linux 下nmap命令使用

通过一个IP地址我们可以知道多少信息?

一、查询到主机的mac 地址

1. windows 下使用nbtstat -a IP地址命令

这种方式利用NetBIOS协议

C:\Users\Terry>nbtstat -a 172.24.3.135

本地连接:
节点 IP 址址: [0.0.0.0] 范围 ID: []

    找不到主机。

无线网络连接:
节点 IP 址址: [172.24.3.29] 范围 ID: []

           NetBIOS 远程计算机名称表

       名称               类型         状态
    ---------------------------------------------
    TA-CN          <00>  组          已注册
    ITD-GANQING0-D1<00>  唯一        已注册
    ITD-GANQING0-D1<20>  唯一        已注册
    TA-CN          <1E>  组          已注册

    MAC 地址 = FC-4D-D4-F4-65-95

 

但是如果没有开放netbios协议,就会找不到

C:\Users\Terry>nbtstat -a 172.24.3.100

本地连接:
节点 IP 址址: [0.0.0.0] 范围 ID: []

    找不到主机。

无线网络连接:
节点 IP 址址: [172.24.3.29] 范围 ID: []

 

2.linux 下使用nmap 命令

[root@localhost ~]# nmap 172.24.3.100

Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-16 15:50 CST
Nmap scan report for 172.24.3.100
Host is up (0.000093s latency).
Not shown: 989 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
427/tcp  open   svrloc
443/tcp  open   https
902/tcp  open   iss-realsecure
5988/tcp closed wbem-http
5989/tcp open   wbem-https
8000/tcp open   http-alt
8080/tcp closed http-proxy
8100/tcp open   xprint-server
8300/tcp closed tmi
MAC Address: 00:10:18:1A:7B:EA (Broadcom)

Nmap done: 1 IP address (1 host up) scanned in 11.95 seconds
[root@localhost ~]# 

 

 

我们可以看到172.24.3.100,这个ip开放了哪些协议,端口是多少甚至还列出来网卡的品牌

 

二. 利用IP地址查看主机的os

[root@localhost ~]# nmap -O 172.24.3.135

Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-16 15:56 CST
Nmap scan report for 172.24.3.135
Host is up (0.0020s latency).
Not shown: 989 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
443/tcp   open  https
445/tcp   open  microsoft-ds
1025/tcp  open  NFS-or-IIS
1026/tcp  open  LSA-or-nterm
1027/tcp  open  IIS
1050/tcp  open  java-or-OTGfileshare
3389/tcp  open  ms-term-serv
5003/tcp  open  filemaker
50500/tcp open  unknown
MAC Address: FC:4D:D4:F4:65:95 (Unknown)
Device type: general purpose
Running: Microsoft Windows Vista|2008|7
OS details: Microsoft Windows Vista SP0 - SP2, Server 2008, or Windows 7 Ultimate
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds
[root@localhost ~]# 

3.找出网络中的在线主机

 

<>

[root@localhost ~]# nmap -sP 172.24.62.*

Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-16 15:57 CST
Nmap scan report for 172.24.62.1
Host is up (0.00074s latency).
Nmap scan report for 172.24.62.11
Host is up (0.00041s latency).
Nmap scan report for 172.24.62.12
Host is up (0.00039s latency).
Nmap scan report for 172.24.62.13
Host is up (0.00053s latency).
Nmap scan report for 172.24.62.14
Host is up (0.00052s latency).......

 

更多的参考文档:

http://os.51cto.com/art/201401/428152.htm