nmap(1) Nmap nmap - nmap [ ...] [] { } Nmap (<>) - . , . Nmap "" IP , , ( ) , ( ) , / . , Nmap , , , . Nmap . << >>. , , . open (), filtered (), closed () unfiltered ( ). , / . , , , - , Nmap . , . , Nmap, Nmap . Nmap | |, , . , . IP (-sO), Nmap , . Nmap : DNS , , MAC . Nmap 1. , - -A, , ; -T4 ; . 1. Nmap # nmap -A -T4 scanme.nmap.org playground Starting Nmap ( https://nmap.org ) Interesting ports on scanme.nmap.org (64.13.134.52): (The 1663 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 53/tcp open domain 70/tcp closed gopher 80/tcp open http Apache httpd 2.0.52 ((Fedora)) 113/tcp closed auth Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.4.7 - 2.6.11, Linux 2.6.0 - 2.6.11 Interesting ports on playground.nmap.org (192.168.0.40): (The 1659 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 389/tcp open ldap? 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 1002/tcp open windows-icfw? 1025/tcp open msrpc Microsoft Windows RPC 1720/tcp open H.323/Q.931 CompTek AquaGateKeeper 5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC port: 5900) 5900/tcp open vnc VNC (protocol 3.8) MAC Address: 00:A0:CC:63:85:4B (Lite-on Communications) Device type: general purpose Running: Microsoft Windows NT/2K/XP OS details: Microsoft Windows XP Pro RC1+ through final release Service Info: OSs: Windows, Windows XP Nmap finished: 2 IP addresses (2 hosts up) scanned in 88.392 seconds Nmap https://nmap.org. Nmap (man page) https://nmap.org/book/man.html. (Guz Alexander) Nmap 6184 [1]. , Nmap , , . () Creative Commons Attribution License[2]. (Mark Brutsky) Nmap 6184 [1]. , Nmap , , . () Creative Commons Attribution License[2]. , Nmap - ; https://nmap.org/data/nmap.usage.txt. , , . . Nmap 4.76 ( https://nmap.org ) : nmap [() ] [] { } : , IP , .. : scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL <__>: / -iR <_>: --exclude <1[,2][,3],...>: / --excludefile <_>: /, : -sL: - -sP: - , -PN: - -PS/PA/PU [_]: TCP SYN/ACK UDP -PE/PP/PM: ICMP- , -PO [_]: IP -n/-R: DNS / [ : ] --dns-servers <1[,2],...>: DNS --system-dns: DNS- : -sS/sT/sA/sW/sM: TCP SYN/ Connect()/ACK/Window/Maimon -sU: UDP -sN/sF/sX: TCP Null, FIN Xmas --scanflags <>: TCP -sI <_[:]>: "" (Idle) -sO: IP -b >: FTP bounce --traceroute: --reason: , Nmap : -p <_>: : -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 -F: - -r: - --top-ports <_>: <_> --port-ratio <>: , <> : -sV: / --version-intensity <>: 0 () 9 ( ) --version-light: ( 2) --version-all: ( 9) --version-trace: ( ) : -sC: --script=default --script=>: > - , --script-args=<1=1,[2=2,...]>: --script-trace: --script-updatedb: : -O: --osscan-limit: "" --osscan-guess: : , <>, , 's' (), 'm' (), 'h' () (. 30m). -T[0-5]: ( - ) --min-hostgroup/max-hostgroup <_>: --min-parallelism/max-parallelism <_>: --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <>: --max-retries <_>: --host-timeout <>: --scan-delay/--max-scan-delay <>: --min-rate <>: <> --max-rate <>: <> /IDS: -f; --mtu <>: ( MTU) -D <_1,_2[,ME],...