我想使用 Nmap 扫描整个家庭网络,但不确定我将如何去做。
我的默认网关和子网掩码分别是 192.168.0.1 和 255.255.255.0,所以我先尝试了nmap -sS 192.168.0.1/24. 但是,这似乎只是从 到192.168.0.0扫描192.168.0.255。扫描整个本地网络而不是仅扫描一个网段的最佳方法是什么?会nmap -sS 192.168.0.1/8扫描从192.0.0.0to 的所有内容192.255.255.255吗?
我最好从 ip 范围的最开头开始,10.0.0.0以10.255.255.255捕获网络上的所有联网设备,例如打印机,但想知道这是否可行以及如何加快速度。因为 /24 扫描需要我超过 3 分钟。
我只是在对一个网站进行 nmap 扫描,结果发现它有过多的开放端口。老实说,我从来没有见过这样的事情。在所有 65,000 多个端口中,几乎所有端口都是开放的,包括运行比特币服务的端口 8333。
现在,当我运行 -sV 扫描时,几乎所有这些打开的端口都是 tcpwrapped。所以我的两个问题是:
部分扫描结果:
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
3/tcp open tcpwrapped
4/tcp open tcpwrapped
6/tcp open tcpwrapped
7/tcp open tcpwrapped
9/tcp open tcpwrapped
13/tcp open tcpwrapped
17/tcp open tcpwrapped
19/tcp open tcpwrapped
20/tcp open tcpwrapped
21/tcp open tcpwrapped
22/tcp open ssh?
23/tcp open tcpwrapped
24/tcp open tcpwrapped
25/tcp filtered smtp
26/tcp open tcpwrapped
30/tcp open tcpwrapped
32/tcp open tcpwrapped
33/tcp open tcpwrapped
37/tcp open tcpwrapped
42/tcp open tcpwrapped
43/tcp open tcpwrapped
49/tcp open tcpwrapped
53/tcp open tcpwrapped
70/tcp open tcpwrapped
79/tcp open tcpwrapped
80/tcp open http Apache httpd
81/tcp open tcpwrapped
82/tcp open tcpwrapped
83/tcp open tcpwrapped
84/tcp open tcpwrapped
85/tcp open tcpwrapped
88/tcp open tcpwrapped
89/tcp open tcpwrapped
90/tcp open tcpwrapped
99/tcp open tcpwrapped
100/tcp open tcpwrapped
106/tcp open tcpwrapped
109/tcp open tcpwrapped
110/tcp open tcpwrapped
111/tcp open tcpwrapped
113/tcp open tcpwrapped
119/tcp open tcpwrapped
125/tcp open tcpwrapped
135/tcp open tcpwrapped
139/tcp filtered netbios-ssn
143/tcp open tcpwrapped
144/tcp open tcpwrapped
146/tcp open tcpwrapped
161/tcp open tcpwrapped
163/tcp open tcpwrapped
179/tcp open tcpwrapped
199/tcp open tcpwrapped
211/tcp open tcpwrapped
212/tcp open tcpwrapped
222/tcp open tcpwrapped
254/tcp open tcpwrapped
255/tcp open tcpwrapped
256/tcp open tcpwrapped
259/tcp open tcpwrapped
264/tcp open tcpwrapped
280/tcp open tcpwrapped
301/tcp open tcpwrapped
306/tcp open tcpwrapped
311/tcp open tcpwrapped
340/tcp open tcpwrapped
366/tcp open tcpwrapped
389/tcp filtered ldap
406/tcp open tcpwrapped
407/tcp open tcpwrapped
416/tcp open tcpwrapped
417/tcp open tcpwrapped
425/tcp open tcpwrapped
427/tcp open tcpwrapped
443/tcp open ssl/http Apache httpd
444/tcp open tcpwrapped
445/tcp filtered microsoft-ds
458/tcp open tcpwrapped
464/tcp open tcpwrapped
465/tcp closed smtps
481/tcp open tcpwrapped
497/tcp open tcpwrapped
500/tcp open tcpwrapped
512/tcp open tcpwrapped
513/tcp open tcpwrapped
514/tcp open tcpwrapped
515/tcp open tcpwrapped
524/tcp open tcpwrapped
541/tcp open tcpwrapped
543/tcp open tcpwrapped
544/tcp open tcpwrapped
545/tcp open tcpwrapped
548/tcp open tcpwrapped
554/tcp open tcpwrapped
555/tcp open tcpwrapped
563/tcp open tcpwrapped
587/tcp closed submission
593/tcp open tcpwrapped
616/tcp open tcpwrapped
617/tcp open tcpwrapped
625/tcp open tcpwrapped
631/tcp open tcpwrapped
636/tcp open tcpwrapped
646/tcp open tcpwrapped
648/tcp open tcpwrapped
666/tcp open tcpwrapped
