Nmap½Ì³Ìѧϰ±Ê¼Ç
##################################################################################################
### ###
###FX-Ti³öÆ·½Ì³Ì ###
### ###
### Íû´ó¼ÒÖ§³Ö£¡ ###
### ###
### ²ËÄñ·É¹ý£¡ ###
### ###
### QQ£º1290975089###
#################################################
#################################################
Nmap
ɨÃ裺
1.ÍøÂçɨÃè
2.¶Ë¿ÚɨÃè
3.·þÎñÓë°æ±¾Ì½²â
4.²Ù×÷ϵͳ̽²â
¸ß¼¶ÌØÐÔ£º
1.Òþ²ØɨÃèÔ´
2.¼¤»îʱ¼äÌØÐÔ£¨É¨Ã蹤×÷ËÙÂʱ仯£©£¨Õë¶Ô·À»¤É豸¹ýÁ÷Á¿£©
3.ÌӱܷÀ»ðǽ
4.±¨¸æ
TCP/IPÀíÂÛ£º
ÐÒé¾ÍÏñÊÇÒ»ÖÖÌØÊâµÄÓïÑÔ
MACµØַΪӲ¼þµØÖ·
IPµØַΪÂß¼µØÖ·
·ÃÎÊIPµØÖ·»áÏÈÐнøÐÐARP½âÎö
´ý½âÎöµ½ÎïÀíµØÖ·ºóÔÙÐз¢°ü
MACµØַΪ48λ
Ç°24λΪ³§ÉÌID£¨½è´ËÅжÏÉ豸£©
ºó24λΪ³§ÉÌ×ÔÐзÖÅä
Àí½âOSI£º
7.Ó¦Óòã
(Application Layer)
|
6.±íʾ²ã
(Presentation Layer)
|
5.»á»°²ã
(Session Layer)
|
4.´«Êä²ã
(Transport Layer)
|
3.ÍøÂç²ã
(Network Layer)
|
2.Êý¾ÝÁ´Â·²ã
(Data Link Layer)
|
1.ÎïÀí²ã
(Physical Layer)
¡°ÎÒÃǾ³£ÌÖÂÛ7²ãÄ£ÐÍ£¬Õâ¸öÄ£Ð͵ÄÖ÷ÒªÓÃ;¾ÍÊÇÓÃÀ´ÌÖÂÛÕû¸öTCP/IP¹¤×÷ÔÀíµÄ×÷Óõġ£
¶ÔÓÚÕæʵ»·¾³µÄÍøÂ繤³ÌʦÀ´ËµÆäʵÊÇûÓжàÉÙ×÷Óõģ¬ÓÃÀ´½²ÀíÂÛ¡£
ÕæÕý×öÈí¼þʱ¿ÉÄܲ»»áÑϸñ°´ÕÕÕâ¸ö±ê×¼À´ÊµÏÖ£¬Ëü²»¹ýÊÇÒ»¸ö¹æ·¶¡£¡±
1.µäÐÍÉ豸£º¼¯ÏßÆ÷
2.Ö¡£ºÌṩÓÐÐò²¢ÇÒÁ¬ÐøµÄ·½Ê½·¢ËÍÊý¾Ý
Êý¾ÝÁ´Â·²ã£º¹ÜÀíÎïÀíµØÖ·£¬Í¬²½Êý¾Ý°ü£¬Á÷Á¿¼à¿Ø£¬ÎïÀí²ã´íÎóͨ¸æ
µäÐÍÉ豸£º½»»»»ú£º¶þ²ã½»»»»ú½µµÍÁË·¢ËÍÊý¾ÝʱÍøÂçµÄÓµÈû
