nmap端口扫描实验.docx
《nmap端口扫描实验.docx》由会员分享,可在线阅读,更多相关《nmap端口扫描实验.docx(20页珍藏版)》请在冰豆网上搜索。
nmap端口扫描实验
《信息安全技术与应用》课程实验
实验二端口扫描与安全审计
一、Nmap简介
1.基本功能与目标端口状态说明
Nmap(NetworkMapper)是开放源码的网络探测和端口扫描工具,具有主机发现、端口扫描、操作系统检测、服务和版本检测、逃避放火墙及入侵检测系统等功能。
可从网站http:
//www.insecure.org/nmap/下载不同操作系统版本的源代码和可执行程序,而且提供了详细的中文使用手册(http:
//www.insecure.org/nmap/man/zh/)。
Nmap以表格形式输出扫描目标的端口号、协议、服务名称和状态,端口状态分别用开放(open)、关闭(closed)、已过滤(filtered)和未过滤(unfiltered)表示。
其中“开放”表示应用程序正在该端口监听连接或分组;“关闭”表示没有应用程序在该端口监听;“已过滤”表示防火墙或其他过滤器封锁了该端口,Nmap无法知道该端口的状态;“未过滤”表示端口对Nmap探测有响应,但Nmap不能确定端口是开放还是关闭。
Nmap有时也可能输出open|filtered或closed|filtered的状态组合,表示不能正确识别端口处于其中那一个状态。
2.命令格式与帮助
Nmap命令格式:
nmap[ScanType...][Options]{targetspecification}
Nmap命令帮助:
C:
\>nmap(不带命令参数运行nmap)
3.常用扫描类型
(1)-sT(TCPconnect()端口扫描);
(2)-sS(TCPSYN同步扫描);
(3)-sU(UDP端口扫描);
(4)-sN(Null扫描);
(5)-sF扫描(FIN)
(6)-sP(Ping扫描);
(7)-sX(Xmas扫描);
(8)-sA(TCPACK扫描,探测端口是否被过滤,open和closed端口返回RST报文,表示unfiltered,否则为filtered)
(9)-sM(TCPMaimon扫描,Maimon发现BSD系统探测报文FIN-ACK,响应RST);
(10)--scanflags(定制TCP标志位URG,ACK,PSH,RST,SYN,和FIN的任何组合设计扫描探测报文)
(11)-sW(TCP窗口扫描);-sI(Idlescan盲扫描);-sO(IP协议扫描)等,详细内容参考Nmap手册;
(12)未指定扫描类型,默认扫描类型为TCPSYN同步扫描。
4.命令参数选项
(1)主机发现参数(也称ping扫描,但与ping命令发送ICMP不同)
-sL(列表扫描)、-sP(Ping扫描)、-P0(无ping)、-PS[portlist](TCPSYNPing)、-PA[portlist](TCPACKPing)、-PU[portlist](UDPPing)、-PR(ARPPing)等。
(2)端口说明参数
-p 仅扫描指定端口。
例如,-p22; -p1-65535; -p U:
53,111,137,T:
21-25,80,139,8080(其中U、T分别指定UDP和TCP端口)
(3)服务和版本探测参数
-sV(版本探测)、-sR(RPC扫描)
(4)操作系统探测参数
nmap-os-fingerprints文件包含了1500多个已知操作系统的指纹信息。
-O(操作系统检测)、-A(同时启用操作系统和服务版本检测)
(5)输出格式参数
Nmap具有交互、标准、XML等5种不同输出格式,默认为交互式输出。
-v(详细输出)
5.目标地址规范
Nmap支持多种目标地址规范,包括单个目标IP地址、主机名称和网络地址。
例如:
(1)nmap-sP192.168.7.8,对目标主机192.168.7.8ping扫描;
(2)nmap-sTscanme.nmap.org,对目标主机scanme.nmap.org进行TCPconnect()扫描;
(3)nmap-v192.168.10.0/24,扫描192.168.10.0至192.168.10.255之间的256台目标主机,其中输出参数-v表示显示详细信息verbose;
(4)nmap-v10.0.0-255.1-254,扫描10.0.0.1至10.0.255.254之间的所有IP地址;
(5)nmap-v0-255.0-255.13.37,扫描Internet所有以13.37结束的IP地址;
(6)nmap-v-iR1000-P0-p80,随机选择1000个目标主机扫描,其中-P0表示无ping扫描。
随机地址扫描格式为-iR,其中-iR表示随机地址扫描,numhosts表示随机地址数。
二、实验内容
1.安装nmap-4.01-setup.exe软件
注意事项:
采用nmap-4.01-setup.exe时将自动安装WinPcap分组捕获库,采用解压缩nmap-4.01-win32.zip时需事先安装WinPcap分组捕获库。
2.局域网主机发现
列表扫描:
nmap-sL局域网地址
3.扫描目标主机端口
连续扫描目标主机端口:
nmap–r目标主机IP地址或名称
4.服务和版本检测
目标主机服务和版本检测:
nmap-sV目标主机IP地址或名称
5.操作系统检测
目标主机操作系统检测:
nmap-O目标主机IP地址或名称
6.端口扫描组合应用
nmap-v-Ascanme.nmap.org
nmap-v-sP192.168.0.0/1610.0.0.0/8
nmap-v-iR10000-P0-p80
三、实验要求
由于Nmap扫描功能强大、命令参数众多,在有限时间内不可能对所有命令参数进行实验。
但实验内容中列举的扫描命令必须完成,也可以任意选择其他命令参数进行实验。
命令执行后将执行结果复制到实验报告表格中,并对命令执行结果进行解释。
实验记录:
2.局域网主机发现
列表扫描:
nmap-sL局域网地址
C:
\DocumentsandSettings\Administrator>nmap-sL219.226.87.40-50
StartingNmap4.01(http:
//www.insecure.org/nmap)at2008-05-2717:
31中国标准