>: -S >: -e <>: -g/--source-port <_>: --data-length <>: --ip-options <>: ip --ttl <>: IP time-to-live ( ) --spoof-mac // >: MAC --badsum: TCP/UDP : -oN/-oX/-oS/-oG <>: , XML, s| Grepable , , -oA <__>: -v: ( ) -d[]: ( 9) --open: ( ) --packet-trace: --iflist: ( ) --log-errors: / --append-output: , --resume <_>: --stylesheet </URL>: XSL XML HTML --webxml: Nmap.Org --no-stylesheet: XSL XML : -6: IPv6 -A: , --datadir <_>: Nmap --send-eth/--send-ip: Ethernet/IP --privileged: , --unprivileged: , -V: -h: : nmap -v -A scanme.nmap.org nmap -v -sP 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -PN -p 80 , MAN Nmap , ( ), . IP . . Nmap CIDR . /- IP Nmap IP , - . , 192.168.10.0/24 256 192.168.10.0 (: 11000000 10101000 00001010 00000000) 192.168.10.255 (: 11000000 10101000 00001010 11111111) . 192.168.10.40/24 . , IP scanme.nmap.org 64.13.134.52, scanme.nmap.org/16 65,536 IP 64.13.0.0 64.13.255.255. /0, . /32, IP , .. . CIDR , . , 192.168.0.0/16, IP-, .0 .255, .. . Nmap . IP , , . , 192.168.0-255.1-254 .0 .255. : 0-255.0-255.13.37 13.37. . IPv6 , IPv6 . CIDR IPv6 , .. . Nmap , . nmap scanme.nmap.org 192.168.0.0/16 10.0.0,1,3-7.0-255 , . , : -iL _ ( ) _. , . , DHCP 10,000 , . , , IP , , IP . Nmap -iL. Nmap (IP , , CIDR, IPv6, ). , . (-) , , Nmap , . -iR - ( ) - , , , . - IP . IP , , . 0 . , . ! , nmap -sS -PS80 -iR 0 -p 80 -. --exclude 1[,2[,...]] ( /) , , . Nmap, , CIDR , .. , , , , , , . --excludefile _ ( ) , --exclude, , , , . ( ) IP . IP . , . , , , , IP . ICMP , , , . , , Nmap . (ping scan), ICMP ping . (-sL) (-PN), TCP SYN/ACK, UDP ICMP . , , IP ( ). IP . 10.0.0.0/8. 16 . IP , , , . IP . , Nmap TCP ACK 80 ICMP . ARP . Unix , ACK SYN connect -PA -PE. , . -P* ( ) . , TCP / ICMP . , -P* , ARP (-PR), .. . Nmap . , , , UDP (-PU). -sP, , , -PN, . : -sL ( ) "" , - . Nmap DNS . , . , fw.chi . Nmap IP . , IP . , , , . .. , , , . , , -PN. -sP ( ) Nmap ( ), , .. , . NSE , , ( ) . , , . . , , , IP , -sL. . . " " (ping sweep) , , , , .. . -sP ICMP TCP ACK 80. , SYN ( connect) 80 . , ARP , --send-ip. -sP -P* ( -PN). - , (ACK ) . Nmap , . , .. . -PN ( ) Nmap . , Nmap , . Nmap , , . -PN, Nmap IP . , B (/16), 65,536 IP . .. , Nmap , IP . ARP ( --send-ip), .. Nmap MAC . P0 ( ), , IP PO ( O). -PS _ (TCP SYN ) TCP SYN . - 80 ( DEFAULT_TCP_PROBE_PORT_SPEC nmap.h). . -p , T: . : -PS22 -PS22-25,80,113,1050,35000. , -PS . , . SYN , . , RST () . , 3- TCP SYN/ACK TCP . , Nmap, RST ACK, . RST , Nmap, SYN/ACK , Nmap. Nmap . RST SYN/ACK , Nmap , . Unix , root, , TCP . connect. SYN . connect ECONNREFUSED, TCP SYN/ACK RST , . (timeout), . IPv6, .. IPv6 Nmap. -PA _ (TCP ACK ) . , , SYN TCP ACK . ACK TCP , , RST , . -PA , SYN (80), . IPv6, connect . , .. connect ACK SYN. , Nmap (SYN ACK), . SYN , , . , . / . --syn. , SYN (-PS), , . ACK, .. . . , . Linux Netfilter/iptables --state, . SYN, .. ACK . , SYN ACK -PS -PA. -PU _ (UDP ) UDP , ( --data-length) UDP . , -PS -PA. , 31338. DEFAULT_UDP_PROBE_PORT_SPEC nmap.h. , .. . UDP ICMP " ". Nmap , . ICMP , / TTL , . . , . 31338, .. - . , Character Generator (chargen) protocol, UDP , Nmap , . , , TCP . , Linksys BEFW11S4. TCP , UDP " ", . -PE; -PP; -PM ( ICMP) TCP UDP , Nmap , ping. Nmap ICMP 8 ( ) IP , 0 ( ). , , , RFC 1122[3]. ICMP . , . -PE, . Nmap . ICMP (RFC 792[4]) , 13, 15 17 . , - , , . , , . Nmap , .. . RFC 1122 , << >>. -PP -PM . (ICMP 14) ( 18) , . , , , ICMP . -PO _ ( IP ) IP , IP , . , TCP UDP. , IP ICMP ( 1), IGMP ( 2) IP-in-IP ( 4). DEFAULT_PROTO_PROBE_PORT_SPEC nmap.h. , ICMP, IGMP, TCP ( 6) UDP ( 17), "" , IP ( --data-length). , ICMP , , . , . -PR (ARP ) Nmap (LAN). , , RFC 1918[5], IP . Nmap IP , ICMP , MAC- (ARP) IP, . , .. , ARP . ARP Nmap ARP . Nmap , , IP . ARP . . ( -PE -PS), Nmap ARP . , --send-ip. --traceroute ( ) , , . connect (-sT) "" (idle) (-sI). Nmap . TTL (time-to-live (-) ICMP Time Exceeded ( ) . TTL 1, , . Nmap TTL, TTL , 0. Nmap "" . Nmap 5-10 , . (. 