Nmap学习4 - 主机发现 实验一
2024-06-08 18:26:56
Nmap学习4 - 主机发现 实验一
- 实验
- 实验1- nmap -sn 无端口扫描
- 局域网
- 广域网
- 实验2- nmap -Pn 无 Ping 扫描
- 实验3- nmap -PS -PA -PU -PY 比较
- 实验4- nmap -PE -PP -PM 比较
- 实验5- nmap -PO IP 协议 ping
- 实验6- nmap -PR ARP ping
- 实验7- nmap --traceroute 跟踪主机路径
实验
- 客户端 window11 物理机 192.168.31.1,安装 nmap 扫描软件 、wireshark 网络协议分析器软件 、winscp 文件传输软件。
- Centos 7 虚拟机 192.168.31.142,安装 tcpdump 抓包软件和关闭防火墙
- Windows 7 虚拟机 192.168.31.146
实验1- nmap -sn 无端口扫描
局域网
>nmap -sn --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 11:29 ?D1ú±ê×?ê±??
SENT (0.5810s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5820s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6240s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6240s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6250s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6250s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6330s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6350s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6350s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6350s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6360s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6360s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6370s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6380s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6390s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6540s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (80 bytes)
NSOCK INFO [0.6550s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.6550s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.6550s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.0010s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
使用 --packet-trace 选项,我们可以看到后面发生了什么.
SENT (0.5810s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5820s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
无端口扫描局域网时,客户端发arp广播查询目标主机IP地址,目标主机收到广播包后,回复自己的IP和MAC地址。
广域网
>nmap -sn --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 11:32 ?D1ú±ê×?ê±??
SENT (0.6050s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=13602 seq=0] IP [ttl=43 id=37469 iplen=28 ]
SENT (0.6200s) TCP 10.201.3.112:47133 > 220.181.38.251:443 S ttl=39 id=24109 iplen=44 seq=540556213 win=1024 <mss 1460>
SENT (0.6210s) TCP 10.201.3.112:47133 > 220.181.38.251:80 A ttl=45 id=42907 iplen=40 seq=0 win=1024
SENT (0.6210s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=64606 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=29039 iplen=40 ]
RCVD (0.6390s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=13602 seq=0] IP [ttl=47 id=37469 iplen=28 ]
NSOCK INFO [0.6750s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6750s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6760s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6760s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6840s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6850s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6850s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6860s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6860s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6880s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6880s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.7050s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.7050s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.7050s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.7050s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.7050s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.7050s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.7050s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.7050s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.035s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds
SENT (0.6050s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=13602 seq=0] IP [ttl=43 id=37469 iplen=28 ]
客户端发送 ICMP Echo request (就是ping)请求到 220.181.38.251
SENT (0.6200s) TCP 10.201.3.112:47133 > 220.181.38.251:443 S ttl=39 id=24109 iplen=44 seq=540556213 win=1024 <mss 1460>
客户端访问 220.181.38.251 443 端口
SENT (0.6210s) TCP 10.201.3.112:47133 > 220.181.38.251:80 A ttl=45 id=42907 iplen=40 seq=0 win=1024
客户端访问 220.181.38.148 80 端口
SENT (0.6210s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=64606 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=29039 iplen=40 ]
客户端发送 ICMP Timestamp request (发起同步的设备产生一个时间戳,然后利用ICMP消息体和协议规则,将时间戳发送给接收设备,这就是一个timestamp request消息。接收设备收到消息后返回自己的时间戳,这就是timestamp reply 消息。发出者的时间戳和接收者的时间戳就可以让两个设备之间保持时钟同步。)
RCVD (0.6390s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=13602 seq=0] IP [ttl=47 id=37469 iplen=28 ]
220.181.38.251 给客户端返回 ICMP Echo reply
实验2- nmap -Pn 无 Ping 扫描
>nmap -sn -Pn --packet-trace baidu.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:10 ?D1ú±ê×?ê±??
NSOCK INFO [0.3570s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.3570s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.3590s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.3590s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.3650s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.3670s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.3670s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.3670s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.3680s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.3680s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.3690s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.3690s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.3700s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.3710s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.3850s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.3850s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.3850s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.3850s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up.
