nmap使用方法

扫描目标主机使用的操作系统。

root@bt:~# nmap -sT -O -A 192.168.1.133

 

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:28 EDT

Nmap scan report for 192.168.1.133

Host is up (0.090s latency).

Not shown: 986 closed ports

PORT     STATE    SERVICE         VERSION

80/tcp   open     http            Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)

|_http-methods: No Allow or Public header in OPTIONS response (status code 404)

|_http-title: Not Found

135/tcp  open     msrpc           Microsoft Windows RPC

139/tcp  open     netbios-ssn

445/tcp  open     netbios-ssn

514/tcp  filtered shell

902/tcp  open     ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

912/tcp  open     vmware-auth     VMware Authentication Daemon 1.0 (Uses VNC, SOAP)

1025/tcp open     msrpc           Microsoft Windows RPC

1026/tcp open     msrpc           Microsoft Windows RPC

1027/tcp open     msrpc           Microsoft Windows RPC

1029/tcp open     msrpc           Microsoft Windows RPC

1030/tcp open     msrpc           Microsoft Windows RPC

1433/tcp open     ms-sql-s        Microsoft SQL Server 2008 R2 10.50.1600.00; Pre-RTM

2383/tcp open     ms-olap4?

Device type: general purpose

Running: Microsoft Windows 7（这里是目标使用的操作系统）

OS CPE: cpe:/o:microsoft:windows_7:::enterprise

OS details: Microsoft Windows 7 Enterprise（操作系统的版本）

Network Distance: 2 hops

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

 

Host script results:

|_nbstat: NetBIOS name: TKE-PC（这里是计算机名称）, NetBIOS user: <unknown>, NetBIOS MAC: 70:71:bc:79:fa:54 (Pegatron)   （网卡mac地址）

| smb-security-mode:

|   Account that was used for smb scripts: guest

|   User-level authentication

|   SMB Security: Challenge/response passwords supported

|_  Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server supports SMBv2 protocol

| smb-os-discovery:

|   OS: Windows 7 Ultimate 7600 (Windows 7 Ultimate 6.1)

|   NetBIOS computer name: TKE-PC

|   Workgroup: WORKGROUP

|_  System time: 2012-08-31 02:31:37 UTC+8

| ms-sql-info:

|   [192.168.1.133:1433]

|     Version: Microsoft SQL Server 2008 R2 Pre-RTM

|       Version number: 10.50.1600.00

|       Product: Microsoft SQL Server 2008 R2

|       Service pack level: Pre-RTM

|_    TCP port: 1433

 

TRACEROUTE (using proto 1/icmp)

HOP RTT     ADDRESS

1   0.13 ms 192.168.129.2

2   0.75 ms 192.168.1.133

 

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 188.80 seconds

 这样，就探测出了主机系统为win7，同时还可以看出使用的数据库时SQL server 2008 R2。

不过扫描使用的时间就稍微长了一点，188秒，也就是3分钟左右。

通过QQ的IP探测，我找了一个IP来进行测试，结果发现是这样的

root@bt:~# nmap -sT -O -A 223.67.165.180

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:47 EDT
Nmap scan report for 223.67.165.180
Host is up (0.00051s latency).
All 1000 scanned ports on 223.67.165.180 are filtered
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT    ADDRESS
1   ... 30

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds

原来是对方使用了路由器，扫描变成了对路由器的扫描了。