當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

namp命令详解

發布時間：2025/4/5 编程问答 33 豆豆

生活随笔收集整理的這篇文章主要介紹了 namp命令详解小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

我將用兩個不同的部分來涵蓋大部分NMAP的使用方法，這是nmap關鍵的第一部分。在下面的設置中，我使用兩臺已關閉防火墻的服務器來測試Nmap命令的工作情況。

192.168.0.100?–?server1.tecmint.com?

192.168.0.101?–?server2.tecmint.com?

NMAP命令用法

#?nmap?[Scan?Type(s)]?[Options]?{target?specification}?

如何在Linux下安裝NMAP

現在大部分Linux的發行版本像Red Hat，CentOS，Fedoro，Debian和Ubuntu在其默認的軟件包管理庫（即Yum?和?APT）中都自帶了Nmap，這兩種工具都用于安裝和管理軟件包和更新。在發行版上安裝Nmap具體使用如下命令。

#?yum?install?nmap??????[on?Red?Hat?based?systems]?

$?sudo?apt-get?install?nmap?[on?Debian?based?systems]?

一旦你安裝了最新的nmap應用程序，你就可以按照本文中提供的示例說明來操作。

1. 用主機名和IP地址掃描系統

Nmap工具提供各種方法來掃描系統。在這個例子中，我使用server2.tecmint.com主機名來掃描系統找出該系統上所有開放的端口，服務和MAC地址。

使用主機名掃描

[root@server1?~]#?nmap?server2.tecmint.com??

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?15:42?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.415?seconds?

You?have?new?mail?in?/var/spool/mail/root?

使用IP地址掃描

[root@server1?~]#?nmap?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-18?11:04?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

958/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.465?seconds?

You?have?new?mail?in?/var/spool/mail/root?

2.掃描使用“-v”選項

你可以看到下面的命令使用“?-v?“選項后給出了遠程機器更詳細的信息。

[root@server1?~]#?nmap?-v?server2.tecmint.com?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?15:43?EST?

Initiating?ARP?Ping?Scan?against?192.168.0.101?[1?port]?at?15:43?

The?ARP?Ping?Scan?took?0.01s?to?scan?1?total?hosts.?

Initiating?SYN?Stealth?Scan?against?server2.tecmint.com?(192.168.0.101)?[1680?ports]?at?15:43?

Discovered?open?port?22/tcp?on?192.168.0.101?

Discovered?open?port?80/tcp?on?192.168.0.101?

Discovered?open?port?8888/tcp?on?192.168.0.101?

Discovered?open?port?111/tcp?on?192.168.0.101?

Discovered?open?port?3306/tcp?on?192.168.0.101?

Discovered?open?port?957/tcp?on?192.168.0.101?

The?SYN?Stealth?Scan?took?0.30s?to?scan?1680?total?ports.?

Host?server2.tecmint.com?(192.168.0.101)?appears?to?be?up?...?good.?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.485?seconds?

Raw?packets?sent:?1681?(73.962KB)?|?Rcvd:?1681?(77.322KB)?

3.掃描多臺主機

你可以簡單的在Nmap命令后加上多個IP地址或主機名來掃描多臺主機。

[root@server1?~]#?nmap?192.168.0.101?192.168.0.102?192.168.0.103??

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:06?EST??

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):??

Not?shown:?1674?closed?ports??

PORT?????STATE?SERVICE??

22/tcp???open??ssh??

80/tcp???open??http??

111/tcp??open??rpcbind??

957/tcp??open??unknown??

3306/tcp?open??mysql??

8888/tcp?open??sun-answerbook??

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)??

Nmap?finished:?3?IP?addresses?(1?host?up)?scanned?in?0.580?seconds??

4.掃描整個子網

你可以使用*通配符來掃描整個子網或某個范圍的IP地址。

[root@server1?~]#?nmap?192.168.0.*?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:11?EST?

Interesting?ports?on?server1.tecmint.com?(192.168.0.100):?

Not?shown:?1677?closed?ports?

PORT????STATE?SERVICE?

22/tcp??open??ssh?

111/tcp?open??rpcbind?

851/tcp?open??unknown?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?256?IP?addresses?(2?hosts?up)?scanned?in?5.550?seconds?