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds
我们先用-sn 参数,指定不做端口扫描,便于实验观察。
跳过主机发现阶段,没有ICMP ping的过程;本地网络则没有arp的过程。
实验3- nmap -PS -PA -PU -PY 比较
>nmap -sn -PS --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:40 ?D1ú±ê×?ê±??
SENT (0.6070s) TCP 10.201.3.112:44277 > 220.181.38.148:80 S ttl=44 id=59776 iplen=44 seq=1810711350 win=1024 <mss 1460>
RCVD (0.6430s) TCP 220.181.38.148:80 > 10.201.3.112:44277 SA ttl=47 id=59776 iplen=44 seq=497989444 win=8192 <mss 1452>
NSOCK INFO [0.6800s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6800s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6810s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6810s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6810s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6810s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6810s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6810s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6810s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6810s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6990s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.6990s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6990s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6990s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.6990s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6990s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6990s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6990s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for baidu.com (220.181.38.148)
Host is up (0.037s latency).
Other addresses for baidu.com (not scanned): 220.181.38.251
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds>nmap -sn -PA --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:40 ?D1ú±ê×?ê±??
SENT (0.5780s) TCP 10.201.3.112:45289 > 220.181.38.148:80 A ttl=38 id=52518 iplen=40 seq=0 win=1024
SENT (1.5870s) TCP 10.201.3.112:45290 > 220.181.38.148:80 A ttl=51 id=42790 iplen=40 seq=0 win=1024
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.64 seconds>nmap -sn -PU --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:41 ?D1ú±ê×?ê±??
SENT (0.6040s) UDP 10.201.3.112:42067 > 220.181.38.148:40125 ttl=46 id=33413 iplen=68
SENT (1.6180s) UDP 10.201.3.112:42068 > 220.181.38.148:40125 ttl=59 id=15787 iplen=68
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.67 seconds>nmap -sn -PY --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:41 ?D1ú±ê×?ê±??
SENT (0.6380s) SCTP 10.201.3.112:34658 > 220.181.38.148:80 ttl=51 id=20371 iplen=52
SENT (1.6400s) SCTP 10.201.3.112:34659 > 220.181.38.148:80 ttl=43 id=5992 iplen=52
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.70 seconds
SENT (0.6070s) TCP 10.201.3.112:44277 > 220.181.38.148:80 S ttl=44 id=59776 iplen=44 seq=1810711350 win=1024 <mss 1460>
RCVD (0.6430s) TCP 220.181.38.148:80 > 10.201.3.112:44277 SA ttl=47 id=59776 iplen=44 seq=497989444 win=8192 <mss 1452>
-PS 此扫描选项发送一个带有 SYN 标志的空 TCP 数据包
SENT (0.5780s) TCP 10.201.3.112:45289 > 220.181.38.148:80 A ttl=38 id=52518 iplen=40 seq=0 win=1024
SENT (1.5870s) TCP 10.201.3.112:45290 > 220.181.38.148:80 A ttl=51 id=42790 iplen=40 seq=0 win=1024
-PS 此扫描选项发送一个带有 ACK 标志的空 TCP 数据包
SENT (0.6040s) UDP 10.201.3.112:42067 > 220.181.38.148:40125 ttl=46 id=33413 iplen=68
SENT (1.6180s) UDP 10.201.3.112:42068 > 220.181.38.148:40125 ttl=59 id=15787 iplen=68
-PU 此扫描选项发送 UDP 空数据包
SENT (0.6380s) SCTP 10.201.3.112:34658 > 220.181.38.148:80 ttl=51 id=20371 iplen=52
SENT (1.6400s) SCTP 10.201.3.112:34659 > 220.181.38.148:80 ttl=43 id=5992 iplen=52
-PY 通过发送 SCTP INIT 来确定主机是否在线
实验4- nmap -PE -PP -PM 比较
>nmap -sn -PE --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:54 ?D1ú±ê×?ê±??
SENT (0.6090s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=10974 seq=0] IP [ttl=46 id=62372 iplen=28 ]
RCVD (0.6420s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=10974 seq=0] IP [ttl=47 id=62372 iplen=28 ]
NSOCK INFO [0.6760s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6760s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6770s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6770s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6780s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6780s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6780s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6780s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6780s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6780s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6780s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6940s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.6950s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6950s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6950s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.6950s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6950s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6950s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6950s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.033s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds>nmap -sn -PP --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:54 ?D1ú±ê×?ê±??
