Nmap ( "Network Mapper") is an open source tool for network exploration and security auditing. It is designed to quickly scan large networks, although it is running on a single host good.
NMAP is a popular network scanning and sniffing tool is a powerful security assessment tools like port scanning, is widely used in security scanning, nmap is a handy network tool in the production and development are often used, mainly do open ports detection and viewing information collection and other local area network, different Linux distributions package management generally with nmap tool, go to the official website to download the source code here select package compiled and installed, nmap official website Yes: HTTPS: // NAMP. ORG .
Nmap supports running under Windows, Unix / Linux and MAC OS platforms. Its design goal is to rapidly scan large networks, of course, use it to scan a single host no problem. Nmap novel way to use raw IP packets to detect which host on the network, those hosts to provide what services (application name and version) those services running on what operating system (including version information), they use what types of packets filters / firewalls, and a bunch of other functions.
Installation under Linux:
method 1:
Ubuntu Linux using apt-get install nmap can be installed directly nmap. LaMont Jones Nmap maintains a deb package. Stable version http://packages.debian.org/stable/nmap , development version (unstable) in http://packages.debian.org/unstable/nmap and http: //packages.debian. ORG / unstable / Zenmap .
Method 2:
Method 3:
Another way is to download nmap RPM format package, and then use the tool to he converted into alien debian package, then dpkg tool mounting.
Proceed as follows:
1.安装 alien do apt-get install alien
2. Download Nmap RPMs from https://nmap.org/download.html . Used here nmap-7.80-1.x86_64.rpm
3. Verify download integrity, reference: https://nmap.org/book/install.html#inst-integrity
4. Conversion sudo alien nmap-7.80-1.x86_64.rpm
5. Installation sudo dpkg --install nmap_7.80-1_amd64.deb
Method 4:
Detecting whether the installation was successful:
Attachment:
Linux RPM source and binary files
rpm -vhU https://nmap.org/dist/nmap-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/zenmap-7.80-1.noarch.rpm
rpm -vhU https: / /nmap.org/dist/ncat-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/nping-0.7.80-1.x86_64.rpm
You can also download and install your own RPM:
The latest stable version:
x86-64 (64-bit-Linux) Nmap RPM: nmap-7.80-1.x86_64.rpm
x86-64 (64-bit-Linux) Ncat RPM: NCAT-7.80-1.x86_64.rpm
x86-64 ( Linux-bit 64-) NPing RPM: NPing-0.7.80-1.x86_64.rpm
optional Zenmap the GUI (all platforms): Zenmap-7.80-1.noarch.rpm
RPM source (including Nmap, Zenmap, Ncat and Nping) : nmap-7.80-1.src.rpm
Use Nmap:
The syntax and type of scan
Command Format
nmap [Scan Type] [options] <scan target ...>
Wherein the scan target may be a host name, ip address or network address, a plurality of targets separated by a space; common options are "-p", "- n", are used to specify the port scan, prohibiting reverse analysis ( to speed up the scanning speed); scan type determines the way of scanning, but also directly affect the results of the scan.
Several commonly used sweep the surface types:
- -sS, TCP SYN scan (half-open scanning): issue SYN packets only to the target, if the received SYN / ACK response packet is considered the target port is listening, and disconnect immediately; otherwise think the destination port is not open.
- -sT, TCP connect scan: This complete TCP scan mode, used to establish a TCP connection is considered successful if the target port is listening service, or that the target port is not open.
- -sF, TCP FIN scanning: open ports ignore this data packet, closed port will respond to RST packet. Many firewalls only a simple SYN packet filtering, while ignoring other forms of attack TCP packet. This type of scanning may be indirectly detectable firewall robustness.
- -sU, UDP scan: UDP probe target hosts which provide the service, UDP scanning speed will be slower.
- -sP, ICMP scanning: similar to ping testing, to quickly determine the target host is alive, do not do other scans.
- -P0, skip the ping test: in this way that all target host is alive, and when they do not respond to ICMP requests can be avoided by using this method can not ping give up scanning.
Examples
* Scan for the machine, which used to detect open TCP port, UDP port
Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds
As shown below:
Scan results, if the STATE column is open, said open state, may be represented as a firewall filtering filtered, the port is closed in a closed state.
* Detection 192.168.10.0/24 network segment which hosts provide FTP services
nmap -p 21 192.168.10.0/24
* Rapid detection 192.168.10.0/24 network segment in which the survival of the host (can ping)
nmap -n -sP 192.168.10.0/24
* IP address is detected host 192.168.10.100 ~ 200 of file sharing is turned on
nmap -p 139,445 192.168.10.100-200
Here, the basic usage of nmap tool:
Scan particular host: #nmap 192.168.1.2
scanning the entire subnet: #nmap 192.168.1.1/24
scanning a plurality of targets: #nmap 192.168.1.2 192.168.1.5
scanning within a range of the host: #nmap 192.168.1.1-100 (IP scan All the host addresses within 192.168.1.1-192.168.1.100)
transmits a ping packet to a target two: #nmap -sn -PE -c 2 --send- ip 192.168.1.1