This is the 30th day of my participation in the More Text Challenge. For more details, see more text Challenge
A lifelong learner, practitioner, and sharer committed to the path of technology, an original blogger who is busy and sometimes lazy, and a teenager who is occasionally boring and sometimes humorous.
Welcome to search “Jge’s IT Journey” on wechat!
I used this port scanning tool on Linux
preface
In order to protect the computer from attacks and various viruses, Trojan, in fact, we can take measures on the network equipment, to block some data packets, filtering, etc., but it is important that users need to have a certain awareness, take measures to protect their computer security;
In addition to using the netstat, natcat, and lsof commands to view the state of the machine, what other methods can be used to view the state of the machine?
What is a network port?
Network port: A channel through which the transport layer protocol TCP or UDP communicates with various application layer protocols. Both TCP and UDP data packet headers use a 16-bit domain to store the destination port number and source port number. The maximum value is 65535.
Two ways to use the network port
- A program listens to a port and waits for the host to send packets to this port. Once the data is generated, the application will react.
- Actively sending packets to other computers through a certain port;
3. Netstat, netCAT, and LSOF Example for viewing the port status
netstat
Command format: netstat [- option 1] [- option 2]…
Common parameters:
- -l: Displays the listening TCP and UDP ports.
- -a: displays all active TCP connections.
- -A < network type > or – < Network type > lists the related addresses in the connection of the network type.
- -n: indicates the address and port number in numeric format.
- -s: displays the statistics of all protocols.
- -r: displays the IP routing table.
- -p: displays the identification code and program name of each active connection program in use;
- -i: displays the statistics of network interfaces.
- -t: displays only the TCP connection and port listening status.
- -u: displays only the listening status of ports related to UDP.
- -w: Displays only the original interface status.
/ root @ localhost ~ # netstat anpt | grep TCP 631 0 0 127.0.0.1:0.0.0.0:631 * 1218 / cupsd TCP 0 0: LISTEN: 1:6 31: : : * LISTEN 1218/cupsdCopy the code
netcat
Nc-vv IP port id: indicates whether a port with this IP address is in the normal state.
Nc-z IP Port number; echo $? : indicates whether a port of the IP address is incorrect (0: yes, 1: no).
[root@localhost ~]# nc -vv 192.168.1.127 22 Connection to 192.168.1.127 22 port [TCP/SSH] Succeeded! Ssh-2.0-openssh_5.3 [root@localhost ~]# nc-z 192.168.1.127 22; echo $? Connection to 192.168.1.127 22 port [TCP/SSH] Succeeded! 0 [root@localhost ~]# nc-vv 192.168.1.127 3306 NC: connect to 192.168.1.127 port 3306 (TCP) failed: Connection refusedCopy the code
lsof
Lsof Syntax format: lsof -i: indicates the port number
[root@localhost ~]# lsof -i:631 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME cupsd 1218 root 6u IPv6 12257 0t0 TCP localhost:ipp (LISTEN) cupsd 1218 root 7u IPv4 12258 0t0 TCP localhost:ipp (LISTEN) cupsd 1218 root 9u IPv4 12261 0t0 UDP *:ippCopy the code
Above several ways, although is a method of implementation, the next is today I want to share with you the NMAP port scanning tool ~
Introduction to NMAP
NMAP is a free and open source network scanning and host monitoring tool. It is mainly used to scan the network ports of a group of hosts and all programs between servers need to provide external services through the network ports. With common port numbers such as 21 (FTP), 22 (SSH), 80 (HTTP), and so on, we can get a lot of information from the ports that these servers open.
NMAP is also a common network security tool. Before an attack, hackers usually use this tool to search for the target and the network port information of the target host, so that they can attack by other means.
So, we can also detect the security performance of the network through this kind of tools to prevent attacks.
Website address: nmap.org/
Five, NMAP features
- flexible
- powerful
- portable
- simple
- Free and open source
Format of the NMAP command
Nmap [Scan type] [Scan Options] < Target >
7. Basic operation of NMAP parameters
Nmap 127.0.0.1 without any parameters will scan the open ports and service names of 127.0.0.1 hosts by default.
[root@localhost ~]# nmap 127.0.0.1 Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:59 CST nmap Scan report for Localhost (127.0.0.1) Host is up (0.0000040s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 631/tcp open ipp Nmap done: 1 IP address (1 host up) Scanned in 0.08 secondsCopy the code
Use the -st parameter to try to establish a connection with each TCP port on the target host and observe which ports are open and what services are running.
For example: Scan GitHub to see what ports are open.
[root@localhost ~]# nmap -sT www.github.com Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:24 CST nmap scan Report for www.github.com (52.74.223.119) Host is up (0.15s latency). RDNS record for 52.74.223.119: ec2-52-74-223-119.ap-southeast-1.compute.amazonaws.com Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 9418/tcp open git Nmap done: 1 IP address (1 host up) Scanned in 70.72 secondsCopy the code
Scan the specified IP to see what open ports exist.
