NMap, that is, Network Mapper, is a network scanning and sniffing tool kit under Linux, which has three basic functions, first to detect a group of hosts are online; followed by the host port scanning service network, sniffer provided; also inference operations used by the host system . LAN Nmap can be used to scan only two nodes, until more than 500 nodes in the network. Nmap also allows users to customize scanning techniques. Typically, a simple operation using the ICMP ping protocol to meet the general requirements; may detect UDP or TCP port depth, until used by the host operating system; all further detection result to the log may be recorded in various formats, for further analysis operations.
Ping for scanning, printing out the host responds to the scan, no further testing (e.g., port scanning or OS detection):
nmap -sP 192.168.1.0/24
Only lists each host on the specified network does not send any message to the target host:
nmap -sL 192.168.1.0/24
Probe target hosts open port can specify a list of ports separated by commas (e.g. -PS22,23,25,80):
nmap -PS 192.168.1.234
Use UDP ping probe host:
nmap -PU 192.168.1.0/24
The most frequently used scanning options: SYN scan, also known as semi-open scanning, it does not open a full TCP connection, execute quickly:
nmap -sS 192.168.1.0/24
When SYN scan can not be used, TCP Connect () scan is the default TCP scan:
nmap -sT 192.168.1.0/24
UDP -sU scanning option, UDP scanning sending an empty (no data) UDP header to each target port:
Nmap -sU 192.168.1.0/24
Determining a target machine which supports IP protocol (TCP, ICMP, IGMP, etc.):
nmap -sO 192.168.1.19
Detecting the operating system of the target host:
Nmap -You 192.168.1.19
nmap -A 192.168.1.19
In addition, nmap official document examples:
nmap -v scanme.nmap.org
All reserved TCP port scan the host scanme.nmap.org in this option. -V option to enable the detail mode.
nmap -sS -O scanme.nmap.org/24
Secret SYN scan, where the object is a host Saznme "C class" network of 255 hosts. While trying to determine the type of operating system each working host. Because carried SYN scan and OS detection, the scan need to have root privileges.
nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127
TCP and a host include scanning the object class B 188.116 segment 255 8-bit subnet. This test is used to determine whether the system is running sshd, DNS, imapd or 4564 port. If these ports are open, version detection is used to determine which application is running.
nmap -v -iR 100000 -P0 -p 80
100,000 randomly selected hosts scanning is running a Web server (port 80). Sent by the initial stage of probe packets to determine whether the host is working very wasteful of time and only detect the host of a port, so using -P0 prohibited list of hosts.
nmap -P0 -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20
Scan 4096 IP addresses, to find a Web server (not ping), to save the results Grep and XML format.
host -l company.com | cut -d -f 4 | nmap -v -iL -
A DNS zone transfer to find the host company.com, then the IP address to Nmap. The above command for GNU nux - have different command systems for other transmission area.
other options:
-p (only scan the specified port)
Single port and port range (e.g., 1-1023) represented by the hyphen can. When scanning both TCP port and a UDP port scan, the port number can be before adding T: or U: Specifies the protocol. Agreement is valid until the specified qualifier another. For example, the parameter -p U: 53,111,137, T: 21-25,80,139,8080 scan UDP ports 53,111, and 137, while the TCP port scan lists.
-F (Fast (limited port) scan)