代码改变世界

利用nmap扫描整个局域网活动主机的IP-MAC和Port

2013-03-22 19:46  DVwei  阅读(36054)  评论(2编辑  收藏  举报

通过nmap扫描完之后,查看arp缓存表即可查看IP-MAC表

进行ping扫描,输出所有响应的主机IP:

nmap -sP 172.17.148.0/24  

Nmap scan report for 172.17.148.19
Host is up (0.0029s latency).
Nmap scan report for 172.17.148.28
Host is up (0.00069s latency).
Nmap scan report for 172.17.148.36
Host is up (0.0067s latency).
Nmap scan report for 172.17.148.40
Host is up (0.0033s latency).
Nmap scan report for 172.17.148.41
Host is up (0.0017s latency).
Nmap scan report for 172.17.148.45
Host is up (0.0016s latency).
Nmap scan report for 172.17.148.46
Host is up (0.010s latency).
Nmap scan report for 172.17.148.54
Host is up (0.00083s latency).
Nmap scan report for 172.17.148.63
Host is up (0.0010s latency).
Nmap scan report for 172.17.148.64
Host is up (0.0013s latency).
..................

扫描指定主机的开放端口,系统版本等信息:
nmap -A 172.17.148.168 

#比如我扫描一下舍友的电脑,结果如下:
Starting Nmap 5.21 ( http://nmap.org ) at 2013-03-22 19:12 CST
Nmap scan report for 172.17.148.168
Host is up (0.00069s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 7.5
|_html-title: \xE6\x88\x91\xE7\x9A\x84\xE9\xA6\x96\xE9\xA1\xB5
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open netbios-ssn
843/tcp open unknown
3389/tcp open microsoft-rdp Microsoft Terminal Service
8000/tcp open tcpwrapped
Service Info: OS: Windows

Host script results:
|_nbstat: NetBIOS name: BO, NetBIOS user: <unknown>, NetBIOS MAC: 20:6a:8a:59:f8:ee
| smb-os-discovery: 
| OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
| Name: WORKGROUP\BO
|_ System time: 2013-03-22 19:14:36 UTC+8
|_smbv2-enabled: Server supports SMBv2 protocol

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 144.04 seconds

 

 UDP扫描(需要root权限,且速度慢):

nmap -sU 172.17.148.0/24

SYN扫描(需要root权限):

namp -sS 172.17.148.0/24

 

扫描完后查看/proc/net/arp

cat /proc/net/arp