Nmap is a very useful network connection scanning software for Linux, Windows, Mac three major platforms. Used to scan your computer online open network connection. Determine which services to run in what connection, and infers which computer is running the operating system (which is also known as fingerprinting). It is one of the network administrator will use the software, as well as to assess the network security system.
Software name Network Mapper Nmap is short. Nmap was originally developed by Fyodor created in 1997. Then in the many open-source community volunteers, the tool has become one of the most popular security essential tool. Official website is: www.nmap.org .
Under normal circumstances, Nmap for listing web hosts list management service upgrade scheduling, monitoring host or service operating conditions. Nmap can detect the target machine is online, the port is open, the detection operation of the service type and version, operating system detects the device type and other information.
# yum install nmap
The findings are not the latest version, and upgrade it and see, can not find a direct upgrade. I had to uninstall yum directly.
According to the official documentation rpm install the latest version of nmap
Successful installation
Check local port open case
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
Nmap includes four basic functions:
- Host found (Host Discovery)
- Port scan (Port Scanning)
- Version detection (Version Detection)
- OS detection (Operating System Detection)
And between these four functions, and there (typically in sequential relationship, but for special applications additional consideration) substantially dependencies, you first need to find a host, and then determining the status of the port, and then determine the specific application running on the port and version information, then the operating system can be detected. And on the basis of these four functions on, nmap also offers tips to circumvent the firewall and IDS, integrated use of the four basic functions of the various stages. In addition nmap also offers powerful NSE (Nmap Scripting Language) scripting engine features, scripts can complement and extend the basic functionality.
Some nmap parameters and their significance
nmap -iflist: See local host interfaces and routing information
-A: option is used offensive scanned
-T4: scanning timing specified use, total six levels (0-5), the higher the level, the scan faster, but also likely to be a firewall or IDS detection and masked recommended T4 in good condition communications network situation
-oX test.xml: scan results generated test.xml file, if interrupted, the result is not hit open
-oA test.xml: scan results generated test.xml file, after the interruption, the results can be saved
-oG test.txt: scan results generated test.txt file
-sn: host only be found, not a port scan
- O: Specifies the Nmap version scanning system
-sV: specify that the service performed Nmap version scanning
-p <port ranges>: scan the specified port
-sS / sT / sA / sW / sM: Specifies TCP SYN / Connect () / ACK / Window / Maimon scans a manner to scan the target host
-sU: Specifies UDP port scanning condition determining UDP destination host
-script <script name>: specify scan script
-Pn: no ping scanning
-sP: with ping determining whether the scan host memory Only the host survival, nmap will continue to scan, generally best not to add, because some hosts will prohibit the ping
-PI: Set this option to use nmap true ping (ICMP echo request) to scan if the target host is running.
-iL a.txt: destination address batch scanning of a.txt
-sL: List Scan scanning the list, only the specified IP targets listed, not the host found
-sY / sZ: using SCTP INIT / COOKIE-ECHO to scan open case of SCTP port
-sO: scanning using the IP protocol targeting the supported protocol type
-PO: the use of IP protocol packets to detect whether the other host open
-PE / PP / PM: use ICMP echo, ICMP timestamp, ICMP netmask discovery request packet host
-PS / PA / PU / PY: use TCP SYN / TCP ACK or SCTP INIT / ECHO manner found
-sN / sF / sX: Specifies TCP Null, FIN, and Xmas scans help detect stealth scan mode to the other side of the TCP port status
-e eth0: Specifies eth0 network card detection
-f: --mtu <val>: Specifies . MTU fragments, specified packets
-b <FTP relay host>: FTP bounce scan using scanning
-g: Specifies the port number transmitted
-r: a random port operation is not disrupted (e.g., without this parameter, will nmap to be scanned port scan order in a random manner, to allow nmap scanning is not easily detected by the other firewall)
-v represents redundant information display, detail display scanned during the scanning process, so that the user understand the current scan state
-n: It means no DNS resolution;
-D <decoy1, decoy2 [, ME], ...>: hide the true address of a set of IP addresses, wherein the own IP address filled ME
-R: means always DNS resolution.
-F: fast mode, only the scan TOP 100 port
-S <IP_Address>: impersonate another IP address
--ttl <val>: Set time-to-live time
--badsum: transmitting data packets with incorrect Checksum ( normally, this type of data is discarded, if received a reply, reply from the firewall description or the IDS / the IPS)
- DNS-servers: specify a DNS server
--system-dns: Specifies the DNS server using the system
--traceroute: track each routing node
--scanflags <flags>: flags custom TCP packet
--top-ports <number>: scan for open ports highest probability number
--port-ratio <ratio>: Scan ports more than the specified frequency. Similar to the above --top-ports, where the probability as a parameter
--version-trace: shows the detailed version information of the monitoring process
--osscan-limit: limit of detection Nmap only determined by the host OS (at least need to ensure the hosts are known to have an open and a closed port)
--osscan-gUESS: bold speculation other types of host systems. Thus the accuracy will drop a lot, but as much as possible to provide users with potential operating system
--data-length <num>: let the random data to fill the packet length to reach the Num
--ip-Options <Options>: Use specified option to send an IP packet
--spoof-mac <mac address / prefix / vendor name>: camouflage MAC address
--version-intensity <level>: detecting the intensity of the specified version (0-9), the default is 7. The higher the value, the more accurately detect the service, but the running time will be longer.
--version-light: Specifies lightweight detection methods (Intensity 2)
--version-All: Try using probes for detecting all (Intensity. 9)
--version the trace-: shows the detailed version information detection process
Nmap powerful, we use it carefully pondering.