[root@localhost ~]# nmap -sT 220.181.38.150 Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:40 CST nmap scan Report for 220.181.38.150 Host is up (0.0056s latency). Not shown: 999 Filtered Ports PORT STATE SERVICE 443/ TCP Open HTTPS Nmap done: 1 IP address (1 Host up) Scanned in 4.64 secondsCopy the code
- -o: detects the host operating system.
- -sV parameter: detects software running on the port;
Through the combination of the above two parameters, what software is running on the host operating system and the scanned port of Baidu website?
After scanning, we can see that ports 80 and 443 are running Microsoft Windows UPnP.
[root@localhost ~]# sudo nmap-o-SV www.baidu.com Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:32 CST nmap Scan report for www.baidu.com (220.181.38.150) Host is up (0.015s latency). Other addresses for www.baidu.com (not Scanned) : 220.181.38.149 Not to: 998 filtered ports PORT STATE SERVICE VERSION 80/tcp open upnp Microsoft Windows UPnP 443/tcp open ssl/upnp Microsoft Windows UPnP Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: switch Running: HP embedded OS details: HP 4000M ProCurve switch (J4121A) Service Info: OS: Windows OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) Scanned in 22.87 secondsCopy the code
In addition to scanning domain names, you can also scan for software running on specified host operating systems and ports using IP addresses.
[root@localhost ~]# sudo nmap-o-SV 220.181.38.150 Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:35 CST nmap Scan Report for 220.181.38.150 Host is up (0.015s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 80/tcp open upnp Microsoft Windows UPnP 443/tcp open ssl/upnp Microsoft Windows UPnP Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: switch Running (JUST GUESSING): HP embedded (86%) Aggressive OS guesses: HP 4000M ProCurve switch (J4121A) (86%) No exact OS matches for host (test conditions non-ideal). Service Info: OS: Windows OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) Scanned in 21.82 secondsCopy the code
- -ss: Sends TCP SYN packets to a target port and determines whether the port is in the listening state according to different responses from the target.
[root@localhost ~]# nmap -ss www.github.com Starting nmap 5.51 (http://nmap.org) at 2019-05-28 05:03 CST nmap scan Report for www.github.com (13.229.188.59) Host is up (0.15s latency). RDNS Record for 13.229.188.59: ec2-13-229-188-59.ap-southeast-1.compute.amazonaws.com Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 9418/tcp open git Nmap done: 1 IP address (1 host up) Scanned in 32.39 secondsCopy the code
- -sA indicates TCP ACK scanning. It only determines the rule set of the firewall and does not scan the port of the target host.
[root@localhost ~]# nmap -sa www.newrank.cn Starting nmap 5.51 (http://nmap.org) at 2019-05-28 05:25 CST nmap scan Report for www.newrank.cn (47.99.2.204) Host is up (0.029s Latency). All 1000 SCANNED ports on www.newrank.cn (47.99.2.204) are FILTERED Nmap done: 1 IP address (1 host up) Scanned in 17.63 secondsCopy the code
- The -sw parameter is similar to the TCP ACK scan. It can detect open ports.
[root@localhost ~]# nmap -sw www.newrank.cn Starting nmap 5.51 (http://nmap.org) at 2019-05-28 05:55 CST nmap scan Report for www.newrank.cn (47.99.2.204) Host is up (0.032s Latency). All 1000 SCANNED ports on www.newrank.cn (47.99.2.204) are filtered Nmap done: 1 IP address (1 host up) Scanned in 46.43 secondsCopy the code
- -pn forces NMAP to scan such hosts.
[root@localhost ~]# nmap-st-pn 220.181.38.150 Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:41 CST nmap scan Report for 220.181.38.150 Host is up (0.0053s latency). Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) Scanned in 4.00 secondsCopy the code
[root@localhost ~]# nmap-st-pN-p1-5000 192.168.1.127 Starting nmap 5.51 (http://nmap.org) at 2019-05-27 10:51 CST Nmap Scan report for 192.168.1.127 Host is up (0.00058s latency). Not shown: 4998 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind Nmap done: 1 IP address (1 host up) Scanned in 0.25 secondsCopy the code
In addition to the above parameters, there are some less commonly used parameters.
Such as:
- -sf: sends A TCP FIN packet to the target and makes a judgment based on the response of the target.
[root@localhost ~]# nmap -sF www.newrank.cn
Copy the code
- -sx: sends A TCP NULL packet to the target and makes a judgment based on the response of the target.
[root@localhost ~]# nmap -sX www.newrank.cn
Copy the code
- -sn: Sends FIN, PSH, and URG packets to the target, and determines packets based on the target response.
[root@localhost ~]# nmap -sN www.newrank.cn
Copy the code
- -sr: indicates whether the port is an RPC port.
[root@localhost ~]# nmap -sR www.newrank.cn
Copy the code
- -sU: indicates which UDP ports are open.
[root@localhost ~]# nmap -sU www.newrank.cn
Copy the code
- -sP: sends TCP ACK packets to the target. If there is a response, the target is active.
[root@localhost ~]# nmap -sP www.newrank.cn
Copy the code
Original is not easy, if you think this article is a little useful to you, please give me a like, comment or forward for this article, because this will be my power to output more quality articles, thanks!
By the way, dig friends remember to give me a free attention yo! In case you get lost and you can’t find me next time.
See you next time!