts are online, and second, to scan host ports, network service provided by sniffing; the operating system used by the host can also be inferred. nmap can be used to scan networks with only two nodes and more than 500 nodes. Nmap also allows you to customize scan techniques. Generally, a simple ping operation using ICMP can meet general requirements. you can also thoroughly test the UDP or TCP port until the operating system used by the host; all test results can also be recorded in logs of various formats for further analysis. However, nmap is found to have DOS attacks. to address such attacks, you can take the following measures: install the latest patch from the system seller; and use the unaffected system as the firewall.
 
Example:
 
This method is applicable to intranet and internet Detection. intranet operations are used as an example (the Internet parameters are the same)
 
Simple port scan: nmap-vv-sT (sS, sF, sU, sA) 192.168.0.1-D 127.0.0.1 (-D forged address)
 
OS detection: nmap-vv-sS-O 192.168.0.1
 
RPC authentication: portmap on nmap-sS-sR 192.168.0.1 Linux is a simple RPC service. The listening port is 111 (default), and the network scan and sniffing tools are tested, there are three basic functions: one is to detect whether a group of hosts are online, the other is to scan host ports, sniff the network services provided, and infer the operating system used by the host. Nmap can be used to scan networks with only two nodes and more than 500 nodes. Nmap also allows you to customize scan techniques. Generally, a simple ping operation using ICMP can meet general requirements. you can also thoroughly test the UDP or TCP port until the operating system used by the host; all test results can also be recorded in logs of various formats for further analysis.
 
Official Download and documentation: http://insecure.org/nmap/
 
Use
 
Ping the scan to print the host that responds to the scan without further testing (such as port scan or operating system detection ):
 
Nmap-sP 192.168.1.0/24
 
Only list each host on the specified network and do not send any packets to the target host:
 
Nmap-sL 192.168.1.0/24
 
Port opened by the target host. you can specify a comma-separated port list (for example,-PS22, 80 ):
 
Nmap-PS 192.168.1.234
 
Use UDP ping to detect hosts:
 
Nmap-PU 192.168.1.0/24
 
The most frequently used scan option is SYN scan, also known as semi-open scan. it does not open a full TCP connection and runs very quickly:
 
Nmap-sS 192.168.1.0/24
 
When SYN scan is unavailable, TCP Connect () scan is the default TCP scan:
 
Nmap-sT 192.168.1.0/24
 
UDP scan uses the-sU option to send an empty (no data) UDP header to each target Port:
 
Nmap-sU 192.168.1.0/24
 
Determine the IP protocols supported by the target machine (TCP, ICMP, IGMP, etc ):
 
Nmap-sO 192.168.1.19
 
Test the operating system of the target host:
 
Nmap-O 192.168.1.19
 
Nmap-A 192.168.1.19
 
In addition, the examples in the nmap official document are as follows:
 
Nmap-v scanme.nmap.org
 
This option scans all reserved TCP ports in the host scanme.nmap.org. Option-v enables detail mode.
 
Nmap-sS-O scanme.nmap.org/24
 
The secret SYN scan is performed on 255 hosts in the "Class C" CIDR block where the host Saznme is located. At the same time, try to determine the operating system type of each worker host. The root permission is required for SYN scanning and operating system detection.
 
Nmap-sV-p 110,143,456, 255.1 4 198.116.0-127-
 
Host enumeration and TCP scanning. the object is the 188.116 eight-bit subnet in the class B 255 CIDR block. This test is used to determine whether the system is running sshd, DNS, imapd, or port 4564. If these ports are opened, version check is used to determine which application is running.
 
Nmap-v-iR 100000-P0-p 80
 
Randomly select 100000 hosts to scan for running Web servers (port 80 ). It is a waste of time to determine whether the host is working by sending a probe report in the initial phase, and only one port of the host needs to be detected because-P0 is used to prohibit the host list.
 
Nmap-P0-p80-oX logs/pb-port80scan.xml-oG logs/pb-port80scan.gnmap 216.163.128.20/20
 
Scan 4096 IP addresses, search for the Web server (do not ping), and save the results in Grep and XML format.
 
Host-l company.com | cut-d-f 4 | nmap-v-iL-
 
Perform DNS region transmission to find the host in company.com, and then provide the IP address to Nmap. the above command is used for GNU/Linux-other systems for regional transmission.
 
Other options:
 
-P (only scan the specified port)
 
Either a single port or a port range (for example, 1-1023) indicated by a hyphen. When scanning both TCP port and UDP port, you can add T: or U: before the port number to specify the protocol. The protocol qualifier remains valid until another one is specified. For example, parameters-p U: 53,111,137, T: 21-25, 80, 53,111, 80 scan UDP port 137, and, and scan the TCP ports listed at the same time.
 
-F (fast (limited port) scanning)
 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.