SENT (0.5850s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=4004 seq=0 orig=0 recv=0 trans=0] IP [ttl=47 id=1697 iplen=40 ]
SENT (1.5900s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=31426 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=20773 iplen=40 ]
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.64 seconds>nmap -sn -PM --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 14:54 ?D1ú±ê×?ê±??
SENT (0.6040s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=3736 seq=0 mask=0.0.0.0] IP [ttl=44 id=19226 iplen=32 ]
SENT (1.6170s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=36449 seq=0 mask=0.0.0.0] IP [ttl=54 id=37465 iplen=32 ]
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.67 seconds
SENT (0.6090s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=10974 seq=0] IP [ttl=46 id=62372 iplen=28 ]
RCVD (0.6420s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=10974 seq=0] IP [ttl=47 id=62372 iplen=28 ]
-PE 选项告诉 Nmap 向 scanme 发送一个 ICMP 回显请求包。 如果我们收到 ICMP echo 回复,我们可以确定主机在线。
SENT (0.5850s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=4004 seq=0 orig=0 recv=0 trans=0] IP [ttl=47 id=1697 iplen=40 ]
SENT (1.5900s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=31426 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=20773 iplen=40 ]
-PP ICMP时间戳回复 (-PP)
SENT (0.6040s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=3736 seq=0 mask=0.0.0.0] IP [ttl=44 id=19226 iplen=32 ]
SENT (1.6170s) ICMP [10.201.3.112 > 220.181.38.251 Address mask request (type=17/code=0) id=36449 seq=0 mask=0.0.0.0] IP [ttl=54 id=37465 iplen=32 ]
-PM 地址标记回复 (-PM) 消息
实验5- nmap -PO IP 协议 ping
nmap -sn -PO --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:30 ?D1ú±ê×?ê±??
SENT (0.5930s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=60889 seq=0] IP [ttl=57 id=19664 iplen=28 ]
SENT (0.6050s) igmp (2) 10.201.3.112 > 220.181.38.251: ttl=40 id=11947 iplen=28
SENT (0.6050s) ipv4 (4) 10.201.3.112 > 220.181.38.251: ttl=55 id=24946 iplen=20
RCVD (0.6260s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=60889 seq=0] IP [ttl=47 id=19664 iplen=28 ]
NSOCK INFO [0.6600s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6600s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6610s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6610s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6610s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6610s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6610s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6610s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6610s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6610s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6750s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.6760s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.6760s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.6760s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.034s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds
SENT (0.5930s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=60889 seq=0] IP [ttl=57 id=19664 iplen=28 ]
SENT (0.6050s) igmp (2) 10.201.3.112 > 220.181.38.251: ttl=40 id=11947 iplen=28
SENT (0.6050s) ipv4 (4) 10.201.3.112 > 220.181.38.251: ttl=55 id=24946 iplen=20
RCVD (0.6260s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=60889 seq=0] IP [ttl=47 id=19664 iplen=28 ]
-PO 不指定协议,默认使用 使用 IGMP 2、IP-in-IP4 和 ICMP 1 协议来尝试判断主机是否在线。
实验6- nmap -PR ARP ping
>nmap -sn -PR --packet-trace baidu.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:36 ?D1ú±ê×?ê±??