667/tcp open tcpwrapped
668/tcp open tcpwrapped
683/tcp open tcpwrapped
687/tcp open tcpwrapped
691/tcp open tcpwrapped
700/tcp open tcpwrapped
705/tcp open tcpwrapped
711/tcp open tcpwrapped
714/tcp open tcpwrapped
720/tcp open tcpwrapped
722/tcp open tcpwrapped
726/tcp open tcpwrapped
749/tcp open tcpwrapped
765/tcp open tcpwrapped
777/tcp open tcpwrapped
783/tcp open tcpwrapped
787/tcp open tcpwrapped
800/tcp open tcpwrapped
801/tcp open tcpwrapped
808/tcp open tcpwrapped
843/tcp open tcpwrapped
873/tcp open tcpwrapped
880/tcp open tcpwrapped
888/tcp open tcpwrapped
898/tcp open tcpwrapped
900/tcp open tcpwrapped
901/tcp open tcpwrapped
902/tcp open tcpwrapped
903/tcp open tcpwrapped
911/tcp open tcpwrapped
912/tcp open tcpwrapped
981/tcp open tcpwrapped
987/tcp open tcpwrapped
990/tcp open tcpwrapped
992/tcp open tcpwrapped
993/tcp open tcpwrapped
995/tcp open tcpwrapped
999/tcp open tcpwrapped
1000/tcp open tcpwrapped
1001/tcp open tcpwrapped
1002/tcp open tcpwrapped
1007/tcp open tcpwrapped
1009/tcp open tcpwrapped
1010/tcp open tcpwrapped
1011/tcp open tcpwrapped
1021/tcp open tcpwrapped
1022/tcp open tcpwrapped
1023/tcp open tcpwrapped
1024/tcp open tcpwrapped
1025/tcp open tcpwrapped
1026/tcp open tcpwrapped
1027/tcp open tcpwrapped
1028/tcp open tcpwrapped
1029/tcp open tcpwrapped
1030/tcp open tcpwrapped
1031/tcp open tcpwrapped
1032/tcp open tcpwrapped
1033/tcp open tcpwrapped
1034/tcp open tcpwrapped
1035/tcp open tcpwrapped
1036/tcp open tcpwrapped
1037/tcp open tcpwrapped
1038/tcp open tcpwrapped
1039/tcp open tcpwrapped
1040/tcp open tcpwrapped
1041/tcp open tcpwrapped
1042/tcp open tcpwrapped
1043/tcp open tcpwrapped
1044/tcp open tcpwrapped
1045/tcp open tcpwrapped
1046/tcp open tcpwrapped
1047/tcp open tcpwrapped
1048/tcp open tcpwrapped
1049/tcp open tcpwrapped
1050/tcp open tcpwrapped
1051/tcp open tcpwrapped
1052/tcp open tcpwrapped
1053/tcp open tcpwrapped
1054/tcp open tcpwrapped
1055/tcp open tcpwrapped
1056/tcp open tcpwrapped
1057/tcp open tcpwrapped
1058/tcp open tcpwrapped
1059/tcp open tcpwrapped
1060/tcp open tcpwrapped
1061/tcp open tcpwrapped
1062/tcp open tcpwrapped
1063/tcp open tcpwrapped
1064/tcp open tcpwrapped
1065/tcp open tcpwrapped
1066/tcp open tcpwrapped
1067/tcp open tcpwrapped
1068/tcp open tcpwrapped
1069/tcp open tcpwrapped
1070/tcp open tcpwrapped
1071/tcp open tcpwrapped
1072/tcp open tcpwrapped
1073/tcp open tcpwrapped
1074/tcp open tcpwrapped
1075/tcp open tcpwrapped
1076/tcp open tcpwrapped
1077/tcp open tcpwrapped
1078/tcp open tcpwrapped
1079/tcp open tcpwrapped
1080/tcp open tcpwrapped
1081/tcp open tcpwrapped
1082/tcp open tcpwrapped
1083/tcp open tcpwrapped
1084/tcp open tcpwrapped
1085/tcp open tcpwrapped
1086/tcp open tcpwrapped
1087/tcp open tcpwrapped
1088/tcp open tcpwrapped
1089/tcp open tcpwrapped
1090/tcp open tcpwrapped
1091/tcp open tcpwrapped
1092/tcp open tcpwrapped
1093/tcp open tcpwrapped
1094/tcp open tcpwrapped
1095/tcp open tcpwrapped
1096/tcp open tcpwrapped
1097/tcp open tcpwrapped
1098/tcp open tcpwrapped
1099/tcp open tcpwrapped
