正如标题所言,nmap(network mapper)是一种用于查看目标主机端口开放状态的网络探索工具。当不了解自己计算机端口开放情况时,可以使用nmap命令查看主机端口的开放状态。
比如,我有一台云服务器,在上面部署了MySQL服务,为了确保安全,我希望查看一下该主机的端口放通状态,这个时候就可以使用nmap命令查看。
一、简介
简要介绍一下nmap命令(nmap 的手册):
NAME
nmap - Network exploration tool and security / port scanner
SYNOPSIS
nmap [Scan Type...] [Options] {target specification}
DESCRIPTION
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan
large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS
versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is
commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network
inventory, managing service upgrade schedules, and monitoring host or service uptime.
The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among
that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The
state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for
connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that
Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at
any time. Ports are classified as unfiltered when they are responsive to Nmap's probes, but Nmap cannot determine whether they are
open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two
states describe a port. The port table may also include software version details when version detection has been requested. When
an IP protocol scan is requested (-sO), Nmap provides information on supported IP protocols rather than listening ports.
In addition to the interesting ports table, Nmap can provide further information on targets, including reverse DNS names,
operating system guesses, device types, and MAC addresses.
......手册较长,以下部分省略
百度翻译:
nmap是一个用于网络探索和安全审计的开源工具。它被设计用于快速扫描大型网络,尽管它可以很好地对抗单个主机。Nmap以新颖的方式使用原始IP数据包来确定网络上可用的主机、这些主机提供的服务(应用程序名称和版本)、运行的操作系统(和操作系统版本)、使用的数据包过滤器/防火墙类型以及数十种其他特征。虽然Nmap通常用于安全审计,但许多系统和网络管理员发现它对日常任务很有用,如网络库存、管理服务升级计划以及监控主机或服务正常运行时间。
nmap的输出是扫描目标的列表,根据使用的选项,每个目标都有补充信息。这些信息中的关键是“有趣的端口表”。该表列出了端口号和协议、服务名称和状态。状态为打开、过滤、关闭或未过滤。打开表示目标计算机上的应用程序正在侦听该端口上的连接/数据包。已筛选表示防火墙、筛选器或其他网络障碍正在阻塞该端口,因此Nmap无法判断该端口是打开还是关闭。关闭的端口没有应用程序在侦听,尽管它们可以随时打开。当端口对Nmap的探测做出响应时,它们被归类为未过滤端口,但Nmap无法确定它们是打开还是关闭。当Nmap无法确定两种状态中的哪一种描述端口时,它会报告打开|已筛选和关闭|已筛选的状态组合。当请求版本检测时,端口表还可能包括软件版本详细信息。当请求IP协议扫描(-sO)时,Nmap提供有关支持的IP协议的信息,而不是侦听端口。
除了有趣的端口表之外,Nmap还可以提供有关目标的进一步信息,包括反向DNS名称、操作系统猜测、设备类型、MAC地址等。
二、示例
首先需要安装nmap,我使用的操作系统是Ubuntu22.04 。Ubuntu操作系统可以使用以下命令安装nmap:
sudo apt install nmap
nmap需要以管理员权限运行,最简单的用法就是直接在nmap后写上IP或者域名:
sudo nmap IP/域名
可以看到,3306端口被打开,mysql服务正在监听。3389端口也被打开,这个是Windows远程桌面服务。其他端口都没有打开。
nmap有更多更灵活的用法,详情请使用“man nmap”命令查看手册。
.
.
如有不当或错误之处,恳请您的指正,谢谢!!!
