Linux安全工具应用之NMAP--网络探测和安全扫描

 系统环境：Redhat AS 5.0

一、下载NMAP程序
         目前最新版下载地址：http://nmap.org/dist/nmap-6.25.tgz
二、安装NMAP
1、缺少相关组件
         [root@localhost Server]# rpm -ivh libstdc++-
         [root@localhost download]# tar -xzvf nmap-6.25.tgz 
2、安装
       [root@localhost nmap-6.25]# ./configure 
       [root@localhost nmap-6.25]# make
       [root@localhost nmap-6.25]# make install
三、扫描活动的主机
1、[root@localhost nmap-6.25]# nmap -sP 192.168.1.0/24

Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-20 18:46 CST

Warning: File ./nmap-payloads exists, but Nmap is using /usr/local/bin/../share/nmap/nmap-payloads for security and consistency reasons.  set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too).

Nmap scan report for 192.168.1.1

Host is up (0.0021s latency).

MAC Address: 5C:63:BF:E0:20:C4 (Tp-link Technologies CO.)

Nmap scan report for 192.168.1.100

Host is up.

Nmap scan report for 192.168.1.102

Host is up (0.0016s latency).

MAC Address: DC:85:DE:97:61:F5 (Unknown)

Nmap scan report for 192.168.1.104

Host is up (0.089s latency).

MAC Address: 00:1F:E1:44:09:A6 (Hon Hai Precision Ind. Co.)

Nmap done: 256 IP addresses (4 hosts up) scanned in 3.77 seconds
2、端口扫描--截取部分扫描结果

[root@localhost nmap-6.25]# nmap -v -sT 192.168.1.0/24

Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-20 18:48 CST

Warning: File ./nmap-services exists, but Nmap is using /usr/local/bin/../share/nmap/nmap-services for security and consistency reasons.  set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too).

Initiating ARP Ping Scan at 18:48

Scanning 100 hosts [1 port/host]

Completed ARP Ping Scan at 18:48, 1.55s elapsed (100 total hosts)

Initiating Parallel DNS resolution of 100 hosts. at 18:48

Completed Parallel DNS resolution of 100 hosts. at 18:48, 0.04s elapsed

Nmap scan report for 192.168.1.0 [host down]

Nmap scan report for 192.168.1.2 [host down]

Nmap scan report for 192.168.1.3 [host down]

Nmap scan report for 192.168.1.4 [host down]
.....................

Initiating Parallel DNS resolution of 1 host. at 18:48

Completed Parallel DNS resolution of 1 host. at 18:48, 0.03s elapsed

Initiating Connect Scan at 18:48

Scanning 192.168.1.1 [1000 ports]

Discovered open port 80/tcp on 192.168.1.1

Discovered open port 1900/tcp on 192.168.1.1

Completed Connect Scan at 18:48, 10.33s elapsed (1000 total ports)

Nmap scan report for 192.168.1.1

Host is up (0.022s latency).

Not shown: 955 filtered ports, 43 closed ports

PORT     STATE SERVICE

80/tcp   open  http

1900/tcp open  upnp

MAC Address: 5C:63:BF:E0:20:C4 (Tp-link Technologies CO.)

Initiating ARP Ping Scan at 18:48

Scanning 155 hosts [1 port/host]

Completed ARP Ping Scan at 18:48, 2.98s elapsed (155 total hosts)

Initiating Parallel DNS resolution of 155 hosts. at 18:48

Completed Parallel DNS resolution of 155 hosts. at 18:48, 0.04s elapsed

Nmap scan report for 192.168.1.101 [host down]

Initiating Connect Scan at 18:48

Scanning 192.168.1.100 [1000 ports]

Discovered open port 111/tcp on 192.168.1.100

Discovered open port 22/tcp on 192.168.1.100

Discovered open port 666/tcp on 192.168.1.100

Completed Connect Scan at 18:48, 0.04s elapsed (1000 total ports)

Nmap scan report for 192.168.1.100

Host is up (0.00079s latency).

Not shown: 997 closed ports

PORT    STATE SERVICE

22/tcp  open  ssh

111/tcp open  rpcbind

666/tcp open  doom

Nmap scan report for 192.168.1.103 [host down]

Nmap scan report for 192.168.1.105 [host down]

Nmap scan report for 192.168.1.106 [host down]

Nmap scan report for 192.168.1.107 [host down]
.................
Initiating Connect Scan at 18:48

Scanning 2 hosts [1000 ports/host]

Discovered open port 135/tcp on 192.168.1.102

Discovered open port 135/tcp on 192.168.1.104

Discovered open port 445/tcp on 192.168.1.104

Discovered open port 139/tcp on 192.168.1.104

Discovered open port 445/tcp on 192.168.1.102

Discovered open port 139/tcp on 192.168.1.102

Completed Connect Scan against 192.168.1.104 in 1.75s (1 host left)

Discovered open port 902/tcp on 192.168.1.102

Discovered open port 5357/tcp on 192.168.1.102

Discovered open port 912/tcp on 192.168.1.102

Completed Connect Scan at 18:48, 4.15s elapsed (2000 total ports)

Nmap scan report for 192.168.1.102

Host is up (0.00056s latency).

Not shown: 994 filtered ports

PORT     STATE SERVICE

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

902/tcp  open  iss-realsecure

912/tcp  open  apex-mesh

5357/tcp open  wsdapi

MAC Address: DC:85:DE:97:61:F5 (Unknown)

Nmap scan report for 192.168.1.104

Host is up (0.023s latency).

Not shown: 997 closed ports

PORT    STATE SERVICE

135/tcp open  msrpc

139/tcp open  netbios-ssn

445/tcp open  microsoft-ds

MAC Address: 00:1F:E1:44:09:A6 (Hon Hai Precision Ind. Co.)

Read data files from: /usr/local/bin/../share/nmap

Nmap done: 256 IP addresses (4 hosts up) scanned in 19.24 seconds

           Raw packets sent: 511 (14.308KB) | Rcvd: 6 (168B)
3、判断主机的操作系统

[root@localhost ~]# nmap -O 192.168.1.1

Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-20 19:02 CST