SENT (0.6460s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=30437 seq=0] IP [ttl=46 id=25608 iplen=28 ]
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:443 S ttl=46 id=58335 iplen=44 seq=3943378522 win=1024 <mss 1460>
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:80 A ttl=42 id=24026 iplen=40 seq=0 win=1024
SENT (0.6660s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=9267 seq=0 orig=0 recv=0 trans=0] IP [ttl=50 id=59853 iplen=40 ]
RCVD (0.6810s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=30437 seq=0] IP [ttl=47 id=25608 iplen=28 ]
NSOCK INFO [0.7150s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.7150s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.7170s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.7170s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.7240s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.7260s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.7260s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.7270s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.7280s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.7280s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.7280s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.7290s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.7300s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.7300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.7520s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (120 bytes)
NSOCK INFO [0.7520s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.7520s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.7520s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.035s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148
Nmap done: 1 IP address (1 host up) scanned in 0.77 seconds
在广域网中,虽然加了 -PR 参数,nmap 还是通过ping 和访问远端主机的443和80端口判断主机是否在线。
SENT (0.6460s) ICMP [10.201.3.112 > 220.181.38.251 Echo request (type=8/code=0) id=30437 seq=0] IP [ttl=46 id=25608 iplen=28 ]
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:443 S ttl=46 id=58335 iplen=44 seq=3943378522 win=1024 <mss 1460>
SENT (0.6640s) TCP 10.201.3.112:38370 > 220.181.38.251:80 A ttl=42 id=24026 iplen=40 seq=0 win=1024
SENT (0.6660s) ICMP [10.201.3.112 > 220.181.38.251 Timestamp request (type=13/code=0) id=9267 seq=0 orig=0 recv=0 trans=0] IP [ttl=50 id=59853 iplen=40 ]
RCVD (0.6810s) ICMP [220.181.38.251 > 10.201.3.112 Echo reply (type=0/code=0) id=30437 seq=0] IP [ttl=47 id=25608 iplen=28 ]
>nmap -sn -PR --packet-trace 172.26.129.4
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:36 ?D1ú±ê×?ê±??
SENT (0.5880s) ICMP [172.26.131.123 > 172.26.129.4 Echo request (type=8/code=0) id=14931 seq=0] IP [ttl=55 id=7872 iplen=28 ]
RCVD (0.5880s) ICMP [172.26.129.4 > 172.26.131.123 Echo reply (type=0/code=0) id=14931 seq=0] IP [ttl=63 id=316 iplen=28 ]
NSOCK INFO [0.6300s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6300s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6310s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6310s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6380s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6390s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6390s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6400s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6400s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6400s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6420s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6420s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6430s] nsock_write(): Write request for 43 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6430s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [3.1540s] nsock_write(): Write request for 43 bytes to IOD #1 EID 83 [114.114.114.114:53]
NSOCK INFO [3.1550s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 83 [114.114.114.114:53]
NSOCK INFO [6.1660s] nsock_write(): Write request for 43 bytes to IOD #2 EID 91 [198.18.0.1:53]
NSOCK INFO [6.1660s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 91 [198.18.0.1:53]
NSOCK INFO [6.1820s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 34 [198.18.0.1:53] (120 bytes)
NSOCK INFO [6.1830s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 98
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #18 (type READ)
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #98 (type READ)
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [6.1830s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [6.1830s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 172.26.129.4
Host is up (0.00s latency).
Nmap done: 1 IP address (1 host up) scanned in 6.21 seconds
在局域网中,加了 -PR 参数,nmap 是通过ping判断主机是否在线。
SENT (0.5880s) ICMP [172.26.131.123 > 172.26.129.4 Echo request (type=8/code=0) id=14931 seq=0] IP [ttl=55 id=7872 iplen=28 ]
RCVD (0.5880s) ICMP [172.26.129.4 > 172.26.131.123 Echo reply (type=0/code=0) id=14931 seq=0] IP [ttl=63 id=316 iplen=28 ]
>nmap -sn -PR --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:36 ?D1ú±ê×?ê±??
SENT (0.5840s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5840s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
NSOCK INFO [0.6210s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6210s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6330s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6330s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6370s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6390s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6390s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6450s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6460s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6460s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [0.6480s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #4) EID 56
NSOCK INFO [0.6480s] nsock_read(): Read request from IOD #4 [198.18.0.1:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6490s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [114.114.114.114:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [114.114.114.114:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6490s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [198.18.0.1:53]
NSOCK INFO [0.6600s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (80 bytes)
NSOCK INFO [0.6610s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 82
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.6610s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [0.6610s] nevent_delete(): nevent_delete on event #66 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.00s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
在同网段上,加了 -PR 参数,nmap 才是通过ARP判断主机是否在线。
SENT (0.5840s) ARP who-has 192.168.31.142 tell 192.168.31.1
RCVD (0.5840s) ARP reply 192.168.31.142 is-at 00:0C:29:83:79:73
**在同网段上,可以使用–disable-arp-ping参数,禁止ARP **
>nmap -sn --disable-arp-ping --packet-trace 192.168.31.142
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 15:47 ?D1ú±ê×?ê±??