You?have?new?mail?in?/var/spool/mail/root?

從上面的輸出可以看到，nmap掃描了整個子網，給出了網絡中當前網絡中在線主機的信息。

5.使用IP地址的最后一個字節掃描多臺服務器

你可以簡單的指定IP地址的最后一個字節來對多個IP地址進行掃描。例如，我在下面執行中掃描了IP地址192.168.0.101，192.168.0.102和192.168.0.103。

[root@server1?~]#?nmap?192.168.0.101,102,103?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:09?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?3?IP?addresses?(1?host?up)?scanned?in?0.552?seconds?

You?have?new?mail?in?/var/spool/mail/root?

6. 從一個文件中掃描主機列表

如果你有多臺主機需要掃描且所有主機信息都寫在一個文件中，那么你可以直接讓nmap讀取該文件來執行掃描，讓我們來看看如何做到這一點。

創建一個名為“nmaptest.txt?”的文本文件，并定義所有你想要掃描的服務器IP地址或主機名。

[root@server1?~]#?cat?>?nmaptest.txt?

localhost?

server2.tecmint.com?

192.168.0.101?

接下來運行帶“iL”?選項的nmap命令來掃描文件中列出的所有IP地址。

[root@server1?~]#?nmap?-iL?nmaptest.txt?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-18?10:58?EST?

Interesting?ports?on?localhost.localdomain?(127.0.0.1):?

Not?shown:?1675?closed?ports?

PORT????STATE?SERVICE?

22/tcp??open??ssh?

25/tcp??open??smtp?

111/tcp?open??rpcbind?

631/tcp?open??ipp?

857/tcp?open??unknown?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

958/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)??

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

958/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?3?IP?addresses?(3?hosts?up)?scanned?in?2.047?seconds?

7.掃描一個IP地址范圍

你可以在nmap執行掃描時指定IP范圍。

[root@server1?~]#?nmap?192.168.0.101-110?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:09?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?10?IP?addresses?(1?host?up)?scanned?in?0.542?seconds?

8.排除一些遠程主機后再掃描

在執行全網掃描或用通配符掃描時你可以使用“-exclude”選項來排除某些你不想要掃描的主機。

[root@server1?~]#?nmap?192.168.0.*?--exclude?192.168.0.100?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:16?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?255?IP?addresses?(1?host?up)?scanned?in?5.313?seconds?

You?have?new?mail?in?/var/spool/mail/root?

9.掃描操作系統信息和路由跟蹤

使用Nmap，你可以檢測遠程主機上運行的操作系統和版本。為了啟用操作系統和版本檢測，腳本掃描和路由跟蹤功能，我們可以使用NMAP的“-A“選項。

[root@server1?~]#?nmap?-A?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:25?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?VERSION?

22/tcp???open??ssh?????OpenSSH?4.3?(protocol?2.0)?

80/tcp???open??http????Apache?httpd?2.2.3?((CentOS))?

111/tcp??open??rpcbind??2?(rpc?#100000)?

957/tcp??open??status???1?(rpc?#100024)?

3306/tcp?open??mysql???MySQL?(unauthorized)?

8888/tcp?open??http????lighttpd?1.4.32?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

No?exact?OS?matches?for?host?(If?you?know?what?OS?is?running?on?it,?see?http://www.insecure.org/cgi-bin/nmap-submit.cgi).?

TCP/IP?fingerprint:?

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)?

TSeq(Class=TR%IPID=Z%TS=1000HZ)?

T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)?

T2(Resp=N)?

T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)?

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)?

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)?

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)?

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)?

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)?

Uptime?0.169?days?(since?Mon?Nov?11?12:22:15?2013)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?22.271?seconds?

從上面的輸出你可以看到，Nmap顯示出了遠程主機操作系統的TCP?/?IP協議指紋，并且更加具體的顯示出遠程主機上的端口和服務。

10.啟用Nmap的操作系統探測功能

使用選項“-O”和“-osscan-guess”也幫助探測操作系統信息。

[root@server1?~]#?nmap?-O?server2.tecmint.com?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:40?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

No?exact?OS?matches?for?host?(If?you?know?what?OS?is?running?on?it,?see?http://www.insecure.org/cgi-bin/nmap-submit.cgi).?