1100/tcp open tcpwrapped
1102/tcp open tcpwrapped
1104/tcp open tcpwrapped
1105/tcp open tcpwrapped
1106/tcp open tcpwrapped
1107/tcp open tcpwrapped
1108/tcp open tcpwrapped
1110/tcp open tcpwrapped
1111/tcp open tcpwrapped
1112/tcp open tcpwrapped
1113/tcp open tcpwrapped
1114/tcp open tcpwrapped
1117/tcp open tcpwrapped
1119/tcp open tcpwrapped
1121/tcp open tcpwrapped
1122/tcp open tcpwrapped
1123/tcp open tcpwrapped
1124/tcp open tcpwrapped
1126/tcp open tcpwrapped
1130/tcp open tcpwrapped
1131/tcp open tcpwrapped
1132/tcp open tcpwrapped
1137/tcp open tcpwrapped
1138/tcp open tcpwrapped
1141/tcp open tcpwrapped
1145/tcp open tcpwrapped
1147/tcp open tcpwrapped
1148/tcp open tcpwrapped
1149/tcp open tcpwrapped
1151/tcp open tcpwrapped
1152/tcp open tcpwrapped
1154/tcp open tcpwrapped
1163/tcp open tcpwrapped
1164/tcp open tcpwrapped
1165/tcp open tcpwrapped
1166/tcp open tcpwrapped
1169/tcp open tcpwrapped
1174/tcp open tcpwrapped
1175/tcp open tcpwrapped
1183/tcp open tcpwrapped
1185/tcp open tcpwrapped
1186/tcp open tcpwrapped
1187/tcp open tcpwrapped
1192/tcp open tcpwrapped
1198/tcp open tcpwrapped
1199/tcp open tcpwrapped
1201/tcp open tcpwrapped
1213/tcp open tcpwrapped
1216/tcp open tcpwrapped
1217/tcp open tcpwrapped
1218/tcp open tcpwrapped
1233/tcp open tcpwrapped
1234/tcp open tcpwrapped
1236/tcp open tcpwrapped
1244/tcp open tcpwrapped
1247/tcp open tcpwrapped
1248/tcp open tcpwrapped
1259/tcp open tcpwrapped
1271/tcp open tcpwrapped
1272/tcp open tcpwrapped
1277/tcp open tcpwrapped
1287/tcp open tcpwrapped
1296/tcp open tcpwrapped
1300/tcp open tcpwrapped
1301/tcp open tcpwrapped
1309/tcp open tcpwrapped
1310/tcp open tcpwrapped
1311/tcp open tcpwrapped
1322/tcp open tcpwrapped
1328/tcp open tcpwrapped
1334/tcp open tcpwrapped
1352/tcp open tcpwrapped
1417/tcp open tcpwrapped
1433/tcp open tcpwrapped
1434/tcp open tcpwrapped
1443/tcp open tcpwrapped
1455/tcp open tcpwrapped
1461/tcp open tcpwrapped
1494/tcp open tcpwrapped
1500/tcp open tcpwrapped
1501/tcp open tcpwrapped
1503/tcp open tcpwrapped
1521/tcp open tcpwrapped
1524/tcp open tcpwrapped
1533/tcp open tcpwrapped
1556/tcp open tcpwrapped
1580/tcp open tcpwrapped
1583/tcp open tcpwrapped
1594/tcp open tcpwrapped
1600/tcp open tcpwrapped
1641/tcp open tcpwrapped
1658/tcp open tcpwrapped
1666/tcp open tcpwrapped
1687/tcp open tcpwrapped
1688/tcp open tcpwrapped
1700/tcp open tcpwrapped
1717/tcp open tcpwrapped
1718/tcp open tcpwrapped
1719/tcp open tcpwrapped
1720/tcp open tcpwrapped
1721/tcp open tcpwrapped
1723/tcp open tcpwrapped
1755/tcp open tcpwrapped
1761/tcp open tcpwrapped
1782/tcp open tcpwrapped
1783/tcp open tcpwrapped
1801/tcp open tcpwrapped
1805/tcp open tcpwrapped
1812/tcp open tcpwrapped
1839/tcp open tcpwrapped
1840/tcp open tcpwrapped
1862/tcp open tcpwrapped
1863/tcp open tcpwrapped
1864/tcp open tcpwrapped
1875/tcp open tcpwrapped
1900/tcp open tcpwrapped
1914/tcp open tcpwrapped
1935/tcp open tcpwrapped
1947/tcp open tcpwrapped
1971/tcp open tcpwrapped
1972/tcp open tcpwrapped