ÒòΪËü½ö½öÖ»»á°ÑÊý¾Ý·¢Ë͵½Ä¿µÄ¼ÆËã»úËùÁ¬½Óµ½µÄ½Ó¿ÚÉÏ£¬µ¥¶Ë¿Úת·¢
3.ÍøÂç²ã£ºÈý²ãµØַΪÂß¼µØÖ·
ÖØÒªÌص㣺¿É·ÓÉ£º½«É豸¹æ»®³É¸÷ÖÖ²»Í¬µÄÍø¶Î¡¢IP¡¢Â·ÓÉ
µäÐÍÉ豸£ºÂ·ÓÉÆ÷ÓëÈý²ã½»»»»ú
ÈÎÎñ£º1.Âß¼µØÖ·¹æ»®
2.·ÓÉ
4.´«Êä²ã£ºÓÐÔðÈÎÔÚÁ½¸öµãÖ®¼ä´«ÊäÊý¾Ý£¬Î¬»¤Á´Â·
ÌṩÔÚÁ½¸öµã¼äµÄÊý¾Ý´«Ê䣬¹ÜÀíµã¶ÔµãµÄÁ÷Á¿¿ØÖÆ¡¢´íÎó¼ì²â¡¢´íÎó»Ö¸´
Ö÷ÒªÁ½´óÐÒ飺TCP£¨ÃæÏòÁ´½Ó£©¡¢UDP£¨Ã»ÓÐÁ´½Ó£©
ÃæÏòÁ¬½Ó£º
¡°1.´òµç»°¸ø¶Ô·½Í¨ÖªÒª·¢´«ÕæÁË
2.·¢´«Õæ
3.ÒªÇó¶Ô·½ºË²é´«Õ桱
´«Êä²ã¹ÜÀíÂß¼µØÖ·¡ª¡ªPort£¬PortÀàËÆÓÚÒ»¶°´óÂ¥µÄ·¿¼äºÅ£¬¾ö¶¨ÁËÊý¾ÝµÄÈ¥Ïò¡£
ʾÀýµÄ¶Ë¿ÚÁбí
Port ÐÒé ·þÎñÀàÐÍ
80 TCP HTTP
443 TCP HTTPS
53 UDP/TCP DNS
25 TCP SMTP
22 TCP SSH
23 TCP Telnet
20(Êý¾ÝÐŵÀ) TCP FTP
&21(¿ØÖÆÐŵÀ) TCP FTP
135-139/445 TCP/UDP RPC
500 UDP ISAKMP
5060 UDP SIP
123 UDP NTP
5.»á»°²ã£º1.²åÈëÒ»¸ö»á»°²ãµÄÍ·²¿£¬ÔÚÁ½¶Ë¶Ô»°²ã¼äͬ²½Êý¾Ý
2.ÐÉÌÈ«Ë«¹¤Óë°ëË«¹¤
3.ÔÚÁ½¸ö½ø³Ì¼ä½¨Á¢Á¬½Ó
6.±íʾ²ã£º1.ת»»Êý¾Ý/ÐÒéת»»£¬×ª»»ÍøÂçÀàÐÍ£¬ÊÇÍøÂç·þÎñ²Ù×÷ËùÔÚ²ã
2.ѹËõ¡¢¼ÓÃܽâÃÜ
7.Ó¦Óò㣺¸÷ÖÖ¸÷ÑùµÄÓ¦ÓóÌÐò
ÍøÂç¹éÀà
1.OSI
2.DoD
£¨Ó¦ÓÃ/½ø³Ì²ã
Ö÷»úµ½Ö÷»ú²ã
»¥ÁªÍø²ã
ÍøÂç·ÃÎʲã
£©
3.TCP/IP
£¨Ó¦Óòã
´«Êä²ã
»¥ÁªÍø²ã
ÍøÂç
Êý¾ÝÁ´Â·²ã
ÎïÀí²ã
£©
ÒÔÌ«ÍøÖ÷Òª¼¼Êõ
CSMA/CD
È«Ë«¹¤¹¤×÷½éÉÜ£º
Ö÷ÒªÐÒ飺IP¡¢TCP¡¢UDP&ICMP
IPÍ·²¿£º
0481216192431°æ±¾Êײ¿³¤¶È·þÎñÀàÐͳ¤¶ÈÈÏÖ¤±êÖ¾¶ÎÆ«ÒÆÁ¿TTLÐÒéУÑéºÍÔ´IPµØÖ·Ä¿µÄIPµØÖ·Ñ¡Ïî ...