TCP/IP?fingerprint:?

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)?

TSeq(Class=TR%IPID=Z%TS=1000HZ)?

T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)?

T2(Resp=N)?

T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)?

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option?-O?and?-osscan-guess?also?helps?to?discover?OS?

R%Ops=)?

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)?

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)?

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)?

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)?

Uptime?0.221?days?(since?Mon?Nov?11?12:22:16?2013)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?11.064?seconds?

You?have?new?mail?in?/var/spool/mail/root?

11.掃描主機偵測防火墻

下面的命令將掃描遠程主機以探測該主機是否使用了包過濾器或防火墻。

[root@server1?~]#?nmap?-sA?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:27?EST?

All?1680?scanned?ports?on?server2.tecmint.com?(192.168.0.101)?are?UNfiltered?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.382?seconds?

You?have?new?mail?in?/var/spool/mail/root?

12.掃描主機檢測是否有防火墻保護

掃描主機檢測其是否受到數據包過濾軟件或防火墻的保護。

[root@server1?~]#?nmap?-PN?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:30?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.399?seconds?

13.找出網絡中的在線主機

使用“-sP”選項，我們可以簡單的檢測網絡中有哪些在線主機，該選項會跳過端口掃描和其他一些檢測。

[root@server1?~]#?nmap?-sP?192.168.0.*?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-18?11:01?EST?

Host?server1.tecmint.com?(192.168.0.100)?appears?to?be?up.?

Host?server2.tecmint.com?(192.168.0.101)?appears?to?be?up.?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?256?IP?addresses?(2?hosts?up)?scanned?in?5.109?seconds?

14.執行快速掃描

你可以使用“-F”選項執行一次快速掃描，僅掃描列在nmap-services文件中的端口而避開所有其它的端口。

[root@server1?~]#?nmap?-F?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:47?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1234?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.322?seconds?

15.查看Nmap的版本

你可以使用“-V”選項來檢測你機子上Nmap的版本。

[root@server1?~]#?nmap?-V?

Nmap?version?4.11?(?http://www.insecure.org/nmap/?)?

You?have?new?mail?in?/var/spool/mail/root?

16.順序掃描端口

使用“-r”選項表示不會隨機的選擇端口掃描。

[root@server1?~]#?nmap?-r?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?16:52?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.363?seconds?

17.打印主機接口和路由

你可以使用nmap的“–iflist”選項檢測主機接口和路由信息。

[root@server1?~]#?nmap?--iflist?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:07?EST?

************************INTERFACES************************?

DEV??(SHORT)?IP/MASK??????????TYPE?????UP?MAC?

lo???(lo)????127.0.0.1/8??????loopback?up?

eth0?(eth0)??192.168.0.100/24?ethernet?up?08:00:27:11:C7:89?

**************************ROUTES**************************?

DST/MASK??????DEV??GATEWAY?

192.168.0.0/0?eth0?

169.254.0.0/0?eth0?

從上面的輸出你可以看到，nmap列舉出了你系統上的接口以及它們各自的路由信息。

18.掃描特定的端口

使用Nmap掃描遠程機器的端口有各種選項，你可以使用“-P”選項指定你想要掃描的端口，默認情況下nmap只掃描TCP端口。

[root@server1?~]#?nmap?-p?80?server2.tecmint.com?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:12?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

PORT???STATE?SERVICE?

80/tcp?open??http?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?sca?

19.掃描TCP端口

你可以指定具體的端口類型和端口號來讓nmap掃描。

[root@server1?~]#?nmap?-p?T:8888,80?server2.tecmint.com?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:15?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

PORT?????STATE?SERVICE?

80/tcp???open??http?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.157?seconds?

20.掃描UDP端口

[root@server1?~]#?nmap?-sU?53?server2.tecmint.com?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:15?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

PORT?????STATE?SERVICE?

53/udp???open??http?

8888/udp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.157?seconds?

21.掃描多個端口

你還可以使用選項“-P”來掃描多個端口。

[root@server1?~]#?nmap?-p?80,443?192.168.0.101??

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-18?10:56?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

PORT????STATE??SERVICE?

80/tcp??open???http?

443/tcp?closed?https?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.190?seconds?

