歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux綜合 >> Linux命令

給Linux系統/網絡管理員准備的Nmap命令的29個實用范例

NmapLinux命令

  Nmap網絡映射器對Linux系統/網絡管理員來說是一個開源且非常通用的工具。Nmap用於在遠程機器上探測網絡,執行安全掃描,網絡審計和搜尋開放端口。它會掃描遠程在線主機,該主機的操作系統,包過濾器和開放的端口。

  我將用兩個不同的部分來涵蓋大部分NMAP的使用方法,這是nmap關鍵的第一部分。在下面的設置中,我使用兩台已關閉防火牆的服務器來測試Nmap命令的工作情況。

  1. 192.168.0.100 – server1.tecmint.com
  2. 192.168.0.101 – server2.tecmint.com

  NMAP命令用法

# nmap [Scan Type(s)] [Options] {target specification}

  如何在Linux下安裝NMAP

  現在大部分Linux的發行版本像Red Hat,CentOS,Fedoro,DebianUbuntu在其默認的軟件包管理庫(即Yum 和 APT)中都自帶了Nmap這兩種工具都用於安裝和管理軟件包和更新。在發行版上安裝Nmap具體使用如下命令。

# yum install nmap		[on Red Hat based systems]
$ sudo apt-get install nmap	[on Debian based systems]

  一旦你安裝了最新的nmap應用程序,你就可以按照本文中提供的示例說明來操作。

  1. 用主機名和IP地址掃描系統

  Nmap工具提供各種方法來掃描系統。在這個例子中,我使用server2.tecmint.com主機名來掃描系統找出該系統上所有開放的端口,服務和MAC地址。

  使用主機名掃描

[root@server1 ~]# nmap server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
You have new mail in /var/spool/mail/root

  使用IP地址掃描

[root@server1 ~]# nmap 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
958/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root

  2.掃描使用“-v”選項

  你可以看到下面的命令使用“ -v “選項後給出了遠程機器更詳細的信息。

[root@server1 ~]# nmap -v server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
               Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)

  3.掃描多台主機

  你可以簡單的在Nmap命令後加上多個IP地址或主機名來掃描多台主機。

[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds

  4.掃描整個子網

  你可以使用*通配符來掃描整個子網或某個范圍的IP地址。

[root@server1 ~]# nmap 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST
Interesting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
851/tcp open  unknown

Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root

  從上面的輸出可以看到,nmap掃描了整個子網,給出了網絡當前網絡中在線主機的信息。

  5.使用IP地址的最後一個字節掃描多台服務器

  你可以簡單的指定IP地址的最後一個字節來對多個IP地址進行掃描。例如,我在下面執行中掃描了IP地址192.168.0.101,192.168.0.102和192.168.0.103。

[root@server1 ~]# nmap 192.168.0.101,102,103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds
You have new mail in /var/spool/mail/root

  6. 從一個文件中掃描主機列表

  如果你有多台主機需要掃描且所有主機信息都寫在一個文件中,那麼你可以直接讓nmap讀取該文件來執行掃描,讓我們來看看如何做到這一點。

  創建一個名為“nmaptest.txt ”的文本文件,並定義所有你想要掃描的服務器IP地址或主機名。

[root@server1 ~]# cat > nmaptest.txt

localhost
server2.tecmint.com
192.168.0.101

  接下來運行帶“iL” 選項的nmap命令來掃描文件中列出的所有IP地址。

[root@server1 ~]# nmap -iL nmaptest.txt

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind
631/tcp open  ipp
857/tcp open  unknown

Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
958/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
958/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
Copyright © Linux教程網 All Rights Reserved