29 Praktiske eksempler på NMAP-kommandoer til Linux System/Netværksadministratorer
Nmap aka Network Mapper er en open source og et meget alsidigt værktøj til Linux-system/netværksadministratorer. Nmap bruges til at udforske netværk, udføre sikkerhedsscanninger, netværksrevision og finde åbne porte på fjernmaskine. Det scanner efter Live-værter, Operativsystemer, pakkefiltre og åbne porte, der kører på fjernværter.
Jeg vil dække det meste af NMAP-brugen i to forskellige dele, og dette er den første del af nmap seriøst. Her i denne opsætning har jeg brugt to servere uden firewall til at teste funktionen af Nmap-kommandoen.
- 192.168.0.100 - server1.linux-console.net
- 192.168.0.101 - server2.linux-console.net
# nmap [Scan Type(s)] [Options] {target specification}Sådan installeres NMAP i Linux
De fleste af nutidens Linux-distributioner som Red Hat, CentOS, Fedoro, Debian og Ubuntu har inkluderet Nmap i deres standardpakkehåndteringsregistre kaldet Yum og APT. Begge værktøjer bruges til at installere og administrere softwarepakker og opdateringer. Brug følgende kommando til at installere Nmap på distributionsspecifik.
# yum install nmap [on Red Hat based systems] $ sudo apt-get install nmap [on Debian based systems]
Når du har installeret den nyeste nmap-applikation, kan du følge instruktionerne i eksemplet i denne artikel.
1. Scan et system med værtsnavn og IP-adresse
Nmap-værktøjet tilbyder forskellige metoder til at scanne et system. I dette eksempel udfører jeg en scanning ved hjælp af værtsnavn som server2.linux-console.net for at finde ud af alle åbne porte, tjenester og MAC-adresser på systemet.
nmap server2.linux-console.net Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds You have new mail in /var/spool/mail/root
nmap 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 958/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds You have new mail in /var/spool/mail/root
2. Scan ved hjælp af “-v” -indstillingen
Du kan se, at nedenstående kommando med “-v” giver mere detaljerede oplysninger om fjernmaskinen.
nmap -v server2.linux-console.net
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.linux-console.net (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.linux-console.net (192.168.0.101) appears to be up ... good.
Interesting ports on server2.linux-console.net (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)Scan flere værter
Du kan scanne flere værter ved blot at skrive deres IP-adresser eller værtsnavne med Nmap.
nmap 192.168.0.101 192.168.0.102 192.168.0.103 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4. Scan et helt undernet
Du kan scanne et helt subnet eller IP-interval med Nmap ved at give * jokertegn med det.
nmap 192.168.0.* Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST Interesting ports on server1.linux-console.net (192.168.0.100): Not shown: 1677 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 851/tcp open unknown Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds You have new mail in /var/spool/mail/root
På ovenstående output kan du se, at nmap scannede et helt undernet og gav oplysningerne om de værter, der er ope i netværket.
5. Scan flere servere ved hjælp af den sidste oktet af IP-adressen
Du kan udføre scanninger på flere IP-adresser ved blot at angive den sidste oktet af IP-adressen. For eksempel udfører jeg her en scanning på IP-adresser 192.168.0.101, 192.168.0.102 og 192.168.0.103.
nmap 192.168.0.101,102,103 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds You have new mail in /var/spool/mail/root
6. Scan liste over værter fra en fil
Hvis du har flere værter at scanne, og alle værtsoplysninger er skrevet i en fil, kan du direkte bede nmap om at læse den fil og udføre scanninger. Lad os se, hvordan man gør det.
Opret en tekstfil kaldet “nmaptest.txt” og definer alle IP-adresser eller værtsnavn på den server, du vil scanne.
cat > nmaptest.txt localhost server2.linux-console.net 192.168.0.101
Kør derefter følgende kommando med "iL" med nmap-kommando for at scanne alle anførte IP-adresser i filen.
nmap -iL nmaptest.txt Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST Interesting ports on localhost.localdomain (127.0.0.1): Not shown: 1675 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 631/tcp open ipp 857/tcp open unknown Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 958/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 958/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7. Scan et IP-adresseområde
Du kan angive et IP-interval, mens du udfører scanning med Nmap.
nmap 192.168.0.101-110 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8. Scan netværk ekskl. Eksterne værter
Du kan ekskludere nogle værter, mens du udfører en komplet netværksscanning, eller når du scanner med jokertegn med indstillingen "–ekskluder".
nmap 192.168.0.* --exclude 192.168.0.100 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds You have new mail in /var/spool/mail/root
9. Scan OS-oplysninger og Traceroute
Med Nmap kan du registrere, hvilket operativsystem og hvilken version der kører på den eksterne vært. For at aktivere OS & version detektion, script scanning og traceroute kan vi bruge “-A” option med NMAP.
nmap -A 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 80/tcp open http Apache httpd 2.2.3 ((CentOS)) 111/tcp open rpcbind 2 (rpc #100000) 957/tcp open status 1 (rpc #100024) 3306/tcp open mysql MySQL (unauthorized) 8888/tcp open http lighttpd 1.4.32 MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027) TSeq(Class=TR%IPID=Z%TS=1000HZ) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 0.169 days (since Mon Nov 11 12:22:15 2013) Nmap finished: 1 IP address (1 host up) scanned in 22.271 seconds You have new mail in /var/spool/mail/root
I ovenstående output kan du se, at nmap er kommet op med TCP/IP-fingeraftryk fra operativsystemet, der kører på fjernværter og er mere specifikt om porten og tjenester, der kører på fjernværterne.
