(轉)使用NMAP工具掃描端口

原文：http://www.linuxde.net/2013/02/12354.html

nmap 是一個用於網絡探索或安全評測的工具。它支持 ping 掃描（判定哪些主機在運行），多端口掃描技術（判定主機在提供哪些服務），以及 TCP/ip 指紋（遠程主機操作系統識別）。Nmap 還提供了靈活的目標和端口明細表，掩護掃描，TCP 序列可預測性特點的判定，逆向identd 掃描等等。

注：在NMAP-4.11中，ident逆向掃描已不再支持。（ident協議：用於TCP反向掃描，允許查看TCP連接所對應的進程的屬主用戶。例如，連接到HTTP服務以后，再執行ident掃描，可以發現服務器是否正在以root權限運行。）

NMAP的掃描語法

nmap  [掃描類型]  [選項]  <掃描目標 ...>

常用的掃描類型

• -ss，TCP SYN掃描（半開）
• -sT，TCP 連接掃描（全開）
• -sF，TCP FIN掃描
• -su，UDP掃描
• -sP，ICMP掃描
• -P0，跳過ping檢測

安裝NMAP（我之前看過一個哥們很會動心思，他有個wab網站，但是跑去做安全設置，把ssh端口改的自己不記得了，他后面的解決辦法就是用NMAP掃描出來的.........所以大家可以細細體會一下）

 [root@chenyi ~]# yum install nmap                            #CentOS 6.2 的ISO中自帶NMAP，直接Yum安裝即可！

分別查看本機開放的TCP端口、UDP端口

[root@chenyi ~]# nmap 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:24 CST
Nmap scan report for localhost (127.0.0.1)
host is up (0.000016s latency). Not shown: 998 closed ports PORT STATE service 22/tcp open ssh 25/tcp open smtp Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds [root@chenyi ~]# nmap -sU 127.0.0.1 Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:25 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.000018s latency). Not shown: 999 closed ports PORT STATE SERVICE 5353/udp open|filtered zeroconf Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds 

檢測192.168.1.0/24網段有哪些主機提供ftp服務

[root@chenyi ~]# nmap -p 21 192.168.1.0/24        # -p 選項，指定目標端口

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:29 CST
Nmap scan report for 192.168.1.1
Host is up (0.0035s latency).
PORT   STATE    SERVICE
21/tcp filtered ftp                                #狀態未知，可能被過濾
MAC Address: 00:1F:8F:69:27:53 (Shanghai Bellmann Digital Source Co.)

Nmap scan report for 192.168.1.103
Host is up (0.00099s latency).
PORT   STATE  SERVICE
21/tcp closed ftp
MAC Address: 20:7C:8F:6B:E6:3E (Quanta Microsystems)

Nmap scan report for 192.168.1.108
Host is up (0.0021s latency).
PORT   STATE  SERVICE
21/tcp closed ftp
MAC Address: 88:AE:1D:26:0B:0B (Compal Information(kunshan)co.)

Nmap scan report for 192.168.1.110
Host is up (0.000093s latency).
PORT   STATE  SERVICE
21/tcp closed ftp

Nmap scan report for 192.168.1.210
Host is up (0.0091s latency).
PORT   STATE    SERVICE
21/tcp filtered ftp
MAC Address: 00:0C:29:CC:F3:02 (VMware)

Nmap scan report for 192.168.1.253
Host is up (0.0020s latency).
PORT   STATE    SERVICE
21/tcp filtered ftp
MAC Address: 14:CF:92:47:07:04 (Unknown)

Nmap done: 256 IP addresses (6 hosts up) scanned in 43.93 s<strong>econds</strong>

此時我開啟一個FTP服務器 再次掃描！

.......省略一部分
Nmap scan report for 192.168.1.210
Host is up (0.0010s latency).
PORT   STATE SERVICE
21/tcp open  ftp            #此時21號端口表示是打開的
MAC Address: 00:0C:29:CC:F3:02 (VMware)
.......省略一部分

檢測192.168.1.0/24網段有哪些存活主機     

[root@chenyi ~]# nmap -n -sP 192.168.1.0/24        #-n選項，禁用反向解析

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:40 CST
Nmap scan report for 192.168.1.1
Host is up (0.0031s latency).
MAC Address: 00:1F:8F:69:27:53 (Shanghai Bellmann Digital Source Co.)
Nmap scan report for 192.168.1.103
Host is up (0.00025s latency).
MAC Address: 20:7C:8F:6B:E6:3E (Quanta Microsystems)
Nmap scan report for 192.168.1.108
Host is up (0.0024s latency).
MAC Address: 88:AE:1D:26:0B:0B (Compal Information(kunshan)co.)
Nmap scan report for 192.168.1.110
Host is up.
Nmap scan report for 192.168.1.210
Host is up (0.00037s latency).
MAC Address: 00:0C:29:CC:F3:02 (VMware)
Nmap scan report for 192.168.1.253
Host is up (0.0056s latency).
MAC Address: 14:CF:92:47:07:04 (Unknown)
Nmap done: 256 IP addresses (6 hosts up) scanned in 3.63 seconds