ICMPÍ·²¿£º
ÏûÏ¢ÀàÐÍ×ÓÀàÐÍ´úÂë
УÑéºÍ
ÏûÏ¢±êʶ ¡¡
ÐòÁкš¡
¡¡¡¡¡¡¡¡¡¡¿ÉÑ¡µÄICMPÊý¾Ý½á¹¹
TCPÍ·²¿£º
ÆäÖеı£ÁôλÕý³£À´ËµÊÇûÓÐÓõģ¬µ«ÊÇ¿ÉÒÔΪÈëÇÖÀ´´«ÊäһЩÖØÒªµÄÒþÃØÐÅÏ¢
ͬʱ·À»ðǽ¶ÔÓÚ±£Áôλͨ³£À´ËµÒ²ÊÇÓÐÒ»¶¨µÄ·À»¤
Èý´ÎÎÕÊÖ£º
SYN
SYN-ACK
ACK
ËÄ´ÎFN½»»»£º
FIN+ACK
ACK
FIN+ACK
ACK
RSTÒì³£ÖÕÖ¹
UDPÍ·²¿£º
ÍøÂçɨÃ裺
1.Ö÷»úɨÃè
¼¼ÊõÀàÐÍ£º
1.ICMP ECHO Request
2.ICMP Timestamp
3.ICMP Address Mask Request
4.TCP Ping ·¢TCP SYN»òTCP ACK°ü
5.UDP Ping Èç¹ûû¿ª¶Ë¿Ú£¬·þÎñÆ÷»á»ØICMP Port Unreachable£¬¿ªÁË·´µ¹²»»Ø
2.¶Ë¿Ú·þÎñɨÃè
¼¼ÊõÀàÐÍ£º
1.Á¬½ÓɨÃ裨ÈÝÒ×±»¼Ç¼£©£ºÕý¾Íê³ÉÈý´ÎÎÕÊÖÔÙÒì³£ÖÕÖ¹
2.°ë¿ªÉ¨Ã裨Ö÷Òª£¬ÎÞ·¨ÌÓ±ÜIPS¼ì²â£©£ºSYN->|<-SYN-ACK|RST->
3.ÒþÃØɨÃ裺SYN-ACK/FIN/ACK/NULL/XMAS
3.²Ù×÷ϵͳ̽²â
¼¼Êõ£ºÌ½²â´°¿Ú´óС¡¢³õʼ»¯ÐòÁкÅ
4ÌÓ±Ü
¼¼ÊõÀàÐÍ
1.ÂýËÙɨÃè
2.·ÖƬ£ºÆ¾½èÖÚ¶àµÄ·ÖƬÍÏ¿åIPSµÄ»º´æ
3.ÆÛÆ£ºÎ±×°ÖÚ¶àÖ÷»ú½øÐÐɨÃè
4.Ö¸¶¨Ô´¶Ë¿Ú
5.Ö¸¶¨IPÑ¡Ïî
ɨÃèµÄÓÃ;£º
1.°²È«Éó¼Æ
2.¼æÈÝÐÔ²âÊÔ
3.×ʲú¹ÜÀí
4.ÓòÄÚÉ豸Çåµ¥
NmapµÄÀúÊ·
NmapÓÚ1997±»Éè¼Æ
³öÃûÓÚ¡¶ºÚ¿ÍµÛ¹ú¡·
¡¶ºÚ¿ÍµÛ¹ú¡·ÖÐɨÃè³öÁËSSH¶Ë¿Ú·þÎñ£¬½èÓɺڿ͹¤¾ß»ñÈ¡ÁËRootȨÏÞ
NmapÔÚSP2ºó×ö³öÁ˺ܶàµÄ¸Ä±äÀ´Ó¦¸¶OS¡¢IPSµÄ±ä»¯
ÄÚ²¿¼ì²âÓÃ;£º
1.²âÊÔ·À»ðǽµÄ¿ª·Å¶Ë¿Ú
2.¶Ô¹¤×÷Õ¾IPµØÖ·½øÐÐɨÃ裬¾ö¶¨ÊÇ·ñÈκÎδÊÚȨµÄÍøÂçÓ¦Óñ»°²×°
3.ÅжÏÊÇ·ñÕýÈ·µÄWeb·þÎñÆ÷°æ±¾±»°²×°µ½DMAÇøÓò
4.̽²âÄÄЩϵͳ¿ª·ÅÁËÎļþ¹²Ïí¶Ë¿Ú
5.̽²âδÊÚȨµÄFTP·þÎñÆ÷¡¢´òÓ¡»úºÍ²Ù×÷ϵͳ
NmapÃüÁî½éÉÜ£º
-sVÅжÏÖ÷»ú°æ±¾ºÅ£¬¿Í»§¶Ë°²×°µÄÈí¼þ£¨Í¨¹ý¶Ë¿ÚɨÃè·¢°ü±¨ÎÄÅжϣ©
-n¹Ø±ÕDNS½âÎö£¨³£Óã©
-sPÖ÷»ú·¢ÏÖ | nmap -sP 192.168.1.1-254
-oG + ÎļþÃû | Êä³ö±¨¸æ½á¹ûΪÎļþ
-A ×ÛºÏɨÃè
-iL + ÎļþÃû | µ÷ÓÃÒ½Ò©µÄɨÃ豨¸æ½á¹ûÎļþ
-p + ¶Ë¿ÚºÅ | Ö¸¶¨¶Ë¿Ú
-f ·ÖƬ£¨Î´Ï¸½²£©
ÏÔʾָÁîÇ¿¶È£º
-v Ò»°ãÇ¿¶È
-d µÚ¶þÇ¿¶È
--reason ±¨¸æÅжÏÔÒò»ØËÝ
