利用nmap扫描整个局域网活动主机的IP-MAC和Port
2013-03-22 19:46 DVwei 阅读(35763) 评论(2) 编辑 收藏 举报通过nmap扫描完之后,查看arp缓存表即可查看IP-MAC表
进行ping扫描,输出所有响应的主机IP:
nmap -sP 172.17.148.0/24 Nmap scan report for 172.17.148.19 Host is up (0.0029s latency). Nmap scan report for 172.17.148.28 Host is up (0.00069s latency). Nmap scan report for 172.17.148.36 Host is up (0.0067s latency). Nmap scan report for 172.17.148.40 Host is up (0.0033s latency). Nmap scan report for 172.17.148.41 Host is up (0.0017s latency). Nmap scan report for 172.17.148.45 Host is up (0.0016s latency). Nmap scan report for 172.17.148.46 Host is up (0.010s latency). Nmap scan report for 172.17.148.54 Host is up (0.00083s latency). Nmap scan report for 172.17.148.63 Host is up (0.0010s latency). Nmap scan report for 172.17.148.64 Host is up (0.0013s latency).
..................
扫描指定主机的开放端口,系统版本等信息:
nmap -A 172.17.148.168 #比如我扫描一下舍友的电脑,结果如下: Starting Nmap 5.21 ( http://nmap.org ) at 2013-03-22 19:12 CST Nmap scan report for 172.17.148.168 Host is up (0.00069s latency). Not shown: 993 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 7.5 |_html-title: \xE6\x88\x91\xE7\x9A\x84\xE9\xA6\x96\xE9\xA1\xB5 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open netbios-ssn 843/tcp open unknown 3389/tcp open microsoft-rdp Microsoft Terminal Service 8000/tcp open tcpwrapped Service Info: OS: Windows Host script results: |_nbstat: NetBIOS name: BO, NetBIOS user: <unknown>, NetBIOS MAC: 20:6a:8a:59:f8:ee | smb-os-discovery: | OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1) | Name: WORKGROUP\BO |_ System time: 2013-03-22 19:14:36 UTC+8 |_smbv2-enabled: Server supports SMBv2 protocol Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 144.04 seconds
UDP扫描(需要root权限,且速度慢):
nmap -sU 172.17.148.0/24
SYN扫描(需要root权限):
namp -sS 172.17.148.0/24
扫描完后查看/proc/net/arp
cat /proc/net/arp