nmap使用方法

1. 全面扫描

root@kali:~# nmap -A ip

2. 扫描指定网段

root@kali:~# nmap 172.16.22.1-200

3. nmap参数

无ping模式适用于防火墙禁ping的情况

root@kali:~# nmap -p06,17,2 --packet-trace scanme.nmap.org  #指定使用TCP、UDP、IGMP协议向目标主机发送包并判断主机是否在线

-p0 无ping扫描

6代表TCP协议 1代表ICMP协议 2 代表IGMP 17代表UDP

Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-21 04:35 EDT

SENT (0.9995s) ICMP [192.168.116.128 > 45.33.32.156 Echo request (type=8/code=0) id=11023 seq=0] IP [ttl=40 id=30809 iplen=28 ]

SENT (0.9997s) TCP 192.168.116.128:34800 > 45.33.32.156:443 S ttl=54 id=17173 iplen=44  seq=2655445400 win=1024 <mss 1460>

SENT (0.9998s) TCP 192.168.116.128:34800 > 45.33.32.156:80 A ttl=58 id=27113 iplen=40  seq=0 win=1024

SENT (0.9999s) ICMP [192.168.116.128 > 45.33.32.156 Timestamp request (type=13/code=0) id=65228 seq=0 orig=0 recv=0 trans=0] IP [ttl=38 id=25721 iplen=40 ]

RCVD (1.0004s) TCP 45.33.32.156:80 > 192.168.116.128:34800 R ttl=128 id=38954 iplen=40  seq=2655445400 win=32767

NSOCK INFO [1.0300s] nsock_iod_new2(): nsock_iod_new (IOD #1)

NSOCK INFO [1.0300s] nsock_connect_udp(): UDP connection requested to 192.168.116.2:53 (IOD #1) EID 8

NSOCK INFO [1.0300s] nsock_read(): Read request from IOD #1 [192.168.116.2:53] (timeout: -1ms) EID 18

NSOCK INFO [1.0300s] nsock_write(): Write request for 43 bytes to IOD #1 EID 27 [192.168.116.2:53]

NSOCK INFO [1.0300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [192.168.116.2:53]

NSOCK INFO [1.0300s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [192.168.116.2:53]

NSOCK INFO [2.0090s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [192.168.116.2:53] (72 bytes): .............156.32.33.45.in-addr.arpa..................scanme.nmap.org.

NSOCK INFO [2.0090s] nsock_read(): Read request from IOD #1 [192.168.116.2:53] (timeout: -1ms) EID 34

NSOCK INFO [2.0090s] nsock_iod_delete(): nsock_iod_delete (IOD #1)

NSOCK INFO [2.0090s] nevent_delete(): nevent_delete on event #34 (type READ)

SENT (2.0423s) TCP 192.168.116.128:35056 > 45.33.32.156:17 S ttl=54 id=57402 iplen=44  seq=947014150 win=1024 <mss 1460>

SENT (2.0425s) TCP 192.168.116.128:35056 > 45.33.32.156:6 S ttl=56 id=7594 iplen=44  seq=947014150 win=1024 <mss 1460>

SENT (2.0428s) TCP 192.168.116.128:35056 > 45.33.32.156:2 S ttl=48 id=17246 iplen=44  seq=947014150 win=1024 <mss 1460>

RCVD (2.5362s) TCP 45.33.32.156:443 > 192.168.116.128:34800 RA ttl=128 id=38957 iplen=40  seq=1360409314 win=64240

SENT (3.1444s) TCP 192.168.116.128:35057 > 45.33.32.156:2 S ttl=55 id=41429 iplen=44  seq=947079687 win=1024 <mss 1460>

SENT (3.1451s) TCP 192.168.116.128:35057 > 45.33.32.156:6 S ttl=39 id=55819 iplen=44  seq=947079687 win=1024 <mss 1460>

SENT (3.1463s) TCP 192.168.116.128:35057 > 45.33.32.156:17 S ttl=37 id=60473 iplen=44  seq=947079687 win=1024 <mss 1460>

Nmap scan report for scanme.nmap.org (45.33.32.156)

Host is up (0.00070s latency).

Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f

PORT  STATE    SERVICE

2/tcp  filtered compressnet

6/tcp  filtered unknown

17/tcp filtered qotd

Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds

---

4. nmap时序选项

root@kali:~# nmap -T3 172.16.22.76