[20190221]使用nmap掃描埠的問題.txt

[20190221]使用nmap掃描埠的問題.txt

--//連結https://www.cnblogs.com/kerrycode/p/10384895.html提到一個問題,nmap掃描埠遺漏一些埠.

--//我個人很少使用nmap,主要我們許多伺服器都不給安裝這個軟體.今天測試看看.

1.安裝nmap:

--//我個人喜歡rpm包安裝,最好選擇官方站點下載,從iso盤裡面複製nmap rpm包檔案.

# rpm -ivh nmap-4.11-2.0.1.x86_64.rpm

warning: nmap-4.11-2.0.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159

Preparing...                ########################################### [100%]

   1:nmap                   ########################################### [100%]

2.測試:

# nmap 192.168.100.40

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2019-02-21 09:33 CST

Interesting ports on hisdg (192.168.100.40):

Not shown: 1673 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

113/tcp  open  auth

443/tcp  open  https

1521/tcp open  oracle

3306/tcp open  mysql

MAC Address: 00:14:22:23:9A:7A (Dell)

Nmap finished: 1 IP address (1 host up) scanned in 0.300 seconds

--//測試發現確實少一些埠.我看了一些文件:

Port Specification and Scan Order

In addition to all of the scan methods discussed previously, Nmap offers options for specifying which ports are scanned

and whether the scan order is randomized or sequential. By default, Nmap scans the most common 1,000 ports for each

protocol.

-p <port ranges> (Only scan specified ports)

This option specifies which ports you want to scan and overrides the default. Individual port numbers are OK, as are

ranges separated by a hyphen (e.g. 1-1023). The beginning and/or end values of a range may be omitted, causing Nmap

to use 1 and 65535, respectively. So you can specify -p- to scan ports from 1 through 65535. Scanning port zero is

allowed if you specify it explicitly. For IP protocol scanning (-sO), this option specifies the protocol numbers you

wish to scan for (0–255).

When scanning a combination of protocols (e.g. TCP and UDP), you can specify a particular protocol by preceding the

port numbers by T: for TCP, U: for UDP, S: for SCTP, or P: for IP Protocol. The qualifier lasts until you specify

another qualifier. For example, the argument -p U:53,111,137,T:21-25,80,139,8080 would scan UDP ports 53, 111,and

137, as well as the listed TCP ports. Note that to scan both UDP and TCP, you have to specify -sU and at least one

TCP scan type (such as -sS, -sF, or -sT). If no protocol qualifier is given, the port numbers are added to all

protocol lists.

Ports can also be specified by name according to what the port is referred to in the nmap-services. You can even use

the wildcards * and ? with the names. For example, to scan FTP and all ports whose names begin with “http”, use -p

ftp,http*. Be careful about shell expansions and quote the argument to -p if unsure.

Ranges of ports can be surrounded by square brackets to indicate ports inside that range that appear in

nmap-services. For example, the following will scan all ports in nmap-services equal to or below 1024: -p [-1024].

Be careful with shell expansions and quote the argument to -p if unsure.

--//很明顯nmap為了加快掃描速度,選擇"most common 1,000 ports"掃描,這樣會遺漏一些埠.

--//2^16 -1  = 65535 ,我總是記不住後面3位,打入65000.

# nmap -p 1-65535 192.168.100.40

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2019-02-21 09:40 CST

Interesting ports on hisdg (192.168.100.40):

Not shown: 65526 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

80/tcp    open  http

111/tcp   open  rpcbind

113/tcp   open  auth

443/tcp   open  https

1521/tcp  open  oracle

3306/tcp  open  mysql

32768/tcp open  unknown

39063/tcp open  unknown

MAC Address: 00:14:22:23:9A:7A (Dell)

Nmap finished: 1 IP address (1 host up) scanned in 1.375 seconds

--//這樣一些埠就可以發現.