-debug ÅжϹý³Ì»ØËÝ
--packet-trace ×îÇ¿
°²È«Éó¼ÆÓÃ;£º
1.ͳ¼Æ·À»ðǽ£¬È·ÈÏ·À»ðǽµÄ¹ýÂ˲ßÂÔ
2.ɨÃè±ã½ÝÉ豸¿ª·ÅµÄ¶Ë¿ÚºÅ
3.¶Ô·þÎñµÄÊʵ±°æ±¾½øÐÐɨÃè
4.ÀûÓÃOSɨÃè¼¼Êõ£¬ÕÒµ½¹ýʱµÄOSºÍδÊÚȨµÄϵͳ
5.·¢ÏÖδÊÚȨµÄÓ¦ÓúͷþÎñ
Nmap¸ß¼¶¹¦ÄÜ
1.×Ô¶¨ÒåTCPɨÃèµÄFlag
2.°ü·ÖƬ
3.ÆÛÆIPºÍMAC
4.Ìí¼ÓαװµÄÔ´IPµØÖ·
5.Ô´¶Ë¿ÚÖ¸¶¨
6.Ìí¼ÓËæ»úÊý¾Ýµ½·¢Ë͵İüÖÐ
7.²Ù×÷TTL
8.·¢ËÍÈÎÒâTCP¡¢UDPЧÑéºÍµÄ°ü
×Ô¶¨ÒåFlag
ʹÓÃPSHºÍSYNÁ½ÖÖ²»Í¬µÄɨÃèÏàͬÖ÷»úÏàͬ·þÎñµÃµ½²»Í¬µÄ½á¹û
ÔÒò£¨·¢PSH·þÎñÆ÷»ØRST£¬·¢SYNËü»ØSYN-ACK£¬NmapÖ»¿´RSTÅж϶˿ÚÊÇ·ñClose/Open£©
PSH:nmap -n --scanflags PSH -p 135 1.1.1.1
SYN:nmap -n --scanflags SYN -p 135 1.1.1.1
ĬÈÏÐÐΪɨÃ裨ÃüÁnmap IP£©
1.Ö÷»ú·¢ÏÖ
2.SYN¶Ë¿ÚɨÃ裨Ëæ»ú¶Ë¿Úö¾Ù£©£¨Ê¶±ð¿¿ÄÚ½¨µÄ¶Ë¿Ú/·þÎñ¶ÔÓ¦±íÅжϣ¬Î´·¢°üÈ·ÈÏ£©
-A:
1.OSÅжÏ
2.°æ±¾¼ì²é
3.½Å±¾É¨Ãè
4.traceroute
ÈçºÎɨÃèWindows×ÔÉí£º-sT/-PN£¨Ö÷Òª£©
IP:127.0.0.1
Ö¸¶¨Ä¿±êµÄ¼¼ÇÉ
nmap 192.168.1.0/24£¨Íø¶Î£© | 192.168.100.10-25£¨·¶Î§£© | myhost.xyz.com£¨ÓòÃû£©
nmap 192.168.5,10,15-16.10,20£¨ÓöººÅ·Ö¸ô£©£¨¶ÔÓ¦ÐòÁÐÀàËÆÎÕÊÖÎÊÌ⣩
nmap -sP --exclude web.xyz.com,dns.xyz.com,mail.xyz.com 192.168.100.0/24£¨ÅųýÔÚÍ⣩
nmap -sV -iL scan_host_list.txt£¨Ê¹ÓÃÎļþ£©
nmap --excludefile exclude_scan_host_list.txt 192.168.100.0/16£¨ÅųýHOSTÎļþ£¬×îºÃÅÅÁÐÒ»¸öDHCP·Ö·¢µÄµØÖ·£©
nmap -p443 -iR 10£¨Ëæ»úɨÃ裩
Ä¿µÄÖƶ¨ÃüÁî¸ñʽ
-iL <filename> ʹÓÃÖ¸¶¨Îļþ
-iR <number of targets> Ëæ»úÖ¸¶¨ÊýÁ¿
--exclude <host1,host2,host3> ÅųýÔÚÍâ
--excludefile <filename> ÅųýÔÚÍâµÄÎļþ
·¢ÏÖÖ÷»ú
nmap -sP 192.168.1.0/24
Ö±Á¬ÍøÂ磺·¢ËÍARP request,½øÐÐDNS½âÎö
¿çÍøÂç·¢ËÍ£ºICMP ECHO request & TCP 80
×¢Ò⣺-sP²ÎÊý±íÃûÖÆ×÷Ö÷»ú·¢ÏÖ¶ø²»×ö½øÒ»²½É¨Ã裬ֻÅäÖÃ-sP±íʾʹÓÃĬÈÏ·½Ê½ÊµÊ©Ö÷»úɨÃè¡£