192.168.0.0/24), . --reason ( ) , - , . , . , RST . , Nmap, . SYN SYN (-sS -PS) , TCP (-sT) connect. (-d), XML , . -n ( DNS ) Nmap DNS IP . DNS Nmap IP , . -R ( DNS ) Nmap DNS IP . DNS . --system-dns ( DNS ) Nmap IP , , . ( ) . , IP ( IP getnameinfo). , , Nmap ( , , ). IPv6. --dns-servers server1[,server2[,...]] ( DNS) Nmap DNS ( rDNS) resolv.conf (Unix) (Win32). . , --system-dns IPv6. DNS , IP . , .. DNS . . rDNS , , . 53 ( ), (-sL) --dns-servers , , . Nmap , , - . nmap 1660 TCP . , Nmap . : , , , , | |. , , Nmap . , , , , 135/tcp , , . Nmap (open) TCP UDP . . , . , , . , , .. . (closed) ( Nmap), - . , IP ( , ping ), . .. , , .. . . , . (filtered) Nmap , , .. Nmap . , . , .. . ICMP , 3 13 (destination unreachable: communication administratively prohibited ( : )), , - . Nmap , , , . . (unfiltered) , , Nmap . ACK , , . , Window , SYN FIN , . | (open|filtered) Nmap , . , . , . Nmap . UDP, IP , FIN, NULL, Xmas . | (closed|filtered) , Nmap . IP ID idle . , (, , ..) - . , , - , , . . ( ). script kiddies, SYN . .. Nmap , . , , - , - , . , , root Unix . Windows , Nmap , WinPcap. root , Nmap 1997, .. . . , , Unix ( Linux Mac OS X) . Windows Nmap, . , Nmap . , .. Nmap . Nmap , , , ( ). Nmap . RFC , Nmap , . FIN, NULL Xmas . , . Nmap. ; UDP (-sU), TCP . , -sC, C - , . FTP bounce (-b). Nmap SYN ; ( root Unix), IPv6. , FTP bounce . -sS (TCP SYN ) SYN . . , , . , .. TCP . TCP , - , FIN/NULL/Xmas, Maimon idle . , . , .. TCP . SYN , . SYN/ACK , (), RST () , . , . , ICMP ( 3, 1,2, 3, 9, 10 13). -sT (TCP connect) TCP , SYN . , IPv6 . , , , Nmap "" connect. , , P2P . , Berkeley Sockets API. , , Nmap API . SYN , , , . Nmap connect , . , , , SYN . , . IDS, . Unix (syslog), , Nmap . , , . , , , . -sU ( UDP ) TCP , UDP[6] . DNS, SNMP DHCP ( 53, 161/162 67/68). .. UDP TCP, . , .. UDP , . , Nmap UDP . UDP -sU. - TCP , SYN (-sS), . UDP ( ) UDP . ICMP ( 3, 3), . ICMP ( 3, 1, 2, 9, 10 13) , . , UDP , , . , |. , , , , . (-sV) . UDP . - , Nmap , . . ICMP . RST TCP SYN , ICMP . Linux Solaris . , Linux 2.4.20 ( net/ipv4/icmp.c). Nmap , , . , Linux ( ) 65,536 18 . UDP : , , - --host-timeout . -sN; -sF; -sX (TCP NULL, FIN Xmas ) ( --scanflags ) TCP RFC[7], . 65 RFC 793 , << .... RST RST .>> , SYN, RST ACK, : << , , .>> RFC, , SYN, RST ACK, RST , , , . .. , (FIN, PSH URG) . Nmap : Null (-sN) ( TCP 0) FIN (-sF) TCP FIN . Xmas (-sX) FIN, PSH URG . , TCP . RST , , , |. , ICMP ( 3, 1, 2, 3, 9, 10 13). (non-stateful) . , , SYN . - IDS . , RFC 793 . RST , . , . Microsoft Windows, Cisco, BSDI IBM OS/400. , Unix. , .. |. -sA (TCP ACK ) , open ( |). , , . ACK ( --scanflags). , RST . Nmap , , ACK , . , ICMP ( 3, 1, 2, 3, 9, 10 13), . -sW (TCP Window ) , ACK , , , , RST . TCP Window RST . ( RST ), - . , RST , Window , TCP Window . , . , , . , , . , ( 22, 25, 53) , . , . 1000 3 , 3 . -sM (TCP (Maimon)) , (Uriel Maimon). Phrack Magazine, #49 ( 1996). Nmap . NULL, FIN Xmas , FIN/ACK. RFC 793[7] (TCP), RST , . , , BSD , . --scanflags ( TCP ) Nmap . --scanflags TCP . , , Nmap, ! --scanflags , , 9 (PSH FIN ), . URG, ACK, PSH, RST, SYN FIN. , --scanflags URGACKPSHRSTSYNFIN , . . , TCP (, -sA -sF). Nmap , . , SYN , FIN - |. Nmap , TCP . , SYN. -sI _[:] ("" idle ) TCP ( , IP ). , ID IP . IDS , ( ). , https://nmap.org/book/idlescan.html. ( ), IP . . , , , ( / ). , . 