nmap主机发现

上节课我们已经介绍了nmap的安装使用方法,这节课我们来看下如何使用nmap

1. ping 扫描 选项参数 -sP 可以显示出在线主机,然后回显做出相应的主机. 优点: 使用ping扫描,可以轻易的获取目标信息而不会被轻易发现.也不会返回太多的信息造成对分析的干扰.

[root@xinsz08 ~]# nmap -sP 192.168.1.102/24 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 12:37 CST Nmap scan report for 192.168.1.1 Host is up (0.011s latency). MAC Address: 1C:60:DE:BE:D6:38 (Shenzhen Mercury Communication Technologies) Nmap scan report for 192.168.1.104 #发现存活主机104 Host is up (0.00010s latency). #确定当前主机是存活的 MAC Address: 7A:20:0B:97:C8:FC (Unknown) #主机的MAC地址 Nmap scan report for 192.168.1.105 Host is up (0.000082s latency). MAC Address: 00:0C:29:23:88:15 (VMware) Nmap scan report for 192.168.1.102 Host is up. Nmap done: 256 IP addresses (4 hosts up) scanned in 2.10 seconds

2.无ping扫描

如果对方开启了防火墙,有时候我们需要在防火墙禁止ping的情况下,确定正在运行的主机

参数选项:

-P0 可以穿透防火墙,也尽可能的避免被防火墙发现

注意: 第二个不是字母,而是数字0

[root@xinsz08 ~]# nmap -P0 192.168.1.104 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 12:48 CST Nmap scan report for 192.168.1.104 Host is up (0.00021s latency). Not shown: 991 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 2869/tcp open icslap 3306/tcp open mysql 5357/tcp open wsdapi MAC Address: 7A:20:0B:97:C8:FC (Unknown) Nmap done: 1 IP address (1 host up) scanned in 1.45 seconds 一般情况下我们也会指定nmap协议, 如果不指定 nmap默认使用协议1,2,4

关于nmap的协议如下:

1. TCP :对应协议编号为6
2. ICMP:对应协议编号为1
3. IGMP:对应协议编号为2
4. UDP:对应协议编号为17

所以我们可以指定协议向目标主机发包确定目标主机是否在线

[root@xinsz08 ~]# nmap -P06,17,2 baidu.com Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 12:56 CST Nmap scan report for baidu.com (111.13.101.208) Host is up (0.030s latency). Other addresses for baidu.com (not scanned): 220.181.57.217 123.125.114.144 Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 4.60 seconds

3.路由跟踪

使用--traceroute 进行路由跟踪,通过这个选项可以轻松的查出从本地计算机到目标主机之间所经过的网络节点.

[root@xinsz08 ~]# nmap --traceroute -v www.baidu.com Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 14:03 CST Initiating Ping Scan at 14:03 Scanning www.baidu.com (119.75.216.20) [4 ports]

#此处解析出百度服务器地址

Completed Ping Scan at 14:03, 0.05s elapsed (1 total hosts) (省略部分文字) Nmap scan report for www.baidu.com (119.75.216.20) Host is up (0.0092s latency). Other addresses for www.baidu.com (not scanned): 119.75.213.61 Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https TRACEROUTE (using port 80/tcp)

#经过百度服务器80端口

HOP RTT ADDRESS 1 1.92 ms 192.168.1.1 2 3.42 ms 100.83.48.1 3 6.30 ms 10.128.130.36 4 6.12 ms 10.128.130.41 5 4.80 ms 10.11.68.1 6 8.60 ms 103.216.40.11 7 ... 9 10 5.29 ms 119.75.216.20 Nmap done: 1 IP address (1 host up) scanned in 7.29 seconds Raw packets sent: 2021 (88.900KB) | Rcvd: 13 (660B)

总结: nmap对于主机存活发现的方法还有很多,在这里我们列举了三个,在日常工作中使用任意一个即可.