SENT (0.5830s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=29249 seq=0] IP [ttl=42 id=30258 iplen=28 ]
RCVD (0.5840s) ICMP [192.168.31.142 > 192.168.31.1 Echo reply (type=0/code=0) id=29249 seq=0] IP [ttl=64 id=5745 iplen=28 ]
NSOCK INFO [0.6250s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.6250s] nsock_connect_udp(): UDP connection requested to 114.114.114.114:53 (IOD #1) EID 8
NSOCK INFO [0.6270s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 18
NSOCK INFO [0.6270s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.6410s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #2) EID 24
NSOCK INFO [0.6490s] nsock_read(): Read request from IOD #2 [198.18.0.1:53] (timeout: -1ms) EID 34
NSOCK INFO [0.6490s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [0.6500s] nsock_connect_udp(): UDP connection requested to 198.18.0.1:53 (IOD #3) EID 40
NSOCK INFO [0.6510s] nsock_read(): Read request from IOD #3 [198.18.0.1:53] (timeout: -1ms) EID 50
NSOCK INFO [0.6520s] nsock_write(): Write request for 45 bytes to IOD #1 EID 59 [114.114.114.114:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [114.114.114.114:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [114.114.114.114:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [198.18.0.1:53]
NSOCK INFO [0.6520s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [198.18.0.1:53]
NSOCK INFO [0.6720s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [114.114.114.114:53] (122 bytes)
NSOCK INFO [0.6720s] nsock_read(): Read request from IOD #1 [114.114.114.114:53] (timeout: -1ms) EID 66
NSOCK INFO [0.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.6720s] nevent_delete(): nevent_delete on event #66 (type READ)
NSOCK INFO [0.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.6720s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [0.6720s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [0.6720s] nevent_delete(): nevent_delete on event #50 (type READ)
Nmap scan report for 192.168.31.142
Host is up (0.0010s latency).
MAC Address: 00:0C:29:83:79:73 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.71 seconds
SENT (0.5830s) ICMP [192.168.31.1 > 192.168.31.142 Echo request (type=8/code=0) id=29249 seq=0] IP [ttl=42 id=30258 iplen=28 ]
RCVD (0.5840s) ICMP [192.168.31.142 > 192.168.31.1 Echo reply (type=0/code=0) id=29249 seq=0] IP [ttl=64 id=5745 iplen=28 ]
使用ping来判断主机是否在线。
实验7- nmap --traceroute 跟踪主机路径
>nmap -sn --traceroute baidu.com sina.cn 163.com
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-07 16:01 ?D1ú±ê×?ê±??
Nmap scan report for baidu.com (220.181.38.251)
Host is up (0.036s latency).
Other addresses for baidu.com (not scanned): 220.181.38.148TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 183.60.95.227
2 ... 18
19 33.00 ms 220.181.38.251Nmap scan report for sina.cn (183.60.95.227)
Host is up (0.032s latency).TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 3.00 ms 10.201.63.254
2 ... 13
14 31.00 ms 183.60.95.227Nmap scan report for 163.com (123.58.180.8)
Host is up (0.0085s latency).
Other addresses for 163.com (not scanned): 123.58.180.7TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 183.60.95.227
2 ... 11
12 5.00 ms 123.58.180.8Nmap done: 3 IP addresses (3 hosts up) scanned in 13.84 seconds
Other addresses for baidu.com (not scanned): 220.181.38.148
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 183.60.95.227
2 … 18
19 33.00 ms 220.181.38.251
从Wireshark抓包看,nmap 发出TTL值逐渐增大的ICMP Echo request包,来进行主机在线测试。由于数据包通过路由器时,数据包内的TTL回减去1,当TTL为0时数据包会直接被路由器丢弃。 nmap发出的ping包TTL值为19时,到达目的主机所在的路由器,目标主机回复ICMP Echo reply包,nmap就知道通过19个路由器。由于目前的路由器对ICMP Echo request不做回应,所以无法获取路由器的IP地址,只能用 2 … 18 来显示。
详见 Traceroute(路由追踪)的原理及实现
Nmap学习4 - 主机发现 实验一相关推荐
- nmap入门之主机发现
2019独角兽企业重金招聘Python工程师标准>>> #主机发现(HOST DISCOVERY) ##仅列出IP,不扫描 nmap -sL 192.168.70.0/24 > ...
