# Nmap應用 Nmap 是一個開放原始碼的網路掃描與探測工具,可以讓網路管理者掃描整個子網域或主機的連接埠等,功能非常強大。 ## 快速掃描區網並取得MAC(無須root) ``` nmap -F 192.168.43.0/24 && arp -a ``` ## 掃描區網 ``` sudo nmap -sP 192.168.43.0/24 ``` 加上 -v 參數,會有更詳細的輸出 ## 掃描其中幾台設備,有無提供連線 port ``` sudo nmap 192.168.43.101 192.168.43.100 Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-21 13:48 CST Nmap scan report for 192.168.43.101 Host is up (0.028s latency). Not shown: 999 closed ports PORT STATE SERVICE 8022/tcp open oa-system Nmap scan report for 192.168.43.100 Host is up (0.00011s latency). Not shown: 992 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-wbt-server 7070/tcp open realserver 9090/tcp open zeus-admin Nmap done: 2 IP addresses (2 hosts up) scanned in 14.10 seconds ``` ## 偵測作業系統與服務資訊 ``` 
nmap -p 80 -A 192.168.43.100

Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-21 13:58 CST
Nmap scan report for 192.168.43.100
Host is up (0.00010s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.57 seconds
``` ## 掃描有防火牆的主機 掃描在防火牆保護下的主機: 設定firewall 保護 ``` sudo iptables -A INPUT --dport 80 -j DROP sudo iptables -L | grep http DROP tcp -- anywhere anywhere tcp dpt:http ``` ``` #從192.168.43.101來做nmap sudo nmap -PN 192.168.43.100 ``` ![](https://529150212-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lh81JtaIQ84bwQqz_Wh%2F-Lwb-93T9NB-VK10Lp9w%2F-Lwb52RC45VufEJrI5TK%2Fimage.png?alt=media\&token=ec641c97-b2b6-440e-abff-2ac0530edee8) 指定 TCP 連接埠 `80`: ``` nmap -p T:80 192.168.43.100 ``` 指定 UDP 連接埠 `53`: ``` nmap -p U:53 192.168.43.100 ``` 掃描兩個連接埠: ``` sudo nmap -p 80,445 192.168.43.100 ``` 指定連接埠範圍: ``` sudo nmap -p 80-3389 192.168.43.100 ```