80. , nmap-services. * ? . , ftp http -p ftp,http*. -p . ; , nmap-services. , nmap-services 1024: -p [-1024]. -p . -sO ( IP ) , IP (TCP, ICMP, IGMP ..) . , .. IP TCP UDP . -p , , , . . , (open-source software). , Nmap, . , 2000-, (Gerhard Rieger) , nmap-hackers . Nmap . , ! UDP . , UDP , , IP , 8 IP . , . TCP, UDP ICMP. , .. , Nmap . , ICMP , ICMP . Nmap , . ICMP ( 3, 2) . ICMP ( 3, 1, 3, 9, 10 13) ( , ICMP ). , | . .RE -b FTP (FTP bounce ) FTP (RFC 959[8]) FTP . FTP , . , . , FTP . FTP . : . , .. FTP , - . Nmap -b. _:@:. - IP FTP . URL, _:, (: anonymous :-wwwuser@). ( ) ; FTP (21) . 1997, Nmap, . - , , , . , 21 ( FTP , ), . Nmap , . , (, , ) . FTP , , . , Nmap , : . , Nmap 1024 , nmap-services , . -p ( ) , . , (. 1-1023). / , Nmap 1 65535 . -p-, 1 65535. , . IP (-sO), , (0-255). TCP UDP , T: U:. , . , -p U:53,111,137,T:21-25,80,139,8080 UDP 53,111, 137, TCP . , UDP TCP , -sU , , TCP ( -sS, -sF -sT). , . , nmap-services. ? * . , FTP , <>, -p ftp,http*. -p . , , nmap-services. , nmap-services 1024: -p [-1024]. -p . -F ( ( ) ) , , nmap-services, Nmap ( -sO). , 65535 . .. TCP ( 1200), TCP ( 1650 ) . , nmap-services --servicedb --datadir . -r ( ) , Nmap ( , ). , -r, . --port-ratio < 0 1> nmap-services, , ( nmap-services). --top-ports < 1 > N , nmap-services ( nmap-services). Nmap , 25/tcp, 80/tcp, 53/udp . nmap-services, 2200 , Nmap , (SMTP), (HTTP), (DNS) . , .. , 25 TCP , , . , ! . Nmap , - SMTP, HTTP DNS , . ( ) , , DNS . , . . - TCP / UDP , Nmap "" , , () . nmap-service-probes . Nmap (. FTP, SSH, Telnet, HTTP), (e.g. ISC BIND, Apache httpd, Solaris telnetd), , , (. , ), (. Windows, Linux) X , SSH, KaZaA. , . Nmap OpenSSL, SSL, , . RPC, Nmap (-sR) RPC . UDP |, . Nmap ( ), , , | TCP . , Nmap -A . , https://nmap.org/book/vscan.html. Nmap , - , URL, , , . , , .. . , Nmap 3000 350 , SMTP, FTP, HTTP .. : -sV ( ) , . -A, . --allports ( ) , TCP 9100, , , HTTP GET , SSL .. Exclude nmap-service-probes, --allports, Exclude . --version-intensity ( ) (-sV), Nmap , 1 9. , . , . , . , . 0 9. 7. nmap-service-probes ports, . , DNS 53, SSL - 443 .. --version-light ( ) --version-intensity 2. , . --version-all ( ) --version-intensity 9, . --version-trace ( ) Nmap . , --packet-trace. -sR (RPC ) Nmap. TCP/UDP NULL SunRPC , RPC , , ( ) . , rpcinfo -p, (portmapper) ( TCP ). RPC (-sV). .. , -sR . Nmap TCP/IP. Nmap TCP UDP . TCP ISN , TCP, IP ID , , Nmap nmap-os-db , , , . , (. Sun), (. Solaris), (. 10), (). OS, and a classification which provides the vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 10), and device type ( , , (switch), ..). Nmap , (, , ), Nmap URL, , , , . Nmap, . , . TCP (TCP Sequence Predictability Classification). , TCP . , (rlogin, ..) . (spoofing) , . , , . < )>> < )>>. (-v). -O, IP ID . <)>>, , ID IP . (spoofing) . . (timestamp) TCP (RFC 1323[9]) Nmap , . , .. , - . . , https://nmap.org/book/osdetect.html. : -O ( ) , . -A, . --osscan-limit ( "" ) , , , TCP . , Nmap , . , -PN . -O -A. --osscan-guess; --fuzzy ( ) Nmap , . Nmap , . () Nmap . Nmap - , , ( ) . --max-os-tries ( ) Nmap , . , Nmap , , - . --max-os-tries (. 