22.掃描指定范圍內的端口

您可以使用表達式來掃描某個范圍內的端口。

[root@server1?~]#??nmap?-p?80-160?192.168.0.101?

23.查找主機服務版本號

我們可以使用“-sV”選項找出遠程主機上運行的服務版本。

[root@server1?~]#?nmap?-sV?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:48?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?VERSION?

22/tcp???open??ssh?????OpenSSH?4.3?(protocol?2.0)?

80/tcp???open??http????Apache?httpd?2.2.3?((CentOS))?

111/tcp??open??rpcbind??2?(rpc?#100000)?

957/tcp??open??status???1?(rpc?#100024)?

3306/tcp?open??mysql???MySQL?(unauthorized)?

8888/tcp?open??http????lighttpd?1.4.32?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?12.624?seconds?

24.使用TCP ACK (PA)和TCP Syn (PS)掃描遠程主機

有時候包過濾防火墻會阻斷標準的ICMP?ping請求，在這種情況下，我們可以使用TCP ACK和TCP Syn方法來掃描遠程主機。

[root@server1?~]#?nmap?-PS?192.168.0.101??

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?17:51?EST??

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):??

Not?shown:?1674?closed?ports??

PORT?????STATE?SERVICE??

22/tcp???open??ssh??

80/tcp???open??http??

111/tcp??open??rpcbind??

957/tcp??open??unknown??

3306/tcp?open??mysql??

8888/tcp?open??sun-answerbook??

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)??

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.360?seconds??

You?have?new?mail?in?/var/spool/mail/root??

25.使用TCP ACK掃描遠程主機上特定的端口

[root@server1?~]#?nmap?-PA?-p?22,80?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?18:02?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

PORT???STATE?SERVICE?

22/tcp?open??ssh?

80/tcp?open??http?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.166?seconds?

You?have?new?mail?in?/var/spool/mail/root?

26.?使用TCP Syn掃描遠程主機上特定的端口

[root@server1?~]#?nmap?-PS?-p?22,80?192.168.0.101??

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?18:08?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

PORT???STATE?SERVICE?

22/tcp?open??ssh?

80/tcp?open??http?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.165?seconds?

You?have?new?mail?in?/var/spool/mail/root?

27.執行一次隱蔽的掃描

[root@server1?~]#?nmap?-sS?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?18:10?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.383?seconds?

You?have?new?mail?in?/var/spool/mail/root?

28.使用TCP Syn掃描最常用的端口

[root@server1?~]#?nmap?-sT?192.168.0.101?

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?18:12?EST?

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):?

Not?shown:?1674?closed?ports?

PORT?????STATE?SERVICE?

22/tcp???open??ssh?

80/tcp???open??http?

111/tcp??open??rpcbind?

957/tcp??open??unknown?

3306/tcp?open??mysql?

8888/tcp?open??sun-answerbook?

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)?

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?0.406?seconds?

You?have?new?mail?in?/var/spool/mail/root?

29.執行TCP空掃描以騙過防火墻

[root@server1?~]#?nmap?-sN?192.168.0.101??

Starting?Nmap?4.11?(?http://www.insecure.org/nmap/?)?at?2013-11-11?19:01?EST??

Interesting?ports?on?server2.tecmint.com?(192.168.0.101):??

Not?shown:?1674?closed?ports??

PORT?????STATE?????????SERVICE??

22/tcp???open|filtered?ssh??

80/tcp???open|filtered?http??

111/tcp??open|filtered?rpcbind??

957/tcp??open|filtered?unknown??

3306/tcp?open|filtered?mysql??

8888/tcp?open|filtered?sun-answerbook??

MAC?Address:?08:00:27:D9:8E:D7?(Cadmus?Computer?Systems)??

Nmap?finished:?1?IP?address?(1?host?up)?scanned?in?1.584?seconds??

You?have?new?mail?in?/var/spool/mail/root??

以上就是NMAP的基本使用，我會在第二部分帶來NMAP更多的創意選項。至此，敬請關注我們，不要忘記分享您的寶貴意見。

轉載于:https://www.cnblogs.com/gaoyuechen/p/7490869.html

總結

以上是生活随笔為你收集整理的namp命令详解的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇：穷游网：这里有一个包含十二年用户体验妙计
下一篇：获取height固定折叠元素真实高度方法