Ò²¿ÉÒÔ¸úÉÏ-PS -PA -PP -PMµÈµÈ²ÎÊýʵʩÖ÷»úɨÃ裬µ«ÊÇÈç¹ûÖ»ÅäÖÃ-PS -PA -PP......²ÎÊý£¬²»½öûÖ÷»ú·¢ÏÖ£¬
»¹»á¶Ôactive¶Ë¿Úʵʩ¶Ë¿ÚɨÃè
-PE ICMP ECHO requestɨÃè=ping£¨code8|code0£©
-PP ʱ¼äÇëÇó(code13|code14)
-PM ÑÚÂëÇëÇó(code17|code18)
-PS SΪSYN£¨TCP£©SYNͬ²½É¨Ãè ·¢ËÍSYN80 »ØËÍSYN-ACK
¿ÉÄܱ»·À»ðǽ¸Éµô
I
-PA AΪACK ·¢ËÍACKµÄ°ü Õý³£·þÎñÆ÷»ØËÍRST
ACK°ü¹ý²»ÁË·À»ðǽ£¬·À»ðǽ£¨×´Ì¬¼à¿Ø·À»ðǽ£©Ö±½Ó¸øRST
II£¨´©Ô½Ê§°Ü¾Í¿ÉÒÔÈ·ÈÏÕýÔÚ´©Ô½×´Ì¬¼à¿Ø·À»ðǽ£©£¨¿ØÖÆÁбíÀàÐÍ¿ÉÒÔ¹ý£©
-PU ÓÃUDPɨÃ裬Á¬½ÓUDP¸ß¶Ë¿Ú¡ª¡ª31338 ·þÎñÆ÷Õý³£×´Ì¬Ï»ØÓ¦Ò»¸öICMPµÄ¶Ë¿Ú²»¿É´ï£¬Èç¹ûÄ¿±êÖ÷»ú¼û¹íµÄ¿ªÁËÕâ¸ö¸ß¶Ë¿Ú£¬ÄÇô¾Íû·´Ó¦ÁË¡£¡£¡£
·À»ðǽ²»Ò»¶¨·Å
-PO ɨÃèÐÒéºÅ£º1.ICMPÏ൱ÓÚPing£¨ICMP ECHO request£©
-sL ûÓз¢Èκεİü£¬Ö»¶ÔÓÚÓò½øÐÐDNS½âÎö
-sN ¹Ø±ÕÖ÷»ú·¢ÏÖ¡£¡£¡£
----------------------------------------------------------------------------------------------²¹³ä²¿·Ö------------------------------------------------------------------------------------------
-PM MustÇëÇó
-PR ARPµÄPing£¨ÍøÂçÖ±Á¬Ê±¶¼È±Ê¡ARP Ping£©
-R ÆôÓÃDNS½âÎö£¨Ä¬ÈÏÆôÓã©
--dns-server + NDS serveice Ö¸¶¨DNS·þÎñÆ÷
--system-dns ϵͳ×Ô¼ºµÄDNS·þÎñÆ÷£¨È±Ê¡£©
--send.ip Ö±Á¬ÍøÂç²»Ïë×öARP Ping£¬Ö¸¶¨ÓÃIP°ü
ÍøÂçÐÒéºÅ
Ê®½øÖÆÐòºÅ ¹Ø¼ü´Ê ÐÒé ²Î¿¼ÎÄÏ×
----------- ------- -------- ----------
0 HOPOPT IPv6 Hop-by-Hop Option
1 ICMP Internet Control Message
2 IGMP Internet Group Management
3 GGP Gateway-to-Gateway
4 IP IP in IP (encapsulation)
5 ST Stream
6 TCP Transmission Control
7 CBT CBT
8 EGP Exterior Gateway Protocol
9 IGP any private interior gateway
(used by Cisco for their IGRP)