- Nmap学习——目标主机、端口、操作系统和服务探测以及输出格式
1.nmap简介 nmap是一个用于网络探测和安全/端口扫描的工具,全称Network Mapper(网络映射器),主要用来快速扫描大型网络,提供目标主机的各类信息,如:目标机的服务类型及状态.端口号 ...
- 诸神之眼-nmap详细使用介绍1!基础使用与主机发现篇! (*╹▽╹*) 信息收集 ~ 其二
文章目录 前言 安装 手动添加环境变量 nmap基础使用 对连续范围内的主机进行扫描 扫描整个子网(C端存活主机探测) 对多个不连续的主机进行扫描(`-sn`) 在扫描的时候排除指定的目标(`--ex ...
- Nmap源码分析(主机发现)
Nmap在进行真正的端口扫描之前,通常需要确定目标主机是否在线(主机发现过程),以免发送大量探测包到不在线的主机.主机发现作为Nmap的基本功能之一,用户也可以单独运用.例如,仅仅需要确定局域网内哪 ...
- 基于原理分析Nmap——活跃主机发现、端口扫描、服务探测、伪装技术、NSE脚本
参考书籍<诸神之眼--Nmap网络安全审计技术揭秘> 李华峰 著 清华大学出版社 基于原理分析Nmap 1. 活跃主机发现技术 1.1 基于ARP协议 1.2 基于ICMP协议 1.2.1 ...
- 活跃主机发现技术指南
活跃主机发现技术指南 1.活跃主机发现技术简介 2.基于ARP协议的活跃主机发现技术 3.基于ICMP协议的活跃主机发现技术 4.基于TCP协议的活跃主机发现技术 5.基于UDP协议的活跃主机发现技术 ...
- Nmap学习10 - 对目标主机使用 NSE 脚本
Nmap学习10 - 对目标主机使用 NSE 脚本 脚本类别 --script 使用脚本 使用类别 brute 枚举.暴力破解 使用多个类别 使用文件名 dns-brute 枚举子域名 broadca ...
- NMap参数抓包分析——主机发现,端口扫描,服务和版本探测
1. NMap (1)NMap 介绍: NMap(Network Mapper)是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端.确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统 ...
- nmap为什么这么强大之主机发现
Nmap为什么这么强大? made by tdcoming! 1.概述 大家都知道,使用我们的nmap真尼玛强大,从发现主机,到端口探测,到服务发现,漏洞利用等等,无所不能.在信息收集方面可谓是不可缺 ...
最新文章
- NodeJS学习之网络操作
- OpenCV学习--saturate_cast防止数据溢出
- 32位mysql安装包_《MySQL 入门教程》第 02 篇 MySQL 安装
- Tomcat启动超时问题Server Tomcat v7.0 Server at localhost was unable to start within 45 seconds
- java面向对象高级分层实例_BaseDao
- cpu影响matlab仿真速度吗,Proteus仿真速度很慢的分析
- Secondary Namenode的Check point机制以及Namenode、Datanode工作机制说明
- 统计学第二章--感知机
- 5G 来了,需要更换 SIM 卡吗?
- WPF 中依赖属性的继承(Inherits)
- 如何清除vsphere主机提示“此主机当前没有管理网络冗余”
- 慕课网_《Netty入门之WebSocket初体验》学习总结
- 242.有效的字母异位词
- Tortoise SVN 1.8.11怎么汉化
- ERP系统无缝对接扫码功能,快速提高企业生产效率
- mac系统下修改usr/bin文件夹权限问题
- 关于微信小程序自定义导航栏时,如何获取手机状态栏和导航栏高度
- 合并多个 .ts 文件为单个 .mp4 解决方案
- 万字长文:读懂微服务编排利器Zeebe
- 58同城渠道“去赶集化” 代理商或成联姻牺牲品