Nmap即网络映射器对Linux系统/网络管理员来说是一个开源且非常通用的工具。Nmap用于在远程机器上探测网络,执行安全扫描,网络审计和搜寻开放端口。它会扫描远程在线主机,该主机的操作系统,包过滤器和开放的端口。
我将用两个不同的部分来涵盖大部分NMAP的使用方法,这是nmap关键的第一部分。在下面的设置中,我使用两台已关闭防火墙的服务器来测试Nmap命令的工作情况。
192.168.0.100 – server1.tecmint.com
192.168.0.101 – server2.tecmint.com
NMAP命令用法
# nmap [Scan Type(s)] [Options] {target specification}
如何在Linux下安装NMAP
现在大部分Linux的发行版本像Red Hat,CentOS,Fedoro,Debian和Ubuntu在其默认的软件包管理库(即Yum 和 APT)中都自带了Nmap,这两种工具都用于安装和管理软件包和更新。在发行版上安装Nmap具体使用如下命令。
# yum install nmap [on Red Hat based systems]$ sudo apt-get install nmap [on Debian based systems]
一旦你安装了最新的nmap应用程序,你就可以按照本文中提供的示例说明来操作。
1. 用主机名和IP地址扫描系统
Nmap工具提供各种方法来扫描系统。在这个例子中,我使用server2.tecmint.com主机名来扫描系统找出该系统上所有开放的端口,服务和MAC地址。
使用主机名扫描
[root@server1 ~]# nmap server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 ESTInteresting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
You have new mail in /var/spool/mail/root
使用IP地址扫描
[root@server1 ~]# nmap 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 ESTInteresting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind958/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root
2.扫描使用“-v”选项
你可以看到下面的命令使用“ -v “选项后给出了远程机器更详细的信息。
[root@server1 ~]# nmap -v server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 ESTInitiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43Discovered open port 22/tcp on 192.168.0.101Discovered open port 80/tcp on 192.168.0.101Discovered open port 8888/tcp on 192.168.0.101Discovered open port 111/tcp on 192.168.0.101Discovered open port 3306/tcp on 192.168.0.101Discovered open port 957/tcp on 192.168.0.101The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
3.扫描多台主机
你可以简单的在Nmap命令后加上多个IP地址或主机名来扫描多台主机。
[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 ESTInteresting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4.扫描整个子网
你可以使用*通配符来扫描整个子网或某个范围的IP地址。
[root@server1 ~]# nmap 192.168.0.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 ESTInteresting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT STATE SERVICE22/tcp open ssh111/tcp open rpcbind851/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root
从上面的输出可以看到,nmap扫描了整个子网,给出了网络中当前网络中在线主机的信息。