10 BBN-RCC-MON BBN RCC Monitoring
11 NVP-II Network Voice Protocol
12 PUP PUP
13 ARGUS ARGUS
14 EMCON EMCON
15 XNET Cross Net Debugger
16 CHAOS Chaos
17 UDP User Datagram
18 MUX Multiplexing
19 DCN-MEAS DCN Measurement Subsystems
20 HMP Host Monitoring
21 PRM Packet Radio Measurement
22 XNS-IDP XEROX NS IDP
23 TRUNK-1 Trunk-1
24 TRUNK-2 Trunk-2
25 LEAF-1 Leaf-1
26 LEAF-2 Leaf-2
27 RDP Reliable Data Protocol
28 IRTP Internet Reliable Transaction
29 ISO-TP4 ISO Transport Protocol Class 4
30 NETBLT Bulk Data Transfer Protocol
31 MFE-NSP MFE Network Services Protocol
32 MERIT-INP MERIT Internodal Protocol
33 DCCP Datagram Congestion Control Protocol
34 3PC Third Party Connect Protocol
35 IDPR Inter-Domain Policy Routing Protocol
36 XTP XTP
37 DDP Datagram Delivery Protocol
38 IDPR-CMTP IDPR Control Message Transport Proto
39 TP++ TP++ Transport Protocol
40 IL IL Transport Protocol
41 IPv6 Ipv6
42 SDRP Source Demand Routing Protocol
43 IPv6-Route Routing Header for IPv6
44 IPv6-Frag Fragment Header for IPv6
45 IDRP Inter-Domain Routing Protocol
46 RSVP Reservation Protocol
47 GRE General Routing Encapsulation
48 MHRP Mobile Host Routing Protocol
49 BNA BNA
50 ESP Encap Security Payload
51 AH Authentication Header
52 I-NLSP Integrated Net Layer Security TUBA
53 SWIPE IP with Encryption
54 NARP NBMA Address Resolution Protocol
55 MOBILE IP Mobility
56 TLSP Transport Layer Security Protocol
using Kryptonet key management
57 SKIP SKIP
58 IPv6-ICMP ICMP for IPv6
59 IPv6-NoNxt No Next Header for IPv6
60 IPv6-Opts Destination Options for IPv6
61 any host internal protocol
62 CFTP CFTP
63 any local network
64 SAT-EXPAK SATNET and Backroom EXPAK
65 KRYPTOLAN Kryptolan
66 RVD MIT Remote Virtual Disk Protocol
67 IPPC Internet Pluribus Packet Core
68 any distributed file system
69 SAT-MON SATNET Monitoring
70 VISA VISA Protocol
71 IPCV Internet Packet Core Utility
72 CPNX Computer Protocol Network Executive
73 CPHB Computer Protocol Heart Beat
74 WSN Wang Span Network
75 PVP Packet Video Protocol
76 BR-SAT-MON Backroom SATNET Monitoring
77 SUN-ND SUN ND PROTOCOL-Temporary
78 WB-MON WIDEBAND Monitoring
79 WB-EXPAK WIDEBAND EXPAK
