(转)使用NMAP工具扫描端口

原文：http://www.linuxde.net/2013/02/12354.html

nmap 是一个用于网络探索或安全评测的工具。它支持 ping 扫描（判定哪些主机在运行），多端口扫描技术（判定主机在提供哪些服务），以及 TCP/ip 指纹（远程主机操作系统识别）。Nmap 还提供了灵活的目标和端口明细表，掩护扫描，TCP 序列可预测性特点的判定，逆向identd 扫描等等。

注：在NMAP-4.11中，ident逆向扫描已不再支持。（ident协议：用于TCP反向扫描，允许查看TCP连接所对应的进程的属主用户。例如，连接到HTTP服务以后，再执行ident扫描，可以发现服务器是否正在以root权限运行。）

NMAP的扫描语法

nmap  [扫描类型]  [选项]  <扫描目标 ...>

常用的扫描类型

• -ss，TCP SYN扫描（半开）
• -sT，TCP 连接扫描（全开）
• -sF，TCP FIN扫描
• -su，UDP扫描
• -sP，ICMP扫描
• -P0，跳过ping检测

安装NMAP（我之前看过一个哥们很会动心思，他有个wab网站，但是跑去做安全设置，把ssh端口改的自己不记得了，他后面的解决办法就是用NMAP扫描出来的.........所以大家可以细细体会一下）

 [root@chenyi ~]# yum install nmap                            #CentOS 6.2 的ISO中自带NMAP，直接Yum安装即可！

分别查看本机开放的TCP端口、UDP端口

[root@chenyi ~]# nmap 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:24 CST
Nmap scan report for localhost (127.0.0.1)
host is up (0.000016s latency).
Not shown: 998 closed ports
PORT   STATE service
22/tcp open  ssh
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

[root@chenyi ~]# nmap -sU 127.0.0.1

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:25 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000018s latency).
Not shown: 999 closed ports
PORT     STATE         SERVICE
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds

检测192.168.1.0/24网段有哪些主机提供ftp服务

[root@chenyi ~]# nmap -p 21 192.168.1.0/24        # -p 选项，指定目标端口

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:29 CST
Nmap scan report for 192.168.1.1
Host is up (0.0035s latency).
PORT   STATE    SERVICE
21/tcp filtered ftp                                #状态未知，可能被过滤
MAC Address: 00:1F:8F:69:27:53 (Shanghai Bellmann Digital Source Co.)

Nmap scan report for 192.168.1.103
Host is up (0.00099s latency).
PORT   STATE  SERVICE
21/tcp closed ftp
MAC Address: 20:7C:8F:6B:E6:3E (Quanta Microsystems)

Nmap scan report for 192.168.1.108
Host is up (0.0021s latency).
PORT   STATE  SERVICE
21/tcp closed ftp
MAC Address: 88:AE:1D:26:0B:0B (Compal Information(kunshan)co.)

Nmap scan report for 192.168.1.110
Host is up (0.000093s latency).
PORT   STATE  SERVICE
21/tcp closed ftp

Nmap scan report for 192.168.1.210
Host is up (0.0091s latency).
PORT   STATE    SERVICE
21/tcp filtered ftp
MAC Address: 00:0C:29:CC:F3:02 (VMware)

Nmap scan report for 192.168.1.253
Host is up (0.0020s latency).
PORT   STATE    SERVICE
21/tcp filtered ftp
MAC Address: 14:CF:92:47:07:04 (Unknown)

Nmap done: 256 IP addresses (6 hosts up) scanned in 43.93 s<strong>econds</strong>

此时我开启一个FTP服务器 再次扫描！

.......省略一部分
Nmap scan report for 192.168.1.210
Host is up (0.0010s latency).
PORT   STATE SERVICE
21/tcp open  ftp            #此时21号端口表示是打开的
MAC Address: 00:0C:29:CC:F3:02 (VMware)
.......省略一部分

检测192.168.1.0/24网段有哪些存活主机     

[root@chenyi ~]# nmap -n -sP 192.168.1.0/24        #-n选项，禁用反向解析

Starting Nmap 5.51 ( http://nmap.org ) at 2012-12-06 09:40 CST
Nmap scan report for 192.168.1.1
Host is up (0.0031s latency).
MAC Address: 00:1F:8F:69:27:53 (Shanghai Bellmann Digital Source Co.)
Nmap scan report for 192.168.1.103
Host is up (0.00025s latency).
MAC Address: 20:7C:8F:6B:E6:3E (Quanta Microsystems)
Nmap scan report for 192.168.1.108
Host is up (0.0024s latency).
MAC Address: 88:AE:1D:26:0B:0B (Compal Information(kunshan)co.)
Nmap scan report for 192.168.1.110
Host is up.
Nmap scan report for 192.168.1.210
Host is up (0.00037s latency).
MAC Address: 00:0C:29:CC:F3:02 (VMware)
Nmap scan report for 192.168.1.253
Host is up (0.0056s latency).
MAC Address: 14:CF:92:47:07:04 (Unknown)
Nmap done: 256 IP addresses (6 hosts up) scanned in 3.63 seconds