1) Nmap, , , , . . , , Nmap. Nmap(NSE - Nmap Scripting Engine) Nmap (NSE) Nmap. ( ) ( Lua[10], ) . Nmap. , Nmap, . , , , , . NSE . , , . : safe, (intrusive), malware, version, discovery, vuln, auth default. https://nmap.org/book/nse-usage.html#nse-categories. Nmap https://nmap.org/book/nse.html : -sC . --script=default. intrusive () . --script -||_|all ( -sC) , . Nmap , ( ) . . , . : --datadir/; $NMAPDIR/; ~/.nmap/ ( Windows); NMAPDATADIR/ ./. scripts/ , , Nmap NSE ( .nse) . nse . Nmap . , nse. Nmap scripts - Nmap. , scripts/script.db, . Nmap all. "" (sandbox) . , . --script-args 1=1, 2={3=3}, 4=4 NSE . =. Lua , . ( - ) argument-table. ( `{' `}'). (, login/password). , : user=bar, password=foo anonFTP={password=nobody@foobar.com}. , id , .. . --script-trace , --packet-trace, ISO . , , , . , , . 5% , (hex) . --script-updatedb scripts/script.db, Nmap . , NSE scripts, - . : nmap --script-updatedb. Nmap . (nmap _) - . , , , . , , , UDP . , . Nmap , . Nmap , . , Nmap ( ). . . . , `s', `m' `h' , , . --host-timeout 900000, 900s 15m . --min-hostgroup _; --max-hostgroup _ ( ) Nmap . IP , . . , - , . , Nmap 50- , ( ), 50- . Nmap . 5- , , - 1024. . Nmap UDP TCP . --max-hostgroup, Nmap . --min-hostgroup, Nmap . Nmap , . , . . ping (-sP). . , . C 256. , . , 2048 . --min-parallelism _; --max-parallelism _ ( ) . . Nmap . , Nmap . , . . 1, , . --min-parallelism , . , .. . Nmap . 10- , . --max-parallelism . --scan-delay ( ), . --min-rtt-timeout , --max-rtt-timeout , --initial-rtt-timeout ( ) Nmap , , . , . , . () , Nmap . --max-rtt-timeout --initial-rtt-timeout . -PN, . . , , , , . , 100 --max-rtt-timeout. , ICMP ping hping2, . , , 10- . --initial-rtt-timeout --max-rtt-timeout. maximum RTT 100 , . 1000 . --min-rtt-timeout ; , , Nmap . Nmap , , , nmap-dev . --max-retries _ ( ) Nmap , , . , . , , . Nmap . Nmap , , . , . , . --max-retries 0, , . ( -T ) 10 . , , Nmap . --max-retries (, 3) . ( ) . , Nmap , --host-timeout, . --host-timeout ( ) . , . . . --host-timeout , . 30 , , Nmap . , Nmap , . , , . , . --scan-delay ; --max-scan-delay ( ) Nmap . . Solaris ( ) UDP ICMP . Nmap . --scan-delay 1 Nmap . Nmap , , , . Nmap , . --max-scan-delay . , . --scan-delay (IDS/IPS). --min-rate ( ) Nmap . , , , . --min-rate, Nmap , , . , . , --min-rate 300 , Nmap 300 . Nmap , . , . , , Nmap, . Nmap , ; , .. . , Nmap , , , , Nmap . , . . , , . , , , . , Nmap , , . , , . --max-retries, . --min-rate , , . . , , . --max-rate ( ) --min-rate --max-rate, . --max-rate 100, , 100 . --max-rate 0.1 - . --max-rate --min-rate , . . , . Nmap , . , --min-rate --max-rate . --defeat-rst-ratelimit ICMP ( ). RST (), . , .. Nmap . Nmap ( SYN, ) --defeat-rst-ratelimit. , .. Nmap RST ( ). SYN , , RST. , , . -T paranoid()|sneaky()|polite()|normal()|aggressive()|insane() ( ) , . , , . Nmap , . -T (0-5) . : paranoid() (0), sneaky() (1), polite() (2), normal() (3), aggressive() (4) insane() (5). IDS. (polite) . (normal) , -T3 . (aggressive) , , . , (insane) , . , , Nmap . , . , -T4 10 TCP , -T5 - 5 . ; , , . -T4 . , , , . ethernet , -T4. -T5, . -T2, , - , . , -T polite . . (-T3), . , . -T0 -T1 IDS, . , , -T0 -T1. T0 , . T1 T2 , 15 0.4 . T3 Nmap , . -T4 --max-rtt-timeout 1250 --initial-rtt-timeout 500 --max-retries 6 TCP 10 . T5 --max-rtt-timeout 300 --min-rtt-timeout 50 --initial-rtt-timeout 250 --max-retries 2 --host-timeout 15m TCP 5 . /IDS IP , . , . , - . . 