10. Aktivér OS-detektion med Nmap
Brug indstillingen “-O” og “-osscan-guess” hjælper også med at finde OS-oplysninger.
nmap -O server2.linux-console.net Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027) TSeq(Class=TR%IPID=Z%TS=1000HZ) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OS R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 0.221 days (since Mon Nov 11 12:22:16 2013) Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds You have new mail in /var/spool/mail/root
11. Scan en vært for at opdage firewall
Nedenstående kommando udfører en scanning på en ekstern vært for at opdage, om nogen pakkefiltre eller Firewall bruges af værten.
nmap -sA 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST All 1680 scanned ports on server2.linux-console.net (192.168.0.101) are UNfiltered MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds You have new mail in /var/spool/mail/root
12. Scan en vært for at kontrollere, at den er beskyttet af Firewall
At scanne en vært, hvis den er beskyttet af en hvilken som helst pakkefiltreringssoftware eller firewalls.
nmap -PN 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds
13. Find ud af Live-værter i et netværk
Ved hjælp af “-sP” -indstillingen kan vi simpelthen kontrollere, hvilke værter der er live og ope i netværk, med denne mulighed nmap springer portdetektering og andre ting over.
nmap -sP 192.168.0.* Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST Host server1.linux-console.net (192.168.0.100) appears to be up. Host server2.linux-console.net (192.168.0.101) appears to be up. MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds
14. Udfør en hurtig scanning
Du kan udføre en hurtig scanning med “-F” mulighed for at scanne efter de porte, der er anført i nmap-services-filerne, og efterlader alle andre porte.
nmap -F 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1234 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds
15. Find Nmap-version
Du kan finde ud af Nmap-versionen, du kører på din maskine, med "-V" -muligheden.
nmap -V Nmap version 4.11 ( http://www.insecure.org/nmap/ ) You have new mail in /var/spool/mail/root
16. Scan porte efter hinanden
Brug “-r” -flaget for ikke at randomisere.
nmap -r 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds
17. Udskriv værtsgrænseflader og ruter
Du kan finde ud af værtsgrænsefladen og ruteoplysninger med nmap ved hjælp af indstillingen "–iflist".
nmap --iflist Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 192.168.0.100/24 ethernet up 08:00:27:11:C7:89 **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.0.0/0 eth0 169.254.0.0/0 eth0
I ovenstående output kan du se, at kortet viser grænseflader, der er knyttet til dit system og deres respektive ruter.
18. Scan efter specifik port
Der er forskellige muligheder for at finde porte på fjernmaskine med Nmap. Du kan angive den port, du vil, at nmap skal scanne med “-p” -indstillingen, som standard scanner nmap kun TCP-porte.
nmap -p 80 server2.linux-console.net Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST Interesting ports on server2.linux-console.net (192.168.0.101): PORT STATE SERVICE 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) sca
19. Scan en TCP-port
Du kan også specificere specifikke porttyper og numre med nmap, der skal scannes.
nmap -p T:8888,80 server2.linux-console.net Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST Interesting ports on server2.linux-console.net (192.168.0.101): PORT STATE SERVICE 80/tcp open http 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
20. Scan en UDP-port
nmap -sU 53 server2.linux-console.net Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST Interesting ports on server2.linux-console.net (192.168.0.101): PORT STATE SERVICE 53/udp open http 8888/udp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
21. Scan flere porte
Du kan også scanne flere porte ved hjælp af indstillingen “-p”.
nmap -p 80,443 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 EST Interesting ports on server2.linux-console.net (192.168.0.101): PORT STATE SERVICE 80/tcp open http 443/tcp closed https MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds
22. Scan porte efter netværksområde
Du kan scanne porte med områder ved hjælp af udtryk.
nmap -p 80-160 192.168.0.101
23. Find værtsnumre til versionsnumre
Vi kan finde ud af tjenestens versioner, der kører på eksterne værter med "-sV" -muligheden.
nmap -sV 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 80/tcp open http Apache httpd 2.2.3 ((CentOS)) 111/tcp open rpcbind 2 (rpc #100000) 957/tcp open status 1 (rpc #100024) 3306/tcp open mysql MySQL (unauthorized) 8888/tcp open http lighttpd 1.4.32 MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds
24. Scan fjernværter ved hjælp af TCP ACK (PA) og TCP Syn (PS)
Undertiden blokerer pakkefiltrering af firewalls ICMP-standardpinganmodninger, i så fald kan vi bruge TCP ACK og TCP Syn-metoder til at scanne fjernværter.
nmap -PS 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds You have new mail in /var/spool/mail/root
25. Scan Fjernhost for specifikke porte med TCP ACK
nmap -PA -p 22,80 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 EST Interesting ports on server2.linux-console.net (192.168.0.101): PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds You have new mail in /var/spool/mail/root
26. Scan fjernhost for specifikke porte med TCP Syn
nmap -PS -p 22,80 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 EST Interesting ports on server2.linux-console.net (192.168.0.101): PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds You have new mail in /var/spool/mail/root
27. Udfør en snigende scanning
nmap -sS 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds You have new mail in /var/spool/mail/root
28. Kontroller de mest anvendte porte med TCP Syn
nmap -sT 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds You have new mail in /var/spool/mail/root
29. Udfør en tcp null-scanning for at narre en firewall
nmap -sN 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST Interesting ports on server2.linux-console.net (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 80/tcp open|filtered http 111/tcp open|filtered rpcbind 957/tcp open|filtered unknown 3306/tcp open|filtered mysql 8888/tcp open|filtered sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds You have new mail in /var/spool/mail/root
Det er det med NMAP for nu, jeg vil komme med flere kreative muligheder for NMAP i vores anden del af dette seriøse. Indtil da skal du holde øje med os og ikke glemme at dele dine værdifulde kommentarer.