nmap扫描单个主机,nmap扫描内网主机

第5章 批量主机扫描 批量主机服务扫描 目的：     1、批量主机存活扫描。     2、针对主机服务扫描 作用： 1、能更方便快捷获取网络中主机的存活状态。 2、更加细致、智能获取主机服务侦査情况。 典型命令：nmap、ncat nmap命令的使用介绍 扫描类型 描述特点ICMP协议类型(-P)ping扫描简单、快速、有效TCP SYN 扫描(-sS)TCP半开放扫描1、高效 2、不易被检测 3、通用TCP connect(扫描(-sT)TCP全开放扫描1、真实 2、结果可靠UDP扫描(-sU)UDP协议扫描有效透过防火墙策略 icmp 不是tcp 协议 [root@centos-6 ~]# nmap -sP 10.0.1.10 Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:27 UTC Nmap scan report for 10.0.1.10 Host is up (0.00034s latency). MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds [root@centos-6 ~]# nmap -sP 10.0.1.0/24 Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:27 UTC Nmap scan report for 10.0.1.1 Host is up (0.00021s latency). MAC Address: 0A:00:27:00:00:1A (Unknown) Nmap scan report for 10.0.1.10 Host is up (0.00024s latency). MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems) Nmap scan report for 10.0.1.60 Host is up. Nmap done: 256 IP addresses (3 hosts up) scanned in 9.26 seconds [root@centos-6 ~]# nmap -sS 10.0.1.10 Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:32 UTC Nmap scan report for 10.0.1.10 Host is up (0.000074s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 3306/tcp open mysql MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds 0-1024    默认扫描 [root@centos-6 ~]# nmap -sS -p 0-30000 10.0.1.10 Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:42 UTC Nmap scan report for 10.0.1.10 Host is up (0.000070s latency). Not shown: 29998 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 3306/tcp open mysql MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds [root@centos-6 ~]# nmap -sT -p 0-30000 10.0.1.10  Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:43 UTC Nmap scan report for 10.0.1.10 Host is up (0.0016s latency). Not shown: 29998 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 3306/tcp open mysql MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems) Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds 扫描用udp会慢，一直处于等待的状态 ncat工具使用 组合参数 -W 设置的超时时间 -z —个输入输出模式 -ν 显示命令执行过程 方式一、基于tcp协议(默认)     nc -v -z -w2 10.10.250.254 1-50 方式二、基于udp协议-u nc -v -u -z -w2 10.10.250.254 1-50 [root@centos-6 ~]# nc -v -z -w2 10.0.1.10 1-100 nc: connect to 10.0.1.10 port 1 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 2 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 3 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 4 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 5 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 6 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 7 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 8 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 9 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 10 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 11 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 12 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 13 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 14 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 15 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 16 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 17 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 18 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 19 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 20 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 21 (tcp) failed: Connection refused Connection to 10.0.1.10 22 port [tcp/ssh] succeeded! nc: connect to 10.0.1.10 port 23 (tcp) failed: Connection refused nc: connect to 10.0.1.10 port 24 (tcp) failed: Connection refused [root@centos-6 ~]# nc -u -v -z -w2 10.0.1.10 1-100 内核限制，单位时间不可达的数量