1990- . , . . , , . , .. . , Nmap , . . - . . FTP bounce , idle , -. , (intrusion detection systems - IDS). , Nmap, .. . (intrusion prevention systems - IPS), , . IDS, . , Nmap IDS. , , . , Nmap IDS. , , . , - , Nmap. . FTP , FTP bounce . , IDS. . , . -f ( ); --mtu ( MTU) -f ( ) IP . , TCP , , . ! . Sniffit . , Nmap 8 IP . , 20- TCP 3 . 8 , - 4. , IP . -f , 16 ( ). --mtu. -f --mtu. 8. , IP , , CONFIG_IP_ALWAYS_DEFRAG Linux, . , . . Linux iptables . Wireshark , , . , --send-eth, IP ethernet . -D _1[,_2][,ME][,...] ( ) ; , . IDS , 5-10 IP , , IP , . , , IP . , ; ME IP . ME , (, Solar Designer's excellent Scanlogd) IP . ME, Nmap . RND , IP , RND: . , , , , . , , . IP ( , , ). ( ICMP, SYN, ACK ), . (-O). TCP . . .. , . . , ISP , IP . -S IP_ ( ) Nmap ( Nmap ). -S, IP , , . , "" , - . , ! , -e -PN. , ( IP ), Nmap - . -e ( ) Nmap, . Nmap , , . --source-port _; -g _ ( ) . . , , . , DNS, .. UDP DNS . FTP. FTP , , . , . , , , . , DNS 53 FTP 20, . , . , , , . . , . . Microsoft . IPsec, Windows 2000 Windows XP , TCP UDP 88 (Kerberos). : Zone Alarm 2.1.25 UDP 53 (DNS) 67 (DHCP). Nmap -g --source-port ( ) , . , Nmap . Nmap , ; DNS --source-port, .. Nmap . TCP , SYN , , UDP . --data-length ( ) Nmap , . TCP 40 , ICMP 28. Nmap . , (-O) , , , . , . --ip-options S|R []|L []|T|U ... ; --ip-options ( ip ) IP[11] , . TCP , IP . , , , , . . , , tracerout . - , . IP --ip-options. \x, . , . , \x01\x07\x04\x00*36\x01 , 36 NUL . Nmap . R, T U , . L S, , IP . , --packet-trace. IP Nmap, https://seclists.org/nmap-dev/2006/q3/0052.html. --ttl ( IP time-to-live ( ) IPv4 time-to-live . --randomize-hosts ( ) Nmap , 16384 , . , . , PING_GROUP_SZ nmap.h . IP (-sL -n -oN _), Perl Nmap -iL. --spoof-mac MAC , ( MAC ) Nmap MAC ethernet . , --send-eth , Nmap ethernet. MAC . 0, Nmap MAC . ( ), Nmap MAC . 12- , Nmap 6 . 0, , Nmap nmap-mac-prefixes , ( ). , Nmap OUI (3- ), 3 . --spoof-mac: Apple, 0, 01:02:03:04:05:06, deadbeefcafe, 0020F2 Cisco. , SYN , , Nmap Scripting Engine (NSE). --badsum ( TCP/UDP ) Nmap TCP UDP , . .. IP , IDS, . https://nmap.org/p60-12.html , . , . Nmap , .. , . Nmap , XML . , Nmap . , Nmap , . . Nmap . ,, (stdout). ,, , , , .. , , . XML , .. HTML, Nmap . grepable , , sCRiPt KiDDi3 0utPUt , |<-r4d. , . , . , . , , XML . -oX myscan.xml -oN myscan.nmap. myscan.xml, . ; , , , . , Nmap - . , nmap -oX myscan.xml target XML myscan.xml, , -oX . . , . nmap -oX - target XML. , stderr. Nmap, (, -oX) . -oG- -oXscan.xml, - Nmap G- Xscan.xml . strftime . %H, %M, %S, %m, %d, %y %Y strftime. %T %H%M%S, %R %H%M %D %m%d%y. %, (%% ). -oX 'scan-%T-%D.xml' XML scan-144840-121307.xml. Nmap , . . Nmap -oN _ ( ) . , . -oX _ (XML ) XML . Nmap (DTD), XML XML Nmap. , XML Nmap. DTD , , . https://nmap.org/data/nmap.dtd. XML , . XML , , C/C++, Perl, Python Java. Nmap. Nmap::Scanner[12] Nmap::Parser[13] Perl CPAN. - Nmap, XML . XML XSL , HTML. XML Firefox IE. , Nmap ( ) - nmap.xsl. --webxml --stylesheet XML HTML . -oS _ (ScRipT KIdd|3 oUTpuT) Script kiddie , , , l33t HaXXorZ, Nmap - . , script kiddies, , << >>. -oG _ (grepable ) , .. . XML , . XML , , grepable . XML Nmap , grepable - . , . , Unix grep, awk, cut, sed, diff Perl. . , SSH Solaris grep, awk cut . Grepable ( #) . 