80 ISO-IP ISO Internet Protocol
81 VMTP VMTP
82 SECURE-VMTP SECURE-VMTP
83 VINES VINES
84 TTP TTP
85 NSFNET-IGP NSFNET-IGP
86 DGP Dissimilar Gateway Protocol
87 TCF TCF
88 EIGRP EIGRP
89 OSPFIGP OSPFIGP
90 Sprite-RPC Sprite RPC Protocol
91 LARP Locus Address Resolution Protocol
92 MTP Multicast Transport Protocol
93 AX.25 AX.25 Frames
94 IPIP IP-within-IP Encapsulation Protocol
95 MICP Mobile Internetworking Control Pro.
96 SCC-SP Semaphore Communications Sec. Pro.
97 ETHERIP Ethernet-within-IP Encapsulation
98 ENCAP Encapsulation Header
99 any private encryption scheme
100 GMTP GMTP
101 IFMP Ipsilon Flow Management Protocol
102 PNNI PNNI over IP
103 PIM Protocol Independent Multicast
104 ARIS ARIS
105 SCPS SCPS
106 QNX QNX
107 A/N Active Networks
108 IPComp IP Payload Compression Protocol
109 SNP Sitara Networks Protocol
110 Compaq-Peer Compaq Peer Protocol
111 IPX-in-IP IPX in IP
112 VRRP Virtual Router Redundancy Protocol
113 PGM PGM Reliable Transport Protocol
114 any 0-hop protocol
115 L2TP Layer Two Tunneling Protocol
116 DDX D-II Data Exchange (DDX)
117 IATP Interactive Agent Transfer Protocol
118 STP Schedule Transfer Protocol
119 SRP SpectraLink Radio Protocol
120 UTI UTI
121 SMP Simple Message Protocol
122 SM SM
123 PTP Performance Transparency Protocol
124 ISIS over IPv4
125 FIRE
126 CRTP Combat Radio Transport Protocol
127 CRUDP Combat Radio User Datagram
128 SSCOPMCE
129 IPLT
130 SPS Secure Packet Shield
131 PIPE Private IP Encapsulation within IP
132 SCTP Stream Control Transmission Protocol
133 FC Fibre Channel
134 RSVP-E2E-IGNORE
135 Mobility Header
136 UDPLite
137 MPLS-in-IP
138-252 Unassigned
253 Use for experimentation and testing
254 Use for experimentation and testing
255 Reserved
¶Ë¿ÚɨÃè
Open¶Ë¿Ú£º
1.DZÔڵݲȫµÄÈõµã
2.ÌṩӦÓÃÓë·þÎñµÄÇåµ¥
3.È·ÈÏÈí¼þ²ßÂÔµÄÇ¿¶È
Closed¶Ë¿Ú£º
1.Ö÷»ú·¢ÏÖ
2.²Ù×÷ϵͳÅжÏ
¶ÔNmap¶øÑÔµÄ6Öֶ˿Ú״̬
1.Open ¿ª·ÅÁËÔÚÏßÓ¦ÓóÌÐòÔÚ½ÓÊÜTCPºÍUDPµÄ°ü
2.Closed ¶Ë¿Ú¿ÉÒÔ±»·ÃÎÊ£¬µ«Ã»ÓÐÓ¦ÓóÌÐòÔÚÕìÌý
3.Filtered ûÓлØÓ¦£¬È¥µÄ°ü»ò»ØµÄ°ü¿ÉÄܱ»¹ýÂ˵ô
4.Unfiltered ûÓб»¹ýÂË£¬ACKɨÃèרÓÃ
Çé¿öÊÇ£ºACK scan£¬open&closed»ØÓ¦¶¼ÊÇRST£¬²»ºÃÅжϣ¬Ö»ÄÜ˵Ö÷»úÊǻµÄ
5.Open|filtered (UDP£¬IP Proto£¬ FIN£¬ Null£¬ Xmas scans)
