NMAP - A Stealth Port Scanner--reference

The final note I will add to this answer is that use of the Idle scan method (-sI) means that not a single packet is sent to the victim from your IP (provided you also use the -P0 option to turn off pings). This is the ultimate in stealth as there is absolutely no way the victim can determine that your IP is responsible for the scan (short of obtaining log information from the host you used as part of your idle scan).

The timing options can make it take a very long time. I believe the -T Paranoid ( -T 0 )option waits up to 5 minutes between packets... now,for 65000 ports,thats 65000 x 5 = 325000 minutes = 225 days!!

-T Sneaky ( -T 1 ) waits up to 15 seconds between scans,and is therefore more useful; but scans will still take a long while! You can use -v to get more verbose output,which will alert you as to the progress of the scan. Using -v twice makes the output even more verbose.

-sN -sX and -sF scans will work against any host,but Windows computers do not respond correctly to them,so scanning a Windows machine with these scans results in all ports appearing closed. Scanning a *nix or other system should work just fine,though. As I said in the main tutorial,-sX -sF and -sN are commonly used to determine if you’re scanning a Windows host or not,without using the -O fingerprinting option.

The Nmap manual page should help to determine which scans work alongside which options,and on which target systems they are most effective.

You simply have to scan for hosts using sequential IPID sequences,these are (often) suitable for use as a dummy host for the -sI Idle Scan.

When Nmap starts,it tries to ping the host to check that it is online. Nmap also gains timing information from this ping. If the remote host,or a system on the path between you and the remote host,is blocking pings,this ping will not be replied to,and Nmap will not start scanning. Using the -P0 option,you can turn off ping-on-start and have Nmap try to scan anyway.

NmapFE is a graphical front-end for Nmap.

NmapFE for UNIX/Linux is included in the Nmap source. NmapFE for OSX is available at?http://faktory.org/m/software/nmap/?NmapFE for Windows is under development as part of NmapFE++,a new frontend for Linux,OSX and Windows. Information is available at?http://www.insecure.org/nmap/SoC/NmapFE.html

This document is copyright ?2003-2009,Andrew J. Bennieston. This document is provided in several formats,including LaTeX source,and it may be freely redistributed in any form,providing no changes are made to the content. The latest version can always be found at?http://nmap.org/bennieston-tutorial/

（编辑：财气旺网 - 财气网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!