- 论坛徽章:
- 1
|
知道mac如何查找ip呢
[quote]原帖由 "platinum"]0 和 255 不是代表网络地址和广播地址吗?这两个也计算在内一起 scan ?[/quote 发表:
在man里面看到的.但是我个人感觉不是一个太满意的答案.你可以对付看看.
TARGET SPECIFICATION
Everything that isn’t an option (or option argument) in nmap is treated
as a target host specification. The simplest case is listing single
hostnames or IP addresses on the command line. If you want to scan a
subnet of IP addresses, you can append /mask to the hostname or IP
address. mask must be between 0 (scan the whole Internet) and 32 (scan
the single host specified). Use /24 to scan a class "C" address and
/16 for a class "B".
Nmap also has a more powerful notation which lets you specify an IP
address using lists/ranges for each element. Thus you can scan the
whole class "B" network 192.168.*.* by specifying "192.168.*.*" or
"192.168.0-255.0-255" or even "192.168.1-50,51-255.1,2,3,4,5-255". And
of course you can use the mask notation: "192.168.0.0/16". These are
all equivalent. If you use asterisks ("*" , remember that most shells
require you to escape them with back slashes or protect them with
quotes.
Another interesting thing to do is slice the Internet the other way.
Instead of scanning all the hosts in a class "B", scan "*.*.5.6-7" to
scan every IP address that ends in .5.6 or .5.7 Pick your own numbers.
For more information on specifying hosts to scan, see the examples sec-
tion.
EXAMPLES
Here are some examples of using nmap, from simple and normal to a lit-
tle more complex/esoteric. Note that actual numbers and some actual
domain names are used to make things more concrete. In their place you
should substitute addresses/names from your own network. I do not
think portscanning other networks is illegal; nor should portscans be
construed by others as an attack. I have scanned hundreds of thousands
of machines and have received only one complaint. But I am not a
lawyer and some (anal) people may be annoyed by nmap probes. Get
permission first or use at your own risk.
nmap -v target.example.com
This option scans all reserved TCP ports on the machine target.exam-
ple.com . The -v means turn on verbose mode.
nmap -sS -O target.example.com/24
Launches a stealth SYN scan against each machine that is up out of the
255 machines on class "C" where target.example.com resides. It also
tries to determine what operating system is running on each host that
is up and running. This requires root privileges because of the SYN
scan and the OS detection.
nmap -sX -p 22,53,110,143,4564 198.116.*.1-127
Sends an Xmas tree scan to the first half of each of the 255 possible 8
bit subnets in the 198.116 class "B" address space. We are testing
whether the systems run sshd, DNS, pop3d, imapd, or port 4564. Note
that Xmas scan doesn’t work on Microsoft boxes due to their deficient
TCP stack. Same goes with CISCO, IRIX, HP/UX, and BSDI boxes.
nmap -v --randomize_hosts -p 80 *.*.2.3-5
Rather than focus on a specific IP range, it is sometimes interesting
to slice up the entire Internet and scan a small sample from each
slice. This command finds all web servers on machines with IP
addresses ending in .2.3, .2.4, or .2.5. If you are root you might as
well add -sS. Also you will find more interesting machines starting at
127. so you might want to use "127-222" instead of the first asterisks
because that section has a greater density of interesting machines
(IMHO).
host -l company.com | cut -d -f 4 | ./nmap -v -iL -
Do a DNS zone transfer to find the hosts in company.com and then feed
the IP addresses to nmap. The above commands are for my GNU/Linux box.
You may need different commands/options on other operating systems.
而且我这个人属于投机取巧的人.每次达到目的后就不深入钻研了.
所以自己的技术一直没有什么长进.大家可千万别学习我啊.应该多和白金学习学习.他们的技术都比我好. |
|
免费注册
楼主: whd
发表于 2005-10-13 08:54
发表于 2005-10-13 09:51
