加入收藏 | 设为首页 | 会员中心 | 我要投稿 威海站长网 (https://www.0631zz.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 服务器 > 搭建环境 > Linux > 正文

NMAP - A Stealth Port Scanner--reference

发布时间:2021-01-26 03:28:06 所属栏目:Linux 来源:网络整理
导读:http://nmap.org/bennieston-tutorial/ Nmap is a free,open-source port scanner available for both UNIX and Windows. It has an optional graphical front-end,NmapFE,and supports a wide variety of scan types,each one with different benefits and

First,we’ll sweep the network with a simple Ping scan to determine which hosts are online.

   1 [chaos]# nmap -sP 10.0.0.0/24
   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:19 BST
   5 Host 10.0.0.1 appears to be up.
   6 MAC Address: 00:09:5B:29:FD:96 (Netgear)
   7 Host 10.0.0.2 appears to be up.
   8 MAC Address: 00:0F:B5:96:38:5D (Netgear)
   9 Host 10.0.0.4 appears to be up.
  10 Host 10.0.0.5 appears to be up.
  11 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
  12 Nmap finished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds

Now we’re going to take a look at 10.0.0.1 and 10.0.0.2,both listed as Netgear in the ping sweep. These IPs are good criteria for routers (in fact I know that 10.0.0.1 is a router and 10.0.0.2 is a wireless access point,since it’s my network,but lets see what Nmap makes of it...)

We’ll scan 10.0.0.1 using a SYN scan [-sS] and -A to enable OS fingerprinting and version detection.

   1 [chaos]# nmap -sS -A 10.0.0.1
   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:23 BST
   5 Insufficient responses for TCP sequencing (0),6         OS detection may be less accurate
   7 Interesting ports on 10.0.0.1:
   8 (The 1671 ports scanned but not shown below are in state:
   9         closed)
  10 PORT   STATE SERVICE    VERSION
  11 80/tcp open  tcpwrapped
  12 MAC Address: 00:09:5B:29:FD:96 (Netgear)
  13 Device type: WAP
  14 Running: Compaq embedded,Netgear embedded
  15 OS details: WAP: Compaq iPAQ Connection Point or
  16         Netgear MR814
  17 
  18 Nmap finished: 1 IP address (1 host up) scanned in
  19         3.533 seconds

The only open port is 80/tcp - in this case,the web admin interface for the router. OS fingerprinting guessed it was a Netgear Wireless Access Point - in fact this is a Netgear (wired) ADSL router. As it said,though,there were insufficient responses for TCP sequencing to accurately detect the OS.

Now we’ll do the same for 10.0.0.2...

   1 [chaos]# nmap -sS -A 10.0.0.2
   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ )
   4         at 2006-07-14 14:26 BST
   5 Interesting ports on 10.0.0.2:
   6 (The 1671 ports scanned but not shown below are in state:
   7         closed)
   8 PORT   STATE SERVICE VERSION
   9 80/tcp open  http    Boa HTTPd 0.94.11
  10 MAC Address: 00:0F:B5:96:38:5D (Netgear)
  11 Device type: general purpose
  12 Running: Linux 2.4.X|2.5.X
  13 OS details: Linux 2.4.0 - 2.5.20
  14 Uptime 14.141 days (since Fri Jun 30 11:03:05 2006)
  15 
  16 Nmap finished: 1 IP address (1 host up) scanned in 9.636
  17         seconds

Interestingly,the OS detection here listed Linux,and the version detection was able to detect the httpd running. The accuracy of this is uncertain,this is a Netgear home wireless access point,so it could be running some embedded Linux!

Now we’ll move on to 10.0.0.4 and 10.0.0.5,these are likely to be normal computers running on the network...

   1 [chaos]# nmap -sS -P0 -A -v 10.0.0.4
   2 
   3 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at
   4         2006-07-14 14:31 BST
   5 DNS resolution of 1 IPs took 0.10s. Mode:
   6         Async [#: 2,OK: 0,NX: 1,DR: 0,SF: 0,TR: 1,CN: 0]
   7 Initiating SYN Stealth Scan against 10.0.0.4 [1672 ports] at 14:31
   8 Discovered open port 21/tcp on 10.0.0.4
   9 Discovered open port 22/tcp on 10.0.0.4
  10 Discovered open port 631/tcp on 10.0.0.4
  11 Discovered open port 6000/tcp on 10.0.0.4
  12 The SYN Stealth Scan took 0.16s to scan 1672 total ports.
  13 Initiating service scan against 4 services on 10.0.0.4 at 14:31
  14 The service scan took 6.01s to scan 4 services on 1 host.
  15 For OSScan assuming port 21 is open,1 is closed,and neither are
  16         firewalled
  17 Host 10.0.0.4 appears to be up ... good.
  18 Interesting ports on 10.0.0.4:
  19 (The 1668 ports scanned but not shown below are in state: closed)
  20 PORT     STATE SERVICE VERSION
  21 21/tcp   open  ftp     vsftpd 2.0.3
  22 22/tcp   open  ssh     OpenSSH 4.2 (protocol 1.99)
  23 631/tcp  open  ipp     CUPS 1.1
  24 6000/tcp open  X11      (access denied)
  25 Device type: general purpose
  26 Running: Linux 2.4.X|2.5.X|2.6.X
  27 OS details: Linux 2.4.0 - 2.5.20,Linux 2.5.25 - 2.6.8 or
  28         Gentoo 1.2 Linux 2.4.19 rc1-rc7
  29 TCP Sequence Prediction: class="random" positive increments
  30                          Difficulty=4732564 (Good luck!)
  31 IPID Sequence Generation: All zeros
  32 Service Info: OS: Unix
  33 
  34 Nmap finished: 1 IP address (1 host up) scanned in 8.333 seconds
  35                Raw packets sent: 1687 (74.7KB) | Rcvd: 3382 (143KB)

(编辑:威海站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
相关内容
    推荐文章
    站长推荐
    热点阅读

      【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

      建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

      Copygight © 2008-2022 https://www.0631zz.cn/ All Rights Reserved. 威海站长网