6 , . : , , , Ignored State, , Seq Index, IP ID . , . . , (/). : , , , , , SunRPC . XML , . https://nmap.org/book/output-formats-grepable-output.html. -oA __ ( ) -oA __, , XML grepable . __.nmap, __.xml __.gnmap . , , ~/nmaplogs/foocorp/ Unix c:\hacking\sco Windows. -v ( ) . Nmap , , . . ; script kiddie . , Nmap . , . , grepable , , , .. . -d [] ( ) , ! (-d), . , -d. , -d9 . , , . , , Nmap , , Nmap . .. , . - : Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 14987 ==> srtt: 14987 rttvar: 14987 to: 100000. , , , (nmap-dev). , . --packet-trace ( ) Nmap . , , Nmap. , , -p20-30. , , --version-trace. --open ( ( ) ) , ( ), , | . grep, awk Perl, Nmap. --open, , | . , , | , . --iflist ( ) , Nmap. (, , Nmap PPP ethernet). --log-errors ( / ) Nmap ( ), ( -oN). , . , - . - . , , .. Nmap . , Nmap , . --log-errors ( ) . Unix , Windows. --append-output ( , ) - (, -oX -oN) , . , , --append-output. , . XML (-oX), .. , . --resume _ ( ) Nmap - . . Nmap , , , Nmap , Nmap . , Nmap, - , ctrl-C. . , (-oN) grepable (-oG), , . --resume grepable . , .. Nmap . Nmap nmap --resume__. Nmap , . XML , .. XML . --stylesheet URL ( XSL XML ) Nmap XSL nmap.xsl XML HTML. XML xml-stylesheet, nmap.xml, , Nmap ( Windows). XML Nmap , nmap.xsl . , --stylesheet. URL. : --stylesheet https://nmap.org/data/nmap.xsl. Nmap.Org. --webxml , . XSL Nmap.Org , Nmap ( nmap.xsl). URL , nmap.xsl . --webxml ( Nmap.Org) --stylesheet https://nmap.org/data/nmap.xsl. --no-stylesheet ( XSL XML) , - XSL XML . xml-stylesheet . ( ) , . -6 ( IPv6 ) 2002 Nmap IPv6 . , ( TCP), IPv6. , -6. , IPv6, , . 3ffe:7501:4819:2000:210:f3ff:fe03:14d0, . , << >> IPv6 . IPv6 , ( ) , . Nmap IPv6, . ISP ( ) IPv6 , Nmap Tunnel Brokers. http://www.tunnelbroker.net. Wikipedia[14]. -A ( ) . , . (-O), (-sV), (-sC) (--traceroute). . , . , .. "", -A . , (timing) ( -T4) (-v), , , . --datadir _ ( Nmap) Nmap nmap-service-probes, nmap-services, nmap-protocols, nmap-rpc, nmap-mac-prefixes nmap-os-db. - ( --servicedb --versiondb), . Nmap , --datadir ( ). , Nmap , NMAPDIR . ~/.nmap UIDs ( POSIX ) Nmpa ( Win32), /usr/local/share/nmap /usr/share/nmap. Nmap . --servicedb _ ( ) Nmap nmap-services, Nmap. (-F). --datadir Nmap. --versiondb __ ( ) Nmap nmap-service-probes, Nmap. --datadir Nmap. --send-eth ( ethernet) Nmap ethernet, IP (). Nmap , . ( IP) Unix , ethernet Windows, .. Microsoft . Nmap - IP Unix , ( -ethernet ). --send-ip ( IP) Nmap IP , ethernet . --send-eth . --privileged (, ) Nmap, , , root Unix . Nmap , , geteuid . --privileged Linux , , . , ( SYN, ..). NMAP_PRIVILEGED --privileged. --unprivileged (, ) --privileged. Nmap, . , - . NMAP_UNPRIVILEGED --unprivileged. --release-memory ( ) . Nmap , . Nmap , . -V; --version ( ) Nmap . -h; --help ( ) . Nmap . Nmap, . . , . , , . `?'. v / V / d / D / p / P / ? - : Stats: 0:00:08 elapsed; 111 hosts completed (5 up), 5 undergoing Service Scan Service scan Timing: About 28.00% done; ETC: 16:18 (0:00:15 remaining) Nmap, . IP , . / .. , . . scanme.nmap.org. Nmap, . , , . , Nmap Failed to resolve given hostname/IP: scanme.nmap.org ( /IP: scanme.nmap.org). scanme2.nmap.org, scanme3.nmap.org, , , . nmap -v scanme.nmap.org TCP scanme.nmap.org . -v . nmap -sS -O scanme.nmap.org/24 SYN 255 << C>>, Scanme. . - SYN (root). nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127 TCP ( 255) 8 198.116 B. SSH, DNS, POP3 IMAP , - 4564. - , . nmap -v -iR 100000 -PN -p 80 Nmap 100,000 - ( 80). -PN, .. , . nmap -PN -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20 4096 IP ( ), XML , grep (grepable ). , Nmap . . Nmap , , https://nmap.org. , , -. https://insecure.org/search.html Google. nmap-dev https://seclists.org/. . , . , , Nmap , Nmap. Nmap , Fyodor'. nmap-dev , . https://nmap.org/mailman/listinfo/dev. . https://nmap.org/data/HACKING. nmap-dev () Fyodor'. Fyodor (https://insecure.org) Nmap. CHANGELOG, Nmap, https://nmap.org/changelog.html. Unofficial Translation Disclaimer / This is an unnofficial translation of the Nmap license details[15] into Russian. It was not written by Insecure.Com LLC, and does not legally state the distribution terms for Nmap -- only the original English text does that. However, we hope that this translation helps Russian speakers understand the Nmap license better. Nmap[15] . Insecure.Com LLC, Nmap -- . , , Nmap. Nmap Nmap Security Scanner (C) 1996-2008 Insecure.Com LLC. Nmap Insecure.Com LLC. ; / GNU General Public License, Free Software Foundation; 2 , . , . Nmap , ( ). , Nmap , , , , OS . , GPL << >>, . , , <<>>, : o Nmap o Nmap, , nmap-os-db nmap-service-probes. o Nmap, ( , Nmap .) o Nmap // , , , InstallShield. o , . <> Nmap . , . , Nmap. , Nmap. , Nmap https://nmap.org. , GPL, << >> GPL . , (Linus Torvalds) << >> Linux. Nmap, GPL . - GPL Nmap -GPL , . , Nmap . : , , Nmap . . GPL , Insecure.Com LLC OpenSSL , COPYING.OpenSSL, . GNU GPL , OpenSSL. , , . , , . Creative Commons License Nmap Nmap (C) 2005-2008 Insecure.Com LLC. Creative Commons Attribution License[2] 2.5. , . , , Nmap ( ). , , , , . ( ). Nmap , . . Fyodor' Insecure.Org, , Fyodor' Insecure.Com LLC , , . Nmap Open Source , , .. Free Software (, , KDE NASM). , . , , . , , - ; - - . GNU General Public License v2.0 http://www.gnu.org/licenses/gpl-2.0.html, COPYING, Nmap. , Nmap , TCP/IP . , . Nmap , . , Nmap , , Nmap. - - , Nmap , , . , , . Nmap (, suid root) . Apache Software Foundation[16]. Libpcap portable packet capture library[17] Nmap. Windows Nmap Libpcap WinPcap library[18]. PCRE library[19],, , (Philip Hazel). Libdnet[20], (Dug Song). Nmap. Nmap OpenSSL cryptography toolkit[21] SSL . Nmap (Nmap Scripting Engine) Lua[22]. BSD. U.S. Export Control: Insecure.Com LLC , Nmap U.S. ECCN ( ) 5D992. << 5D002>>. AT (-), , . Nmap - , . 1. https://nmap.org/book/man.html 2. Creative Commons Attribution License http://creativecommons.org/licenses/by/2.5/ 3. RFC 1122 http://www.rfc-editor.org/rfc/rfc1122.txt 4. RFC 792 http://www.rfc-editor.org/rfc/rfc792.txt 5. RFC 1918 http://www.rfc-editor.org/rfc/rfc1918.txt 6. UDP http://www.rfc-editor.org/rfc/rfc768.txt 7. TCP RFC http://www.rfc-editor.org/rfc/rfc793.txt 8. RFC 959 http://www.rfc-editor.org/rfc/rfc959.txt 9. RFC 1323 http://www.rfc-editor.org/rfc/rfc1323.txt 10. Lua http://lua.org 11. IP http://www.rfc-editor.org/rfc/rfc791.txt 12. Nmap::Scanner http://sourceforge.net/projects/nmap-scanner/ 13. Nmap::Parser http://nmapparser.wordpress.com/ 14. Wikipedia http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers 15. Nmap license details https://nmap.org/book/man-legal.html 16. Apache Software Foundation http://www.apache.org 17. Libpcap portable packet capture library http://www.tcpdump.org 18. WinPcap library http://www.winpcap.org 19. PCRE library http://www.pcre.org 20. Libdnet http://libdnet.sourceforge.net 21. OpenSSL cryptography toolkit http://www.openssl.org 22. Lua http://www.lua.org Nmap 03/31/2023 nmap(1)