nmap is a network port scanner. Its main function is to check a group of target hosts to see which TCP and UDP ports are on the service. Because most network services are associated with the well-known port number, this information will tell you a lot about the software that is running on a machine.
Running nmap is a great way to figure out what the system looks like to the person who is going to do the damage. For example, the following is a report from a RHEL default installation machine:
By default, the -sT parameter of nmap requires a normal method to try to connect to each TCP port on the target host. Once the connection is established, nmap will be disconnected immediately. This is rude, but it is harmless to a properly written network service program.
From the above example we can see that the host rhel is running several service programs that may not be used. These programs are historically related to security issues: portmapd(rpcbind), CUPS( Ipp), may also include sendmail(smtp). Several potential attack routes are quite clear.
The STATE column in the nmap output shows "open"; open” indicates that the port has a service program, "unfiltered" indicates that the port has no service program, and "filtered" indicates that the port cannot be detected because of firewall interference. Unfiltered ports are the most typical case, and unless nmap is performing an ACK scan, they are usually not displayed.
In addition to straightforward TCP and UDP probes, nmap has a whole set of methods to silently detect without actually making a connection. In most cases, these probes will send packets that appear to be in the middle of the TCP session (instead of starting) and then wait for the diagnostics package to be sent back. These secret detection methods may be effective to bypass the firewall or avoid being detected by the network security monitor looking for a port scanner. If your site uses a firewall (see Section 20.12), it's a good idea to explore it with these alternative scan modes and see what they can find.
nmap has a magical and useful ability: to figure out what the system is running operating system
by looking at the details of a remote system TCP/IP implementation. It can sometimes even determine what software is running on an open port. The -O and -sV options open these functions separately. For example:
This feature is very useful for getting a detailed list of local networks. Unfortunately, it is also very useful for hackers who can focus their attacks on known weaknesses of the target operating system.
Also remember that most system administrators don't usually like you scanning their networks and pointing out the weaknesses of the network, no matter how motivated you are. Never use nmap to scan someone else's network without the consent of the system administrators of other networks.
badblocks is the command or utility in linux like operating system which can scan or test our hard d
Computer store news: Do you remember that Steam is ready to host? Now there is new news: this hardwa
Linode VPS default time zone is US, which is inconvenient for performing some scheduled tasks. There
Computer Store News: first Linux systems for flat panel launch For those who have tired of the N
Install libxml2 "bin/rm: cannot remove `libtoolT: No such file
Linux I2C core, bus and device drivers
Linux more command using tutorial
Resolve VSFTP local users can not authenticate login problems
Linux administrators must not know the top ten PHP security points
Linux installation of U disk process
Linux Environment Programming - Process Communication
Fresh experience in programming under Linux
How to display the full-screen magnet application in Win10
Win10 preview version 10031 more desktop task logic is clearer
Win10 system play CF can not solve the full screen how to solve
Use Baidu Express to upgrade Win10 prompt language to be simplified Chinese how to do?
How does Win10 copy the error message in the popup?
What if the Win8 desktop icon is missing? How to solve?
What should I do if Win8.1 fails to start after installing August update (Aug Update)?