¿ª·ÅµÄUDP¶Ë¿Ú²»»ØÓ¦£¬»òÕß»ØÓ¦µÄICMP±»¹ýÂË
6.Closed|filtered IP ID Idle scan
»ù´¡¶Ë¿ÚɨÃè
SYNɨÃèµÄ²»Í¬½á¹û£º
->SYN | <-SYN-ACK ¡ª¡ªOpen
| <-RST ¡ª¡ªClosed
| <-ICMP Unreachable ¡ª¡ªFiltered£¨±»·ÃÎÊ¿ØÖÆÁбí¹ýÂË£¬ÓÉ·ÃÎÊ¿ØÖÆÁÐ±í·¢³ö£©
nmap -sS SYNͬ²½É¨Ã裨TCP£©
̽²â·þÎñ½á¹ûÒÀ¾É¿¿ÄÚ½¨µÄ±íÀ´Åжϣ¬²»×öÈ·ÈÏ
-P0 ²»×öÖ÷»ú·¢ÏÖ
-sT TCPÁ¬½ÓɨÃè
-sU UDPɨÃ裬¶ÔËãÓÐUDPµÄ¶Ë¿Ú½øÐÐɨÃè
-sV È·ÈÏ°æ±¾
-sO ÐÒéɨÃè
¶îÍâµÄ¸ß¼¶É¨Ãè
RFC¶¨Ò壺Èç¹ûÒ»¸ö°üÄÚ²»°üº¬SYN¡¢RST¡¢ACKÖеÄÈκÎÒ»¸öFlag£¬»ØËÍRST
ÈýÖÖÌØÊâɨǽ£º
1.TCP Null scan ûÓÐFlagµÄɨÃè -sN
2.TCP FIN scan FlagΪFINµÄɨÃè -sF
3.Xmas scan ·´×ÅÀ´£¬FlagÖÃΪFIN£¬ PSH, URG -sX
ÕâЩɨÃèÒ»°ãÀ´Ëµ¶¼Ìӱܲ»ÁËIDSµÄ¼ì²â£¬
-sW ̽²â´°¿Ú´óС£¬Ò»°ãÀ´Ëµ´°¿Ú´óСȡ¾öÓÚÄ¿±êÖ÷»úµÄ»º´æ´óС£¬Ò²Óë²Ù×÷ϵͳÓйØϵ£¬²»Í¬²Ù×÷ϵͳ¶Ôwinows´¦ÀíÓÐÇø±ð
FIN+ACKµÄɨÃè
-sM
Idle scan -sL ÍêÈ«Òþ²ØµÄɨÃ裬Éñ£¡ºÜÓÐÏëÏóÁ¦
ÀûÓÃIPÍ·²¿µÄIDλÊý½øÐÐÅжÏʵʩɨÃè
Ö¸¶¨Flag
--scanflags URGPSH
ɨÃ跶Χ
ĬÈÏɨÃè¶Ë¿Ú·¶Î§ÎªÄÚ½¨µÄ·þÎñÓ³Éä±íɨÃè¶Ë¿Ú£¨Ëæ»úɨÃ裩
-r ˳ÐòɨÃè
-p -100 ´ÓÒ»µ½Ò»°Ù
-p 60000- ´óÓÚÁùÍò
-p- ËùÓÐ
ÇÒ¹ØÁªÎļþ£º
-p ftp, http*
ÎļþÄÚftp, http*¹ØÁªµÄ¶Ë¿Ú
nmap -sU -sS -p U:53, T:80, 134-139 192.168.1.0/24 Ö¸¶¨UDP¡¢TCPɨÃè¶Ë¿Ú
-p 6000µ½6100Ö®¼äµÄ
-p + ÍøÂçÐÒéºÅ
²Ù×÷ϵͳ̽²â·½·¨
1.³õʼ»¯ÐòÁкÅ
2.IP ID
3.ECN
4.´°¿Ú´óС
±¨¸æ£º
1.³§ÉÌ
2.¾ßÌå°æ±¾
3.É豸
-OɨÃè²Ù×÷ϵͳ --osscan-guess¾¡Á¿²Â
̽²â·þÎñºÍÓ¦Óð汾
1.·þÎñÐÒé
2.Ó¦ÓÃÃû
3.°æ±¾ºÅ
4.Ö÷»úÃû³Æ
5.É豸ÀàÐÍ
6.²Ù×÷ϵͳ¼Ò×å
7.ϸ½ÚÔÓÏî
8.¶Ë¿Ú״̬
--allport
--version-all×î¸ßÇ¿¶È
Nmap½Å±¾ÒýÇæ
1.ÔöÇ¿µÄÍøÂç·¢ÏÖ
2.ÔöÇ¿µÄ°æ±¾Ì½²â
3.´àÈõ½Úµã̽²â
4.¶ñÒâÈí¼þ̽²â
5.©¶´ÀûÓÃ
--scritp=<script_filename>
ÐÔÄÜÓÅ»¯
ËÙÂʵ÷Õû
-T +´ÎÊý ×îµÍΪ0£¬ÂýµÄ²»¿É˼Òé
0-5
ÌӱܺÍÆÛÆ
1.·ÖƬ
-f 8¸ö×Ö½Ú
2.»ìÏý¹¥»÷
-D <IP, IP£¬ME>ÂÒдIP
--spoof-mac 0 ËæÒâαװMAC | D-Linkαװ³ÉD-LinkµÄMAC
--source-port 53 αװ53Ô´¶Ë¿Ú
--mtu
--badsum ´íÎóµÄЧÑéºÍ
µ¼³öÊý¾Ý
-oN + Ãû×Ö myscan-%D-%T.nmap | %DÈÕÆÚ, %Tʱ¼ä£¨ÖÜÆÚÐÔɨÃèÓã©
--openÖ»ÏÔʾopenµÄ¶Ë¿ÚºÅ
--append-output ÔÚ֮ǰµÄÊä³öÎļþºó¼ÌÐøÌí¼ÓÖ®ºóɨÃèµÄ±¨¸æ
ÔÓÏ
1.-6 IPv6ɨÃè
2.-AÈ«ÃæɨÃè
3.-O OS¼ì²â
4.-sV·þÎñ°æ±¾¼ì²é
5.-sC½Å±¾É¨Ãè
6.-traceroute
Zenmap²¿·Ö¾ÍÖ±½ÓÌø¹ýÁË¡£¡£¡£
¼ÈȻѧºÚÁË£¬¾ÍÏÂÓÃÃüÁîÐеľöÐÄ£¡
Nmap²Ù×÷ϵͳָÎÆ
OSÖ¸ÎƼ¼Êõ£º
1.Ö÷¶¯
Ö÷¶¯·¢°ü£¬´ó¸Å15ÖÖ̽Õë
ÀûÓÃTCP¡¢UDPºÍICMPÐÒé
½á¹û°üº¬£º
1.´°¿Ú´óС
2.windows λ
3.IP DF
4.ʱ¼ä´Á
5.ECNflag
6.SN
7.TTL
2.±»¶¯
Ò³:
[1]