时间
Host219.226.87.40notscanned
Host219.226.87.41notscanned
Host219.226.87.42notscanned
Host219.226.87.43notscanned
Host219.226.87.44notscanned
Host219.226.87.45notscanned
Host219.226.87.46notscanned
Host219.226.87.47notscanned
Host219.226.87.48notscanned
Host219.226.87.49notscanned
Host219.226.87.50notscanned
Nmapfinished:
11IPaddresses(0hostsup)scannedin13.078seconds
3.扫描目标主机端口
连续扫描目标主机端口:
nmap–r目标主机IP地址或名称
C:
\DocumentsandSettings\Administrator>nmap-r219.226.87.56
StartingNmap4.01(http:
//www.insecure.org/nmap)at2008-05-2717:
29中国标准
时间
Interestingportson219.226.87.56:
(The1667portsscannedbutnotshownbelowareinstate:
closed)
PORTSTATESERVICE
80/tcpopenhttp
135/tcpopenmsrpc
139/tcpopennetbios-ssn
445/tcpopenmicrosoft-ds
7000/tcpopenafs3-fileserver
MACAddress:
00:
E0:
4C:
E9:
5E:
19(RealtekSemiconductor)
Nmapfinished:
1IPaddress(1hostup)scannedin0.734seconds
4.服务和版本检测
C:
\DocumentsandSettings\Administrator>nmap-sV219.226.87.56
StartingNmap4.01(http:
//www.insecure.org/nmap)at2008-05-2717:
26中国标准
时间
Interestingportson219.226.87.56:
(The1667portsscannedbutnotshownbelowareinstate:
closed)
PORTSTATESERVICEVERSION
80/tcpopenhttp?
135/tcpopenmsrpcMicrosoftWindowsRPC
139/tcpopennetbios-ssn
445/tcpopenmicrosoft-dsMicrosoftWindowsXPmicrosoft-ds
7000/tcpopenafs3-fileserver?
MACAddress:
00:
E0:
4C:
E9:
5E:
19(RealtekSemiconductor)
ServiceInfo:
OS:
Windows
Nmapfinished:
1IPaddress(1hostup)scannedin124.969seconds
5.操作系统检测
目标主机操作系统检测:
nmap-O目标主机IP地址或名称
C:
\DocumentsandSettings\Administrator>nmap-O219.226.87.56
StartingNmap4.01(http:
//www.insecure.org/nmap)at2008-05-2717:
25中国标准
时间
Interestingportson219.226.87.56:
(The1667portsscannedbutnotshownbelowareinstate:
closed)
PORTSTATESERVICE
80/tcpopenhttp
135/tcpopenmsrpc
139/tcpopennetbios-ssn
445/tcpopenmicrosoft-ds
7000/tcpopenafs3-fileserver
MACAddress:
00:
E0:
4C:
E9:
5E:
19(RealtekSemiconductor)
Devicetype:
generalpurpose
Running:
MicrosoftWindowsNT/2K/XP
OSdetails:
MicrosoftWindowsXPProSP1/SP2or2000SP4
Nmapfinished:
1IPaddress(1hostup)scannedin4.047seconds
6.端口扫描组合应用
nmap-v-Ascanme.nmap.org
C:
\DocumentsandSettings\Administrator>nmap-v-A219.226.87.56
StartingNmap4.01(http:
//www.insecure.org/nmap)at2008-05-2717:
22中国标准
时间
InitiatingARPPingScanagainst219.226.87.56[1port]at17:
22
TheARPPingScantook0.22stoscan1totalhosts.
DNSresolutionof1IPstook0.01s.Mode:
Async[#:
2,OK:
0,NX:
1,DR:
0,SF:
0,TR:
1,CN:
0]
InitiatingSYNStealthScanagainst219.226.87.56[1672ports]at17:
22
Discoveredopenport80/tcpon219.226.87.56
Discoveredopenport7000/tcpon219.226.87.56
Discoveredopenport139/tcpon219.226.87.56
Discoveredopenport445/tcpon219.226.87.56
Discoveredopenport135/tcpon219.226.87.56
TheSYNStealthScantook0.19stoscan1672totalports.