1974/tcp open tcpwrapped
1984/tcp open tcpwrapped
1998/tcp open tcpwrapped
1999/tcp open tcpwrapped
2000/tcp open tcpwrapped
2001/tcp open tcpwrapped
2002/tcp open tcpwrapped
2003/tcp open tcpwrapped
2004/tcp open tcpwrapped
2005/tcp open tcpwrapped
2006/tcp open tcpwrapped
2007/tcp open tcpwrapped
2008/tcp open tcpwrapped
2009/tcp open tcpwrapped
2010/tcp open tcpwrapped
2013/tcp open tcpwrapped
2020/tcp open tcpwrapped
2021/tcp open tcpwrapped
2022/tcp open tcpwrapped
2030/tcp open tcpwrapped
2033/tcp open tcpwrapped
2034/tcp open tcpwrapped
2035/tcp open tcpwrapped
2038/tcp open tcpwrapped
2040/tcp open tcpwrapped
2041/tcp open tcpwrapped
2042/tcp open tcpwrapped
2043/tcp open tcpwrapped
2045/tcp open tcpwrapped
2046/tcp open tcpwrapped
我最近使用 Nmap 7.91 在我的 Kali Linux 虚拟机上尝试了以下 nmap 命令,
nmap -sS -e eth0 -S 12.12.12.12 192.168.0.102
我试图在带有 WireShark 的主机上使用 12.12.12.12 的欺骗 IP 执行 SYN 扫描。这样做后,我收到此错误:
NSOCK ERROR [0.2750s] mksock_bind_addr(): Bind to 192.168.0.105:0 failed (IOD #1): Cannot assign requested address (99)
然而,检查我的 WireShark,欺骗是有效的。所以我有点困惑这是什么。
我使用扫描我的家庭网络nmap 192.168.178.*,192.168.178.0-255但它没有显示我的 PC 的 IP。然后,当我使用它只扫描我的电脑时,-Pn它会找到它。那么为什么我的电脑被隐藏了呢?
即使在找到它-Pn为什么它不显示有关我的操作系统的真实信息之后,它也只显示为 Windows、Windows 98,而它是 Windows 10。
我有一个运行 linux 的 AWS 服务器。当我netstat -lntp从机器本身执行操作时,它显示了一些打开的端口(如预期的那样),但没有显示 445 或 139。这是有道理的,因为我从未在这台机器上设置过 samba。此外,当我列出正在运行的进程并 grep for smborsamba时,它没有显示任何运行。
查看服务器的防火墙规则,我发现它只允许端口 80 和 22 上的入站流量。它允许所有端口上的出站流量到所有目的地,但我认为这无关紧要。
问题是当我nmap从网络外部执行时,它显示端口 139 和 445 已关闭。这是为什么?我的理解是“关闭”意味着防火墙让数据包通过服务器,但端口上没有任何监听。为什么防火墙允许流量通过?
我有一个运行一些嵌入式代码的设备(我知道那里运行的是什么)但nmap无法识别它:
PORT STATE SERVICE VERSION
8266/tcp open unknown
我很乐意提供确切的详细信息,但没有可用的指纹nmap。
有没有办法强制显示指纹?还是必须有一些特定的条件才能使服务完全被识别?(在这种情况下没有指纹=无论如何都无法识别服务)
我运行了一次扫描,插入了一个树莓派,然后再次运行了一次扫描。是否有实用程序或选项nmap可以让我轻松区分两个扫描输出以找到我的树莓派的 IP 地址?
使用的 nmap 扫描:
nmap -sP 192.168.86.1/24
貌似不能和mac上ndiff同时安装:nmap
$ brew install ndiff
Error: Cannot install ndiff because conflicting formulae are installed.
nmap: because both install `ndiff` binaries
Please `brew unlink nmap` before continuing.
Unlinking removes a formula's symlinks from /usr/local. You can
link the formula again after the install finishes. You can --force this
install, but the build may fail or cause obscure side effects in the
resulting software.
我经常nmap用来扫描网络,有时需要调整扫描时间。不幸的是,我的计时实验大多没有结果,可能是因为我使用的值相对于所需值而言完全不合时宜。
让我印象深刻的是,如果我从nmap的默认值开始,然后从那里进行调整,我会取得更大的成功。但是,在文档(或nmap命令行)中的任何地方我都找不到显示默认值的方法。
以下是命令行帮助文本中应具有默认值的快速列表:
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
--ttl <val>: Set IP time-to-live field
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
...如何找到这些值的默认值?
我有一个主机,如果命令:
nmap <host ip>
运行,然后得到响应:
All 1000 scanned ports on <host ip> are closed (958) or filtered (42)
所以我想找出哪些端口被标记为已过滤,并找出原因或至少对报告过滤的原因进行一些评估。
我试过了:
nmap -sT -oG report1.txt -vv --reason --append-output <host ip> >report2.txt
nmap -oG report1.txt -vv --reason --append-output <host ip> >report2.txt
但我没有看到有关过滤的更多信息。我得到:
All 1000 scanned ports on 192.168.7.1 are closed because of 1000 resets
即与被过滤的端口无关。我怎样才能找到这些信息?