Initiatingservicescanagainst5serviceson219.226.87.56at17:
22
Theservicescantook88.56stoscan5serviceson1host.
ForOSScanassumingport80isopen,1isclosed,andneitherarefirewalled
Host219.226.87.56appearstobeup...good.
Interestingportson219.226.87.56:
(The1667portsscannedbutnotshownbelowareinstate:
closed)
PORTSTATESERVICEVERSION
80/tcpopenhttp?
135/tcpopenmsrpcMicrosoftWindowsRPC
139/tcpopennetbios-ssn
445/tcpopenmicrosoft-dsMicrosoftWindowsXPmicrosoft-ds
7000/tcpopenafs3-fileserver?
MACAddress:
00:
E0:
4C:
E9:
5E:
19(RealtekSemiconductor)
Devicetype:
generalpurpose
Running:
MicrosoftWindowsNT/2K/XP
OSdetails:
MicrosoftWindowsXPProSP1/SP2or2000SP4
TCPSequencePrediction:
Class=trulyrandom
Difficulty=9999999(Goodluck!
)
IPIDSequenceGeneration:
Incremental
ServiceInfo:
OS:
Windows
Nmapfinished:
1IPaddress(1hostup)scannedin90.156seconds
Rawpacketssent:
1687(74.7KB)|Rcvd:
1687(77.7KB)
nmap-v-sP192.168.0.0/1610.0.0.0/8
C:
\DocumentsandSettings\Administrator>nmap-v-sP219.226.87.50/24
StartingNmap4.01(http:
//www.insecure.org/nmap)at2008-05-2717:
20中国标准
时间
InitiatingARPPingScanagainst65hosts[1port/host]at17:
20
TheARPPingScantook0.53stoscan65totalhosts.
DNSresolutionof35IPstook13.09s.Mode:
Async[#:
2,OK:
0,NX:
25,DR:
10,
SF:
0,TR:
97,CN:
0]
Host219.226.87.0appearstobedown.
Host219.226.87.1appearstobeup.
MACAddress:
00:
0F:
E2:
12:
CA:
0B(HangzhouHuawei-3ComTech.Co.)
Host219.226.87.2appearstobeup.
MACAddress:
00:
08:
02:
F7:
81:
6F(CompaqComputer)
Host219.226.87.3appearstobeup.
MACAddress:
00:
11:
43:
5B:
2C:
29(Dell)
Host219.226.87.4appearstobeup.
MACAddress:
00:
11:
D8:
A2:
0D:
11(AsustekComputer)
Host219.226.87.5appearstobedown.
Host219.226.87.6appearstobedown.
Host219.226.87.7appearstobedown.
Host219.226.87.8appearstobedown.
Host219.226.87.9appearstobedown.
Host219.226.87.10appearstobedown.
Host219.226.87.11appearstobeup.
MACAddress:
00:
E0:
4C:
F1:
77:
42(RealtekSemiconductor)
Host219.226.87.12appearstobedown.
Host219.226.87.13appearstobedown.
Host219.226.87.14appearstobedown.
Host219.226.87.15appearstobedown.
Host219.226.87.16appearstobedown.
Host219.226.87.17appearstobeup.
MACAddress:
00:
E0:
4C:
F1:
76:
95(RealtekSemiconductor)
Host219.226.87.18appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
65(RealtekSemiconductor)
Host219.226.87.19appearstobedown.
Host219.226.87.20appearstobeup.
MACAddress:
00:
E0:
4C:
F1:
76:
88(RealtekSemiconductor)
Host219.226.87.21appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
5A(RealtekSemiconductor)
Host219.226.87.22appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5D:
B5(RealtekSemiconductor)
Host219.226.87.23appearstobedown.
Host219.226.87.24appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
63(RealtekSemiconductor)
Host219.226.87.25appearstobedown.
Host219.226.87.26appearstobedown.
Host219.226.87.27appearstobeup.
MACAddress:
00:
E0:
4C:
F1:
76:
91(RealtekSemiconductor)
Host219.226.87.28appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
42(RealtekSemiconductor)
Host219.226.87.29appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
4B(RealtekSemiconductor)
Host219.226.87.30appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5D:
FB(RealtekSemiconductor)
Host219.226.87.31appearstobeup.
MACAddress:
00:
E0:
4C:
F1:
76:
BC(RealtekSemiconductor)
Host219.226.87.32appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5D:
CF(RealtekSemiconductor)
Host219.226.87.33appearstobeup.
MACAddress:
00:
E0:
4C:
F1:
76:
84(RealtekSemiconductor)
Host219.226.87.34appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
76(RealtekSemiconductor)
Host219.226.87.35appearstobedown.
Host219.226.87.36appearstobedown.
Host219.226.87.37appearstobedown.
Host219.226.87.38appearstobedown.
Host219.226.87.39appearstobeup.
MACAddress:
00:
E0:
4C:
E9:
5E:
88(RealtekSemiconductor)
Host219.226.87.40
升级会员 